Edit tour

Windows Analysis Report
baretail.exe

Overview

General Information

Sample name:	baretail.exe
Analysis ID:	1523429
MD5:	f3e7a015c1d541528085d3f9581ab41f
SHA1:	2aa7d3806d614fd9e1e6b099d134784a98b6dd9e
SHA256:	160d6a3bdc9d64677643376f82e559eb4112289e6b6d722b5b3b32699d18bca9
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates a process in suspended mode (likely to inject code)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Suspicious form URL found

Uses 32bit PE files

Classification

Process Tree

System is w10x64

baretail.exe (PID: 7264 cmdline: "C:\Users\user\Desktop\baretail.exe" MD5: F3E7A015C1D541528085D3F9581AB41F)

chrome.exe (PID: 7884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 8128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2116,i,5249147098069161101,3948763448879149394,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02

HTTP Parser: Form action: check.php

Source: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02

HTTP Parser: No favicon

Source: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02

HTTP Parser: No <meta name="author".. found

Source: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02

HTTP Parser: No <meta name="copyright".. found

Source: baretail.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:49739 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56

Source: global traffic	HTTP traffic detected: GET /register/?app=BareTail&ver=3.50a&build=2006-11-02 HTTP/1.1Host: www.baremetalsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /style.css HTTP/1.1Host: www.baremetalsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /register/poweredByWorldPay.gif HTTP/1.1Host: www.baremetalsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /baremetalsoftcom.gif HTTP/1.1Host: www.baremetalsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /baretailpro/BareTailPro2.gif HTTP/1.1Host: www.baremetalsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /baregreppro/BareGrepPro2.gif HTTP/1.1Host: www.baremetalsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /baretail/BareTail2.gif HTTP/1.1Host: www.baremetalsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /baregrep/BareGrep2.gif HTTP/1.1Host: www.baremetalsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /register/poweredByWorldPay.gif HTTP/1.1Host: www.baremetalsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /baremetalsoftcom.gif HTTP/1.1Host: www.baremetalsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /baregreppro/BareGrepPro2.gif HTTP/1.1Host: www.baremetalsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /baretailpro/BareTailPro2.gif HTTP/1.1Host: www.baremetalsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /baretail/BareTail2.gif HTTP/1.1Host: www.baremetalsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stats.php?request_uri=%2Fregister%2F%3Fapp%3DBareTail%26ver%3D3.50a%26build%3D2006-11-02&http_referer= HTTP/1.1Host: www.baremetalsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.baremetalsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stats.php?request_uri=%2Fregister%2F%3Fapp%3DBareTail%26ver%3D3.50a%26build%3D2006-11-02&http_referer= HTTP/1.1Host: www.baremetalsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /baregrep/BareGrep2.gif HTTP/1.1Host: www.baremetalsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.baremetalsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BDulGu1zv6d6dbs&MD=ORCsMFdb HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BDulGu1zv6d6dbs&MD=ORCsMFdb HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.baremetalsoft.com
Source: global traffic	DNS traffic detected: DNS query: www.worldpay.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: baretail.exe, 00000000.00000003.1376238488.000000000561B000.00000004.00000020.00020000.00000000.sdmp, baretail.exe, 00000000.00000003.1375360977.000000000561C000.00000004.00000020.00020000.00000000.sdmp, baretail.exe, 00000000.00000003.1376505273.000000000561C000.00000004.00000020.00020000.00000000.sdmp, baretail.exe, 00000000.00000003.1375266649.000000000561C000.00000004.00000020.00020000.00000000.sdmp, baretail.exe, 00000000.00000002.2495197778.000000000561C000.00000004.00000020.00020000.00000000.sdmp, baretail.exe, 00000000.00000003.1386369303.000000000561C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purl.oen
Source: baretail.exe	String found in binary or memory: http://www.baremetalsoft.com/
Source: baretail.exe	String found in binary or memory: http://www.baremetalsoft.com/?app=
Source: baretail.exe, 00000000.00000002.2493636110.00000000021E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.baremetalsoft.com/?app=BareTail&ver=3.50a&build=2006-11-02
Source: baretail.exe, 00000000.00000002.2493636110.00000000021E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.baremetalsoft.com/?app=BareTail&ver=3.50a&build=2006-11-02CE
Source: baretail.exe	String found in binary or memory: http://www.baremetalsoft.com/U
Source: chromecache_48.12.dr	String found in binary or memory: http://www.baremetalsoft.com/baregrep/index.php
Source: chromecache_48.12.dr	String found in binary or memory: http://www.baremetalsoft.com/baregreppro/index.php
Source: baretail.exe	String found in binary or memory: http://www.baremetalsoft.com/baretail/faq.php?app=
Source: chromecache_48.12.dr	String found in binary or memory: http://www.baremetalsoft.com/baretail/index.php
Source: baretail.exe	String found in binary or memory: http://www.baremetalsoft.com/baretail/index.php?app=
Source: baretail.exe, 00000000.00000002.2493636110.00000000021E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.baremetalsoft.com/baretail/licence.php
Source: baretail.exe, 00000000.00000002.2493636110.00000000021E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.baremetalsoft.com/baretail/licence.php?app=BareTail&ver=3.50a&date=2006-11-02
Source: baretail.exe, 00000000.00000002.2493636110.00000000021E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.baremetalsoft.com/baretail/licence.php?app=BareTail&ver=3.50a&date=2006-11-02erm
Source: baretail.exe	String found in binary or memory: http://www.baremetalsoft.com/baretail/usage.php?app=
Source: chromecache_48.12.dr	String found in binary or memory: http://www.baremetalsoft.com/baretailpro/index.php
Source: chromecache_48.12.dr	String found in binary or memory: http://www.baremetalsoft.com/contact/index.php
Source: chromecache_48.12.dr	String found in binary or memory: http://www.baremetalsoft.com/index.php
Source: chromecache_48.12.dr	String found in binary or memory: http://www.baremetalsoft.com/news/index.php
Source: chromecache_48.12.dr	String found in binary or memory: http://www.worldpay.com
Source: chromecache_48.12.dr	String found in binary or memory: https://secure.worldpay.com/global3/payment/default/help_en.html
Source: chromecache_48.12.dr	String found in binary or memory: https://secure.worldpay.com/global3/payment/default/help_faqs_en.html
Source: chromecache_48.12.dr	String found in binary or memory: https://secure.worldpay.com/global3/payment/default/help_security_en.html
Source: baretail.exe, chromecache_48.12.dr	String found in binary or memory: https://www.baremetalsoft.com/
Source: chromecache_48.12.dr	String found in binary or memory: https://www.baremetalsoft.com/baremetalsoftcom.gif
Source: baretail.exe	String found in binary or memory: https://www.baremetalsoft.com/register/?app=
Source: baretail.exe, 00000000.00000002.2492873352.0000000000681000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02
Source: baretail.exe, 00000000.00000002.2492873352.0000000000681000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02I
Source: baretail.exe, 00000000.00000002.2492873352.0000000000681000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02h
Source: chromecache_48.12.dr	String found in binary or memory: https://www.baremetalsoft.com/register/poweredByWorldPay.gif
Source: chromecache_48.12.dr	String found in binary or memory: https://www.baremetalsoft.com/stats.php?request_uri=%2Fregister%2F%3Fapp%3DBareTail%26ver%3D3.50a%26
Source: chromecache_48.12.dr	String found in binary or memory: https://www.baremetalsoft.com/style.css
Source: chromecache_48.12.dr	String found in binary or memory: https://www.worldpay.com/cgenerator/cgenerator.php?instId=101882

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:49739 version: TLS 1.2

Source: baretail.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: clean3.winEXE@15/27@8/4

Source: C:\Users\user\Desktop\baretail.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Jump to behavior

Source: C:\Users\user\Desktop\baretail.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\baretail.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\baretail.exe

File read: C:\Users\user\Desktop\baretail.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\baretail.exe "C:\Users\user\Desktop\baretail.exe"
Source: C:\Users\user\Desktop\baretail.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2116,i,5249147098069161101,3948763448879149394,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\baretail.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2116,i,5249147098069161101,3948763448879149394,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\baretail.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: assignedaccessruntime.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: structuredquery.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: windows.storage.search.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: networkexplorer.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: provsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Section loaded: msvcp140.dll	Jump to behavior

Source: C:\Users\user\Desktop\baretail.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\baretail.exe

File opened: C:\Windows\SysWOW64\MsftEdit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\baretail.exe	Window detected: Number of UI elements: 13
Source: C:\Users\user\Desktop\baretail.exe	Window detected: Number of UI elements: 34
Source: C:\Users\user\Desktop\baretail.exe	Window detected: Number of UI elements: 13

Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\baretail.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02

Jump to behavior

Source: C:\Users\user\Desktop\baretail.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\baretail.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	11 Process Injection	11 Process Injection	OS Credential Dumping	1 File and Directory Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 DLL Side-Loading	LSASS Memory	11 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
baretail.exe	3%	ReversingLabs

Name	IP	Active	Malicious	Reputation
baremetalsoft.com	68.178.230.213	true	false	unknown
www.google.com	172.217.23.100	true	false	unknown
www.worldpay.com	unknown	unknown	false	unknown
www.baremetalsoft.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.baremetalsoft.com/favicon.ico	false	unknown
https://www.baremetalsoft.com/baremetalsoftcom.gif	false	unknown
https://www.baremetalsoft.com/style.css	false	unknown
https://www.baremetalsoft.com/baregreppro/BareGrepPro2.gif	false	unknown
https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02	false	unknown
https://www.baremetalsoft.com/baretail/BareTail2.gif	false	unknown
https://www.baremetalsoft.com/baregrep/BareGrep2.gif	false	unknown
https://www.baremetalsoft.com/register/poweredByWorldPay.gif	false	unknown
https://www.baremetalsoft.com/baretailpro/BareTailPro2.gif	false	unknown
https://www.baremetalsoft.com/stats.php?request_uri=%2Fregister%2F%3Fapp%3DBareTail%26ver%3D3.50a%26build%3D2006-11-02&http_referer=	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://www.baremetalsoft.com/?app=BareTail&ver=3.50a&build=2006-11-02CE	baretail.exe, 00000000.00000002.2493636110.00000000021E0000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://www.baremetalsoft.com/baretail/index.php	chromecache_48.12.dr	false	unknown
https://www.baremetalsoft.com/stats.php?request_uri=%2Fregister%2F%3Fapp%3DBareTail%26ver%3D3.50a%26	chromecache_48.12.dr	false	unknown
http://www.baremetalsoft.com/baregrep/index.php	chromecache_48.12.dr	false	unknown
http://www.baremetalsoft.com/baretail/faq.php?app=	baretail.exe	false	unknown
http://www.baremetalsoft.com/index.php	chromecache_48.12.dr	false	unknown
http://www.baremetalsoft.com/?app=	baretail.exe	false	unknown
http://www.baremetalsoft.com/baregreppro/index.php	chromecache_48.12.dr	false	unknown
http://www.baremetalsoft.com/baretailpro/index.php	chromecache_48.12.dr	false	unknown
http://www.worldpay.com	chromecache_48.12.dr	false	unknown
http://www.baremetalsoft.com/	baretail.exe	false	unknown
http://www.baremetalsoft.com/baretail/licence.php?app=BareTail&ver=3.50a&date=2006-11-02	baretail.exe, 00000000.00000002.2493636110.00000000021E0000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://www.baremetalsoft.com/U	baretail.exe	false	unknown
https://secure.worldpay.com/global3/payment/default/help_security_en.html	chromecache_48.12.dr	false	unknown
https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02h	baretail.exe, 00000000.00000002.2492873352.0000000000681000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://purl.oen	baretail.exe, 00000000.00000003.1376238488.000000000561B000.00000004.00000020.00020000.00000000.sdmp, baretail.exe, 00000000.00000003.1375360977.000000000561C000.00000004.00000020.00020000.00000000.sdmp, baretail.exe, 00000000.00000003.1376505273.000000000561C000.00000004.00000020.00020000.00000000.sdmp, baretail.exe, 00000000.00000003.1375266649.000000000561C000.00000004.00000020.00020000.00000000.sdmp, baretail.exe, 00000000.00000002.2495197778.000000000561C000.00000004.00000020.00020000.00000000.sdmp, baretail.exe, 00000000.00000003.1386369303.000000000561C000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://www.baremetalsoft.com/baretail/licence.php?app=BareTail&ver=3.50a&date=2006-11-02erm	baretail.exe, 00000000.00000002.2493636110.00000000021E0000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://www.baremetalsoft.com/?app=BareTail&ver=3.50a&build=2006-11-02	baretail.exe, 00000000.00000002.2493636110.00000000021E0000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://secure.worldpay.com/global3/payment/default/help_faqs_en.html	chromecache_48.12.dr	false	unknown
http://www.baremetalsoft.com/baretail/licence.php	baretail.exe, 00000000.00000002.2493636110.00000000021E0000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.worldpay.com/cgenerator/cgenerator.php?instId=101882	chromecache_48.12.dr	false	unknown
https://www.baremetalsoft.com/register/?app=	baretail.exe	false	unknown
http://www.baremetalsoft.com/news/index.php	chromecache_48.12.dr	false	unknown
http://www.baremetalsoft.com/baretail/index.php?app=	baretail.exe	false	unknown
http://www.baremetalsoft.com/contact/index.php	chromecache_48.12.dr	false	unknown
https://secure.worldpay.com/global3/payment/default/help_en.html	chromecache_48.12.dr	false	unknown
https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02I	baretail.exe, 00000000.00000002.2492873352.0000000000681000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://www.baremetalsoft.com/baretail/usage.php?app=	baretail.exe	false	unknown
https://www.baremetalsoft.com/	baretail.exe, chromecache_48.12.dr	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.23.100	www.google.com	United States	15169	GOOGLEUS	false
68.178.230.213	baremetalsoft.com	United States	26496	AS-26496-GO-DADDY-COM-LLCUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523429
Start date and time:	2024-10-01 15:51:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	baretail.exe
Detection:	CLEAN
Classification:	clean3.winEXE@15/27@8/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 172.217.16.142, 108.177.15.84, 34.104.35.123, 2.18.64.20, 2.18.64.21, 172.217.16.202, 142.250.186.170, 142.250.186.42, 216.58.212.170, 142.250.184.234, 142.250.184.202, 142.250.186.74, 172.217.16.138, 142.250.185.234, 142.250.185.202, 142.250.185.138, 216.58.206.42, 142.250.185.170, 142.250.186.106, 142.250.181.234, 172.217.18.10, 199.232.210.172, 216.58.206.67, 172.217.16.206
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, e28331.dsca.akamaiedge.net, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.worldpay.com.edgekey.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: baretail.exe

Simulations

Behavior and APIs

Time	Type	Description
11:11:15	API Interceptor	7x Sleep call for process: baretail.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://www.dropbox.com/l/scl/AADL_v5DzsoHwkyegIhk6J0bQm3A7UWklCA	Get hash	malicious	Unknown	Browse
	https://k7qo.sarnerholz.cam/APRjVfmk	Get hash	malicious	Unknown	Browse
	https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0	Get hash	malicious	Phisher	Browse
	https://0.pwsinc.shop/?MKPT=Inc	Get hash	malicious	Captcha Phish	Browse
	Sales_Contract_Main_417053608_09.2024.pdf	Get hash	malicious	Unknown	Browse
	https://pt9w4x.nauleacepr.com/9QLzRhIr/#Ygovernment.relations@rolls-royce.com	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	https://vwkugoia0yciq0buttompanj2.ntvultra.com/viciorhthvgh/forhwural/coupletri/QdhahVchT/yEjbKM/anNhbGFzQGhvbGxhbmRjby5jb20=	Get hash	malicious	HTMLPhisher	Browse
	Sales_Contract_Main_417053608_09.2024.pdf	Get hash	malicious	Unknown	Browse
	https://swissquotech.com/swissquote-2024.zip	Get hash	malicious	Phisher	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-26496-GO-DADDY-COM-LLCUS	shipping documents_pdf.exe	Get hash	malicious	FormBook	Browse	118.139.176.2
	https://sms.outrightmarketing.com/	Get hash	malicious	Unknown	Browse	50.62.142.2
	https://gemmni-lgi.godaddysites.com/	Get hash	malicious	HTMLPhisher	Browse	198.71.248.123
	https://coenbsasezprrolgenz.godaddysites.com/	Get hash	malicious	HTMLPhisher	Browse	198.71.248.123
	https://metamskli0n.godaddysites.com/	Get hash	malicious	Unknown	Browse	198.71.248.123
	https://geminloogi.godaddysites.com/	Get hash	malicious	Unknown	Browse	198.71.248.123
	https://mettamisk_signin.godaddysites.com/	Get hash	malicious	HTMLPhisher	Browse	198.71.248.123
	https://metta-massk-lggoinng.godaddysites.com/	Get hash	malicious	Unknown	Browse	198.71.248.123
	https://gemini_loggin.godaddysites.com/	Get hash	malicious	HTMLPhisher	Browse	198.71.248.123
	https://gemini_logip.godaddysites.com/	Get hash	malicious	Unknown	Browse	198.71.248.123

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://www.dropbox.com/l/scl/AADL_v5DzsoHwkyegIhk6J0bQm3A7UWklCA	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27
	https://k7qo.sarnerholz.cam/APRjVfmk	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27
	https://0.pwsinc.shop/?MKPT=Inc	Get hash	malicious	Captcha Phish	Browse	4.245.163.56 184.28.90.27
	https://pt9w4x.nauleacepr.com/9QLzRhIr/#Ygovernment.relations@rolls-royce.com	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27
	file.exe	Get hash	malicious	Credential Flusher	Browse	4.245.163.56 184.28.90.27
	https://vwkugoia0yciq0buttompanj2.ntvultra.com/viciorhthvgh/forhwural/coupletri/QdhahVchT/yEjbKM/anNhbGFzQGhvbGxhbmRjby5jb20=	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27
	https://swissquotech.com/swissquote-2024.zip	Get hash	malicious	Phisher	Browse	4.245.163.56 184.28.90.27
	https://links.rasa.io/v1/t/eJx1kM2OgjAUhV_FsB6kpUXQ1bzAuJp9c2mvTI1Q0tvGEMO7DzCKC51t73d-em5J9JfksEl-QujpkGXR19A13sUet9q1W4iZJko-NkmLAQwEmOhbQi56jbPwiFe6YAjoXyBswS7mBiwN2nVXGCSTn838PrvPCg8EqkUiaFCFoV9Na2_x9I0Uvv6OK0yxPqMO6tlhsmpjZ8OgppCTbaKHYF33IFflk7Nm1u3LUgDjp5QXRqZ1qU0KOYNUij0T1U7ntaxeOhJ2Rk1_XJJzlsuUs5TxlfOonTf3BF5UohBl9aZCj56mjv9wjzQfV0TIXck5E_I9RBTxjh5dt8wFtQrTgMr18xzrZRzHX-Cephc=#a2FyZW4ubW9vbmV5QGJhbGxhcmRkZXNpZ25zLm5ldA==	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27
	http://innerglowjourney.com	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27
	file.exe	Get hash	malicious	Credential Flusher	Browse	4.245.163.56 184.28.90.27

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 38 x 41
Category:	dropped
Size (bytes):	1778
Entropy (8bit):	7.1046701241721815
Encrypted:	false
SSDEEP:	24:eKafjhZl3CR9hZhyqNiPyBJLiu08ficvlx+nX2dCPgxFZM9VEwwDjnM+yKt2q7N8:eZdZZCnpyqA6jb08f37oo17ME4Ie
MD5:	2FCF65DE37B99CF0E09AF368B0C827A1
SHA1:	65DC6802BD3D40D4366145E9DE131C6EE992ECDD
SHA-256:	E5E24627B48A878C0FCA51965C06494F4E7133D2A555BEBEE270D8BE057407DF
SHA-512:	208E5E86298D78795C8B4A8C47FE71F806290A22836091973DFFF48CBB7DB4915818B0C81FDFF5B69C9AD8809128207DAD5E3FC8E66C84628F4A668D6C233B91
Malicious:	false
Reputation:	low
Preview:	GIF89a&.)............................................................................................................................................nnn.........VVVppp.........CCC[[[www............333JJJfff......'''===YYYyyy... 555PPP............///kkk.........,,,GGGhhh.........+++FFFggg............**......EEEeee...................................rrrTTT!!!III.........~~~bbbLLL)))&&&(((<<<QQQlll...vvvUUUMMMHHHDDDAAA>>>KKK]]]ttt...sssdddaaaZZZooo........................\|\|\|}}}....................................................................................................................................................................................................................................................................................................!.......,....&.)......... ......0p..... (.`....3f..... =2h.......\.Q...0c..a....Xp...E.,...@..Q.5#H..!.....$X.QA..4..\.Ai...&..q`*P.....z..L.]%..q!...f..D....Z..5q.E..R...p`.....<.b...,Z..j.E..F.j.)...`l......

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 38 x 41
Category:	downloaded
Size (bytes):	1711
Entropy (8bit):	7.0558146711709915
Encrypted:	false
SSDEEP:	24:e6bc8QONH7bfSmbOoCMjMB0GbMts/MdwfC+rzfJ9Y6H3gWXcVei+xjWLgVGrjMyV:e6bNQO5LVO0jiqV+HRjXQkbkF0yV
MD5:	FC6038A82257DC3B58E206039078EDCB
SHA1:	D335094CE5790583FB0D2B390BF656B617E6C908
SHA-256:	278218800B13EE9170CD630C08F67D2704864D46674FD6E00E7D49505549EA33
SHA-512:	9FCEAF1AB3B5F35A005A271C58FF53D89BD4178AB7A96B6AA50081E72BF97C93D94015E0EC32B630AA35EDACFE2B40BF6582BCC9F85D338C171F118433763D12
Malicious:	false
Reputation:	low
URL:	https://www.baremetalsoft.com/baretail/BareTail2.gif
Preview:	GIF89a&.)...................................................................................................................................................................kkknnnxxx.........QQQWWWfff}}}.........;;;FFFYYYsss............+++999PPPmmm...!!!222JJJiii.........---GGGggg............**eeeEEE......,,,hhh.........///......... 555ppp.........'''===yyy............333.........CCC[[[www.........@@@VVV............UUU(((~~~bbbLLL.........vvvMMMHHHKKKZZZlllzzz.................................................................................................................................................................................................................................................................................................................!.......,....&.)........80......8p.@..... H..E... . .....08P`@.....Xy."F....l.......H8@`.........bF.3'L...B..."$.......0H.Y@.Q.3.2.a..... ..!.. ...Z4@..K..]JS.....N(a.......(.S.c...NH.b....:H..(^....}.....1V.......

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 38 x 41
Category:	dropped
Size (bytes):	1711
Entropy (8bit):	7.0558146711709915
Encrypted:	false
SSDEEP:	24:e6bc8QONH7bfSmbOoCMjMB0GbMts/MdwfC+rzfJ9Y6H3gWXcVei+xjWLgVGrjMyV:e6bNQO5LVO0jiqV+HRjXQkbkF0yV
MD5:	FC6038A82257DC3B58E206039078EDCB
SHA1:	D335094CE5790583FB0D2B390BF656B617E6C908
SHA-256:	278218800B13EE9170CD630C08F67D2704864D46674FD6E00E7D49505549EA33
SHA-512:	9FCEAF1AB3B5F35A005A271C58FF53D89BD4178AB7A96B6AA50081E72BF97C93D94015E0EC32B630AA35EDACFE2B40BF6582BCC9F85D338C171F118433763D12
Malicious:	false
Reputation:	low
Preview:	GIF89a&.)...................................................................................................................................................................kkknnnxxx.........QQQWWWfff}}}.........;;;FFFYYYsss............+++999PPPmmm...!!!222JJJiii.........---GGGggg............**eeeEEE......,,,hhh.........///......... 555ppp.........'''===yyy............333.........CCC[[[www.........@@@VVV............UUU(((~~~bbbLLL.........vvvMMMHHHKKKZZZlllzzz.................................................................................................................................................................................................................................................................................................................!.......,....&.)........80......8p.@..... H..E... . .....08P`@.....Xy."F....l.......H8@`.........bF.3'L...B..."$.......0H.Y@.Q.3.2.a..... ..!.. ...Z4@..K..]JS.....N(a.......(.S.c...NH.b....:H..(^....}.....1V.......

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	15545
Entropy (8bit):	5.151879650441154
Encrypted:	false
SSDEEP:	384:MFiHYXGHGGHRIfCm5u05u2JA6O6Q6KVf/6F6f6xZCes56G56596X9yHK60686imM:Mdh5u05u2Jb9LsfycSPCesAGA50X4HZW
MD5:	95800A5B0A5070D1E14DC386D5CA0282
SHA1:	7E3975182894FC479D253C1A7D554B56E4D285C8
SHA-256:	902BF3E219DA524308AE08ABA0B442CA1E1F2DB009FA7066515E548F98513D6A
SHA-512:	C614FB6AD299D28394DF2C781366ED50D8D551F8200B8787CAB8E0A2BCDA6435952DA172B753321204934B874662F5B8B93CB0BF2E522B9CCAA99850DDC80189
Malicious:	false
Reputation:	low
URL:	https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02
Preview:	<html>...<head>....<title>Bare Metal Software > Registration</title>....<link rel='stylesheet' type='text/css' href='https://www.baremetalsoft.com/style.css'>...</head>...<body>....<table width='100%' border='0' cellspacing='0' cellpadding='6'>.....<tr bgcolor='#9999CC'>......<td>.......<a href='https://www.baremetalsoft.com/'>........<img src='https://www.baremetalsoft.com/baremetalsoftcom.gif' style='border:0' width='150' height='50' hspace='0' vspace='0' alt='Bare Metal Software Home'>.......</a>......</td>......<td align='right' valign='bottom'>.......<p style='font-family: verdana,arial,sans-serif; font-size: 9pt; color: #404040;'>........<small>.........Copyright © 2003, 2004, 2005, 2006 Bare Metal Software Pty Ltd.........</small>.......</p>......</td>.....</tr>.....<tr bgcolor='#CCCCFF'>......<td colspan='2' align='left'>.......<p style='font-family: verdana,arial,sans-serif; font-size: 9pt; color: #404040; margin: 0;'>........<a style='color: #000080;' href='http://www

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 16 colors
Category:	downloaded
Size (bytes):	318
Entropy (8bit):	2.54618216513056
Encrypted:	false
SSDEEP:	3:PFErXllvlNl/AXll19l/Ft/vl/talAotuZt/314tg//GQWiiXt9Vf3dNQtz/XQWm:k9lAj1Ktg2HtQl4WJHtQl
MD5:	5008A66A82D36AE8EBF0A7F4D832B1C6
SHA1:	4279776EE817596F9CC62C7FFA3E795E69F4858A
SHA-256:	167D887254C3137819E94CFB5FB64DDD2FECD4379B3F3EBDE21091A6833EB739
SHA-512:	0997E7E6DA839D4A3C7E5ADB9994CA50728D57FB0C6DA785C4E7CA6A19B4AB2B4BF150C5C330429C91240493BCC21C94315BD062B4EFB28972CD42B3E3FF6890
Malicious:	false
URL:	https://www.baremetalsoft.com/favicon.ico
Preview:	..............(.......(....... ..........................................................................................................p..........p...p..p.............................p..p...........p..p.............................p..p.................................................................................

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 16 colors
Category:	dropped
Size (bytes):	318
Entropy (8bit):	2.54618216513056
Encrypted:	false
SSDEEP:	3:PFErXllvlNl/AXll19l/Ft/vl/talAotuZt/314tg//GQWiiXt9Vf3dNQtz/XQWm:k9lAj1Ktg2HtQl4WJHtQl
MD5:	5008A66A82D36AE8EBF0A7F4D832B1C6
SHA1:	4279776EE817596F9CC62C7FFA3E795E69F4858A
SHA-256:	167D887254C3137819E94CFB5FB64DDD2FECD4379B3F3EBDE21091A6833EB739
SHA-512:	0997E7E6DA839D4A3C7E5ADB9994CA50728D57FB0C6DA785C4E7CA6A19B4AB2B4BF150C5C330429C91240493BCC21C94315BD062B4EFB28972CD42B3E3FF6890
Malicious:	false
Preview:	..............(.......(....... ..........................................................................................................p..........p...p..p.............................p..p...........p..p.............................p..p.................................................................................

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 139 x 33
Category:	downloaded
Size (bytes):	1398
Entropy (8bit):	7.5712730263971775
Encrypted:	false
SSDEEP:	24:mx6fiSAM9dcT9G62xZGuGswesMAw9K3LLH+IGkhZLhewL0zHjFcO:mxwOMz29GpxGnw9EDthXewL0zHxcO
MD5:	D62DD8C08B21604823A3E2BF0B45F58D
SHA1:	C9F15B2E08FCE3600E5B39F67EB1165636E003E6
SHA-256:	A1BC1FA9CC19CD2103EAA45A21E8A18668E7E47F98D8420FD56360D010C90632
SHA-512:	745E22C80B9A47E1864B4F7FA68CE1124A7DE6E290D6E5F2F849DF322BEFC9727F6AEE1A78DCC7BBC057C621624CAA43BCF10E3C58495EA3B358479AA8C1205E
Malicious:	false
URL:	https://www.baremetalsoft.com/register/poweredByWorldPay.gif
Preview:	GIF89a..!.......................................................p.......c..d..P.....@..D...z..s.0..nx.xe. ..#..aj....lW....\P.#j.`I..u..o..i..\.T;.<@.%D.D4.G-.01.;.............................!.......,......!....@.pH,...r.l:..tJ.Z..v..^../......).L...... D...B..7...6q.D~pCpm{.ms.om.w.vBl6h..6z.kfeiG.4+6..'0+.0..6.6040.0.+.4.'.6".'.6.+C'6+....0....4.....4..4.........'".H.a....0..'.....6...".....@y.........0.Q.............t.l..8...Q....qbE<.....6..@..\x0l...M`..)D.#.DWN.D.'&..(.FFj+...%=1..I..N..f...>k..U.W.kK...U4.\.N....A._...,vJ.-Lul.e08T..R.$.....G...B..........fO.=..t.d...+..y.E...O..@!.._.h#Md..&..8....s".&/).A....cXP............O........YI/.H....p.....^h....U........EAOY.......``,W\...h.... .....j...\XV..LP..T4D.C.26aY..p...3..p. ..Bh(..CR.T1.x."....bx.9...WJW..\....\.6..-x.....hC.....B.2f....8..s.xBj..XV.F.r!7eu...B.."..h ".#....&0.....!K.&....1..B.W<.....LY....1}.........:....N.).#.....~..."J....`...DA.8Za....T......T..a ..2..,e..S..>..

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 38 x 41
Category:	dropped
Size (bytes):	1755
Entropy (8bit):	7.063082092478986
Encrypted:	false
SSDEEP:	24:e6bc8QONH7biIyOoCMjMB0GbMts/MdwfWXJCbaSg+0vu9Wb0mQ1:e6bNQO5iO0jiqnCbLg+0vu9MQ1
MD5:	22CBAF1EBD3468ABCD256B3F02C5DA86
SHA1:	5FBB720439CC2CD26F1D1B60766122AFDE72299A
SHA-256:	01F64EA2EE45E9FA9CC0DBC820729A40412681335892FAB5088C6821E8B057D2
SHA-512:	E9315D7DDFB717E0E7B6CECFBC5F7A1020795213CADDAA2B28E5497C325D60CF210FAFFB41E014524EC2FAC5272C666A8160870326D8CD82C4FEB13A6C04FFFF
Malicious:	false
Preview:	GIF89a&.)...................................................................................................................................................................kkknnnxxx.........QQQWWWfff}}}.........;;;FFFYYYsss............+++999PPPmmm...!!!222JJJiii.........---GGGggg............**eee.........EEE......,,,hhh......///......... 555ppp.........'''===yyy............333.........CCC[[[www.........@@@VVV............UUU(((~~~bbbLLL.........vvvMMMHHHKKKZZZlllzzz...........................................................................................................................................................................................................................................................................................................!.......,....&.)........80......8p.@..... H..E... . .....08P`@.....Xy."F....l.......H8@`.........bF.3'L...B..."$.......0H.Y@.Q.3.2.a..... ..!.. ...Z4@..K..]JS.....N(a.......(.S.c...NH.b....:H..(^....}.....1V.......

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1283
Entropy (8bit):	4.992157680008197
Encrypted:	false
SSDEEP:	24:wPdbxdZbph8trkOQgMJMmYE7Y3CueD7ZYNcs2XSrvV3sc:wPndZbpqtrkOQn2mlMCuotNXYhsc
MD5:	01BBD7569BFC20D7FBE1EFF2577679B2
SHA1:	509D50614BB385567EBFCB6081C8E097BC150292
SHA-256:	F04ADA51A26E7054CAA45A821E87E88167AC47C1454FE9DF866581AB37716F1A
SHA-512:	1621A220C51E8F0CFAEFD26D03BDC0E41A9CCF962F2BDBF3EC165EE91775D34F1F4436B5379371691C7CED55EBCE1ED6C38785F7335A74587E639561A74751A0
Malicious:	false
URL:	https://www.baremetalsoft.com/style.css
Preview:	body..{...margin: 0;...padding: 0;...font-family: verdana,arial,sans-serif;..}....h1, h2, h3, h4, h5, h6..{...font-family: arial,sans-serif;...color: #000080;...margin-top: 1em;...margin-bottom: 0.5em;...margin-left: 4.5pt;...margin-right: 4.5pt;...padding: 0;..}....p, ol, ul..{...font-size: 9pt;...color: #404040;..}....p..{...margin: 4.5pt;..}....ol, ul..{...margin-left: 12pt;...margin-right: 4.5pt;...margin-top: 0;...margin-bottom: 0;..}....pre..{...font-family: "Lucida Console",monospace;...font-size: 9pt;...margin-top: 4.5pt;...margin-bottom: 4.5pt;...margin-left: 5%;...margin-right: 10%;...padding: 9pt;...background: #404040;...color: white;..}....kbd..{...font-family: monospace;...font-size: 13pt;...color: black;..}....button..{...padding-top: 0.1em;...padding-bottom: 0.1em;...padding-left: 0.5em;...padding-right: 0.5em;..}.....tight..{...margin-top: 0;...margin-bottom: 0;..}.....attention..{...color: #008000;..}.....advert..{...color: #555588;..}.....upgrade, .error..{...color:

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 38 x 41
Category:	downloaded
Size (bytes):	1778
Entropy (8bit):	7.1046701241721815
Encrypted:	false
SSDEEP:	24:eKafjhZl3CR9hZhyqNiPyBJLiu08ficvlx+nX2dCPgxFZM9VEwwDjnM+yKt2q7N8:eZdZZCnpyqA6jb08f37oo17ME4Ie
MD5:	2FCF65DE37B99CF0E09AF368B0C827A1
SHA1:	65DC6802BD3D40D4366145E9DE131C6EE992ECDD
SHA-256:	E5E24627B48A878C0FCA51965C06494F4E7133D2A555BEBEE270D8BE057407DF
SHA-512:	208E5E86298D78795C8B4A8C47FE71F806290A22836091973DFFF48CBB7DB4915818B0C81FDFF5B69C9AD8809128207DAD5E3FC8E66C84628F4A668D6C233B91
Malicious:	false
URL:	https://www.baremetalsoft.com/baregreppro/BareGrepPro2.gif
Preview:	GIF89a&.)............................................................................................................................................nnn.........VVVppp.........CCC[[[www............333JJJfff......'''===YYYyyy... 555PPP............///kkk.........,,,GGGhhh.........+++FFFggg............**......EEEeee...................................rrrTTT!!!III.........~~~bbbLLL)))&&&(((<<<QQQlll...vvvUUUMMMHHHDDDAAA>>>KKK]]]ttt...sssdddaaaZZZooo........................\|\|\|}}}....................................................................................................................................................................................................................................................................................................!.......,....&.)......... ......0p..... (.`....3f..... =2h.......\.Q...0c..a....Xp...E.,...@..Q.5#H..!.....$X.QA..4..\.Ai...&..q`*P.....z..L.]%..q!...f..D....Z..5q.E..R...p`.....<.b...,Z..j.E..F.j.)...`l......

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 38 x 41
Category:	dropped
Size (bytes):	1759
Entropy (8bit):	7.11597733440572
Encrypted:	false
SSDEEP:	24:eKafFRl3CRi6hZhyqNi5sBJLiu0Uzt2DWkurGwuURHY8XmRDT01ewEMD:eZ9RZClpyqAGjb0UzI3urGwXXmKewEe
MD5:	6B1FFA91DC92C1EBD88F773B234D73A9
SHA1:	E6A2DBB1DC3F73036C5F61C19E41BDB8066A87A4
SHA-256:	B8641A17FD75F47BBFC0FA8B48D1DDDAE49FA0C675746C4D8D40B06A504B99BE
SHA-512:	7871668F2E48545C3DE97186FEEC0607DAFFA4D13321B9C62E5C26F34386812B2D452F1F94469CD29FC5434EE288E48424305BC5CF01319A5C3E55B8018F0980
Malicious:	false
Preview:	GIF89a&.)........................................................................................................................................nnn......VVVppp.........CCC[[[www............333JJJfff......'''===YYYyyy... 555PPP............///kkk.........,,,GGGhhh.........+++FFFggg............**......EEEeee....................................rrrTTT!!!III.........~~~bbbLLL)))&&&(((<<<QQQlll...vvvUUUMMMHHHDDDAAA>>>KKK]]]ttt...sssdddaaaZZZooo........................\|\|\|}}}...........................................................................................................................................................................................................................................................................................................!.......,....&.)......... ......0p..... (.`....3f..... =2h.......\.Q...0c..a....Xp...E.,...@..Q.5#H..!.....$X.QA..4..\.Ai...&..q`*P.....z..L.]%..q!...f..D.5.V.qK.8..T........mS.8.a...@....hG.0%.Ha...0R.T..Q.Y

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 38 x 41
Category:	downloaded
Size (bytes):	1759
Entropy (8bit):	7.11597733440572
Encrypted:	false
SSDEEP:	24:eKafFRl3CRi6hZhyqNi5sBJLiu0Uzt2DWkurGwuURHY8XmRDT01ewEMD:eZ9RZClpyqAGjb0UzI3urGwXXmKewEe
MD5:	6B1FFA91DC92C1EBD88F773B234D73A9
SHA1:	E6A2DBB1DC3F73036C5F61C19E41BDB8066A87A4
SHA-256:	B8641A17FD75F47BBFC0FA8B48D1DDDAE49FA0C675746C4D8D40B06A504B99BE
SHA-512:	7871668F2E48545C3DE97186FEEC0607DAFFA4D13321B9C62E5C26F34386812B2D452F1F94469CD29FC5434EE288E48424305BC5CF01319A5C3E55B8018F0980
Malicious:	false
URL:	https://www.baremetalsoft.com/baregrep/BareGrep2.gif
Preview:	GIF89a&.)........................................................................................................................................nnn......VVVppp.........CCC[[[www............333JJJfff......'''===YYYyyy... 555PPP............///kkk.........,,,GGGhhh.........+++FFFggg............**......EEEeee....................................rrrTTT!!!III.........~~~bbbLLL)))&&&(((<<<QQQlll...vvvUUUMMMHHHDDDAAA>>>KKK]]]ttt...sssdddaaaZZZooo........................\|\|\|}}}...........................................................................................................................................................................................................................................................................................................!.......,....&.)......... ......0p..... (.`....3f..... =2h.......\.Q...0c..a....Xp...E.,...@..Q.5#H..!.....$X.QA..4..\.Ai...&..q`*P.....z..L.]%..q!...f..D.5.V.qK.8..T........mS.8.a...@....hG.0%.Ha...0R.T..Q.Y

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 38 x 41
Category:	downloaded
Size (bytes):	1755
Entropy (8bit):	7.063082092478986
Encrypted:	false
SSDEEP:	24:e6bc8QONH7biIyOoCMjMB0GbMts/MdwfWXJCbaSg+0vu9Wb0mQ1:e6bNQO5iO0jiqnCbLg+0vu9MQ1
MD5:	22CBAF1EBD3468ABCD256B3F02C5DA86
SHA1:	5FBB720439CC2CD26F1D1B60766122AFDE72299A
SHA-256:	01F64EA2EE45E9FA9CC0DBC820729A40412681335892FAB5088C6821E8B057D2
SHA-512:	E9315D7DDFB717E0E7B6CECFBC5F7A1020795213CADDAA2B28E5497C325D60CF210FAFFB41E014524EC2FAC5272C666A8160870326D8CD82C4FEB13A6C04FFFF
Malicious:	false
URL:	https://www.baremetalsoft.com/baretailpro/BareTailPro2.gif
Preview:	GIF89a&.)...................................................................................................................................................................kkknnnxxx.........QQQWWWfff}}}.........;;;FFFYYYsss............+++999PPPmmm...!!!222JJJiii.........---GGGggg............**eee.........EEE......,,,hhh......///......... 555ppp.........'''===yyy............333.........CCC[[[www.........@@@VVV............UUU(((~~~bbbLLL.........vvvMMMHHHKKKZZZlllzzz...........................................................................................................................................................................................................................................................................................................!.......,....&.)........80......8p.@..... H..E... . .....08P`@.....Xy."F....l.......H8@`.........bF.3'L...B..."$.......0H.Y@.Q.3.2.a..... ..!.. ...Z4@..K..]JS.....N(a.......(.S.c...NH.b....:H..(^....}.....1V.......

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 139 x 33
Category:	dropped
Size (bytes):	1398
Entropy (8bit):	7.5712730263971775
Encrypted:	false
SSDEEP:	24:mx6fiSAM9dcT9G62xZGuGswesMAw9K3LLH+IGkhZLhewL0zHjFcO:mxwOMz29GpxGnw9EDthXewL0zHxcO
MD5:	D62DD8C08B21604823A3E2BF0B45F58D
SHA1:	C9F15B2E08FCE3600E5B39F67EB1165636E003E6
SHA-256:	A1BC1FA9CC19CD2103EAA45A21E8A18668E7E47F98D8420FD56360D010C90632
SHA-512:	745E22C80B9A47E1864B4F7FA68CE1124A7DE6E290D6E5F2F849DF322BEFC9727F6AEE1A78DCC7BBC057C621624CAA43BCF10E3C58495EA3B358479AA8C1205E
Malicious:	false
Preview:	GIF89a..!.......................................................p.......c..d..P.....@..D...z..s.0..nx.xe. ..#..aj....lW....\P.#j.`I..u..o..i..\.T;.<@.%D.D4.G-.01.;.............................!.......,......!....@.pH,...r.l:..tJ.Z..v..^../......).L...... D...B..7...6q.D~pCpm{.ms.om.w.vBl6h..6z.kfeiG.4+6..'0+.0..6.6040.0.+.4.'.6".'.6.+C'6+....0....4.....4..4.........'".H.a....0..'.....6...".....@y.........0.Q.............t.l..8...Q....qbE<.....6..@..\x0l...M`..)D.#.DWN.D.'&..(.FFj+...%=1..I..N..f...>k..U.W.kK...U4.\.N....A._...,vJ.-Lul.e08T..R.$.....G...B..........fO.=..t.d...+..y.E...O..@!.._.h#Md..&..8....s".&/).A....cXP............O........YI/.H....p.....^h....U........EAOY.......``,W\...h.... .....j...\XV..LP..T4D.C.26aY..p...3..p. ..Bh(..CR.T1.x."....bx.9...WJW..\....\.6..-x.....hC.....B.2f....8..s.xBj..XV.F.r!7eu...B.."..h ".#....&0.....!K.&....1..B.W<.....LY....1}.........:....N.).#.....~..."J....`...DA.8Za....T......T..a ..2..,e..S..>..

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 150 x 50
Category:	dropped
Size (bytes):	6445
Entropy (8bit):	7.7787207814999375
Encrypted:	false
SSDEEP:	96:cmGD4pko8hh2ROH1WU0VEvWJ5D8O6FCnChxyHkfm7oIi9KcIHyo4TN0hiRPMhnL1:zN8hhRV0VEvil8JFCChxVDIi9K0puL1
MD5:	49AF9A28EC942BEABC1A0CD7E07C37F1
SHA1:	B76BDC55DD193A002AF234E6477EAAF185A9FF3A
SHA-256:	388361B15ACAD67270D9383F541F0A95F53482CAB3FF32AC2E83805F9B20D922
SHA-512:	7F538327766F3D4DB73844792D18253A68A6842E70CDB55D03B43791EEEE54E2D8A89BEC47288F35864EF6C00D1207C8C5C6C2134DC280E8332A4FEA0E64E935
Malicious:	false
Preview:	GIF89a..2.......&&.::.................FFF...........f...&&.RRR.........""".........BBB......fff...rrZ..]::..............zzjJJJ.............r...""...".........z.......................22................66FF............z...........................""...n.....................BB.......~...............VVV........j..~..................]]]..&22.....................................jjR.................................>>.22&...::8............"".......rrr~~n.....66..........>>=...jjj...........z............22vvu..................."...zzx......BB.~~~>>...................bbb""..........FF.&&&...................b.........::........nn^...........BB6.............v66666.......>>...."".......**"".nnjFF...................222....66....JJD...BB.........,......2........ N\.....\.a.z...H.`..3..(....5f.8q.."GF,Y.d...<....!Y.v.....@...F.......g.@..=.ti.=.B.j..R.7.:...+U.L.......at.......'x....o.....X.n...u....x.......k.....&l.q.....,...\|.\.a...B...9...6b

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 150 x 50
Category:	downloaded
Size (bytes):	6445
Entropy (8bit):	7.7787207814999375
Encrypted:	false
SSDEEP:	96:cmGD4pko8hh2ROH1WU0VEvWJ5D8O6FCnChxyHkfm7oIi9KcIHyo4TN0hiRPMhnL1:zN8hhRV0VEvil8JFCChxVDIi9K0puL1
MD5:	49AF9A28EC942BEABC1A0CD7E07C37F1
SHA1:	B76BDC55DD193A002AF234E6477EAAF185A9FF3A
SHA-256:	388361B15ACAD67270D9383F541F0A95F53482CAB3FF32AC2E83805F9B20D922
SHA-512:	7F538327766F3D4DB73844792D18253A68A6842E70CDB55D03B43791EEEE54E2D8A89BEC47288F35864EF6C00D1207C8C5C6C2134DC280E8332A4FEA0E64E935
Malicious:	false
URL:	https://www.baremetalsoft.com/baremetalsoftcom.gif
Preview:	GIF89a..2.......&&.::.................FFF...........f...&&.RRR.........""".........BBB......fff...rrZ..]::..............zzjJJJ.............r...""...".........z.......................22................66FF............z...........................""...n.....................BB.......~...............VVV........j..~..................]]]..&22.....................................jjR.................................>>.22&...::8............"".......rrr~~n.....66..........>>=...jjj...........z............22vvu..................."...zzx......BB.~~~>>...................bbb""..........FF.&&&...................b.........::........nn^...........BB6.............v66666.......>>...."".......**"".nnjFF...................222....66....JJD...BB.........,......2........ N\.....\.a.z...H.`..3..(....5f.8q.."GF,Y.d...<....!Y.v.....@...F.......g.@..=.ti.=.B.j..R.7.:...+U.L.......at.......'x....o.....X.n...u....x.......k.....&l.q.....,...\|.\.a...B...9...6b

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.110577243331642
Encrypted:	false
SSDEEP:	3:GMyoSQ/Y:jFSQ/Y
MD5:	F3E6261D008B54D1009C883272348A0F
SHA1:	D89E60EC8202253D95B330E37B5B3C632C04D541
SHA-256:	D215818D6924688CE28E2094C42DAE121B5C72E674BD07EF77D3E31C8986BB80
SHA-512:	35714D344CAA4517B5937E2E0A9A025297E48F5E23E83343103B58C7BC6A59EA85E648F7DEC48EDE26169B5C9C646240C7A00A8471D2304C73C0F4E10AC175E8
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwnw_4YogUcLtRIFDeeNQA4SBQ2SBVTO?alt=proto
Preview:	ChIKBw3njUAOGgAKBw2SBVTOGgA=

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.538969112581003
TrID:	Win32 Executable (generic) a (10002005/4) 93.04% Win32 Executable Borland Delphi 5 (451725/56) 4.20% Win32 Executable Borland Delphi 3 (262916/56) 2.45% Win32 Executable Delphi generic (14689/80) 0.14% Windows Screen Saver (13104/52) 0.12%
File name:	baretail.exe
File size:	225'280 bytes
MD5:	f3e7a015c1d541528085d3f9581ab41f
SHA1:	2aa7d3806d614fd9e1e6b099d134784a98b6dd9e
SHA256:	160d6a3bdc9d64677643376f82e559eb4112289e6b6d722b5b3b32699d18bca9
SHA512:	ec72c112d96257a58eab1e40a47b3bbce1399a85540198a94d85c46e4cd7702d9c634cec812bfed1894ae949019ea1c645c8d9e488719b4848cdb9f63dbe4f49
SSDEEP:	6144:C9DH/mHTUUo87osathhHbunP8kFZb15ZIqM:cf0TUY7osuhdunRFZpg
TLSH:	FC247C3AB480C972C16A1BB89C66D3E9741EBF615F34204BBAE90F5C4D3A152793C2D7
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	c3a7b597ad8f8d32

Static PE Info

General

Entrypoint:	0x42dddc
Entrypoint Section:	CODE
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	1
OS Version Minor:	0
File Version Major:	1
File Version Minor:	0
Subsystem Version Major:	1
Subsystem Version Minor:	0
Import Hash:	81155a0e2df4601ba71dea0ee6bf5173

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF4h
push ebx
push esi
mov eax, 0042DB84h
call 00007F53C84F3FF3h
push 000001F4h
mov eax, dword ptr [0042E6C8h]
mov eax, dword ptr [eax]
push eax
call 00007F53C84F443Dh
mov ebx, eax
mov ecx, 0042DE34h
mov dl, 01h
mov eax, dword ptr [0042ADBCh]
call 00007F53C85196DEh
mov esi, eax
mov eax, ebx
call 00007F53C8500CCDh
mov eax, esi
call 00007F53C84F1396h
pop esi
pop ebx
call 00007F53C84F1C2Fh
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x30000	0x1474	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x37000	0x4e00	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x34000	0x2c34	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x33000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
CODE	0x1000	0x2ce40	0x2d000	f2defa9427b80c89a1517edc7a056924	False	0.5038140190972222	data	6.4381654690806025	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
DATA	0x2e000	0x7a8	0x800	664903b2e045ca0312e94528660713ea	False	0.44384765625	data	3.973476505724246	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
BSS	0x2f000	0x7ed	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x30000	0x1474	0x1600	74008627ece32fef0ead8e2cf74db180	False	0.37269176136363635	data	4.7053535894863145	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x32000	0xc	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x33000	0x18	0x200	fd0142189d97181e49bab279e5bbf976	False	0.05078125	MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "C"	0.2108262677871819	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.reloc	0x34000	0x2c34	0x2e00	6837bce54067a023a67fa483db2dea3a	False	0.694718070652174	data	6.575699714992719	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.rsrc	0x37000	0x4e00	0x4e00	12b7178e178cd0278d50094a32bd8ee8	False	0.4540765224358974	data	5.783968374529989	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_BITMAP	0x375f0	0xb0	Device independent bitmap graphic, 10 x 9 x 4, image size 72, resolution 3780 x 3780 px/m	English	Australia	0.4715909090909091
RT_BITMAP	0x376a0	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128, resolution 3780 x 3780 px/m	English	Australia	0.5646551724137931
RT_BITMAP	0x37788	0xd0	Device independent bitmap graphic, 13 x 13 x 4, image size 104	English	Australia	0.4182692307692308
RT_BITMAP	0x37858	0xd0	Device independent bitmap graphic, 13 x 13 x 4, image size 104	English	Australia	0.39903846153846156
RT_BITMAP	0x37928	0xd0	Device independent bitmap graphic, 13 x 13 x 4, image size 104	English	Australia	0.3798076923076923
RT_BITMAP	0x379f8	0xd0	Device independent bitmap graphic, 13 x 13 x 4, image size 104	English	Australia	0.3798076923076923
RT_BITMAP	0x37ac8	0xd0	Device independent bitmap graphic, 13 x 13 x 4, image size 104	English	Australia	0.375
RT_BITMAP	0x37b98	0x21cc	Device independent bitmap graphic, 150 x 50 x 8, 1 compression, image size 7588, resolution 2834 x 2834 px/m, 256 important colors	English	Australia	0.6367313915857605
RT_BITMAP	0x39d64	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128	English	Australia	0.47413793103448276
RT_BITMAP	0x39e4c	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128	English	Australia	0.5301724137931034
RT_BITMAP	0x39f34	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128	English	Australia	0.3232758620689655
RT_BITMAP	0x3a01c	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128	English	Australia	0.38362068965517243
RT_BITMAP	0x3a104	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128	English	Australia	0.39655172413793105
RT_BITMAP	0x3a1ec	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128	English	Australia	0.3879310344827586
RT_ICON	0x3a2d4	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	Australia	0.2916666666666667
RT_ICON	0x3a5bc	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Australia	0.41216216216216217
RT_STRING	0x3a6e4	0x370	data			0.3795454545454545
RT_STRING	0x3aa54	0xec	data			0.4788135593220339
RT_STRING	0x3ab40	0xd0	data			0.5673076923076923
RT_STRING	0x3ac10	0x2a4	data			0.4526627218934911
RT_STRING	0x3aeb4	0x35c	data			0.40813953488372096
RT_STRING	0x3b210	0x2b4	data			0.4060693641618497
RT_ACCELERATOR	0x3b4c4	0x20	data	English	Australia	1.09375
RT_RCDATA	0x3b4e4	0x10	data			1.5
RT_RCDATA	0x3b4f4	0x44c	data			0.5618181818181818
RT_GROUP_ICON	0x3b940	0x22	data	English	Australia	1.0
RT_MANIFEST	0x3b964	0x2b7	XML 1.0 document, ASCII text, with CRLF line terminators	English	Australia	0.5050359712230216

Imports

DLL	Import
kernel32.dll	GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, CreateThread, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
user32.dll	GetKeyboardType, LoadStringA, MessageBoxA
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey
oleaut32.dll	VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysReAllocStringLen, SysAllocStringLen
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA
advapi32.dll	RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyA, RegCloseKey
kernel32.dll	WriteFile, WaitForSingleObject, VirtualQuery, SetLastError, SetFilePointer, SetEvent, SetEndOfFile, ReleaseSemaphore, ReadFile, MultiByteToWideChar, MulDiv, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalLock, GlobalAlloc, GetVersionExA, GetThreadLocale, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileTime, GetFileSize, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentDirectoryA, GetCPInfo, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateSemaphoreA, CreateFileA, CreateEventA, CompareStringA, CloseHandle
gdi32.dll	TextOutA, SetTextColor, SetTextAlign, SetPixel, SetBkMode, SetBkColor, SelectObject, Rectangle, Polyline, Polygon, MoveToEx, LineTo, GetTextMetricsA, GetTextExtentPoint32A, GetStockObject, GetPixel, GetObjectA, GetDeviceCaps, EnumFontFamiliesExA, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreatePen, CreateFontIndirectA, CreateFontA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBitmap, BitBlt
user32.dll	UpdateWindow, UnionRect, TranslateMessage, TranslateAcceleratorA, TrackPopupMenu, SystemParametersInfoA, ShowWindow, SetWindowTextA, SetWindowPos, SetWindowLongA, SetTimer, SetScrollInfo, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SendMessageA, ScreenToClient, ReleaseDC, ReleaseCapture, RegisterClassExA, PtInRect, PostQuitMessage, PostMessageA, OpenClipboard, OffsetRect, MoveWindow, MessageBoxA, MapWindowPoints, LoadStringA, LoadImageA, LoadIconA, LoadCursorA, LoadBitmapA, LoadAcceleratorsA, KillTimer, IsWindowVisible, IsWindowEnabled, IsIconic, IsDialogMessageA, InvalidateRect, IntersectRect, InflateRect, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollInfo, GetMessageA, GetMenu, GetKeyState, GetForegroundWindow, GetFocus, GetDlgCtrlID, GetDC, GetClientRect, FrameRect, FillRect, EndPaint, EnableWindow, EnableMenuItem, EmptyClipboard, DrawTextW, DrawTextA, DrawIcon, DrawFocusRect, DispatchMessageA, DestroyWindow, DestroyMenu, DeleteMenu, DefWindowProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, BeginPaint, AppendMenuA
ole32.dll	CoUninitialize, CoInitialize
oleaut32.dll	GetErrorInfo, SysFreeString
shell32.dll	ShellExecuteA, DragQueryFileA, DragFinish, DragAcceptFiles
comctl32.dll	InitCommonControls
comdlg32.dll	ChooseColorA, GetSaveFileNameA, GetOpenFileNameA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Australia

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 15:51:59.749654055 CEST	49671	443	192.168.2.7	204.79.197.203
Oct 1, 2024 15:52:00.952804089 CEST	49671	443	192.168.2.7	204.79.197.203
Oct 1, 2024 15:52:01.046555042 CEST	49674	443	192.168.2.7	104.98.116.138
Oct 1, 2024 15:52:01.046567917 CEST	49675	443	192.168.2.7	104.98.116.138
Oct 1, 2024 15:52:01.155949116 CEST	49672	443	192.168.2.7	104.98.116.138
Oct 1, 2024 15:52:03.359023094 CEST	49671	443	192.168.2.7	204.79.197.203
Oct 1, 2024 15:52:07.375072002 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 1, 2024 15:52:07.749658108 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 1, 2024 15:52:08.171556950 CEST	49671	443	192.168.2.7	204.79.197.203
Oct 1, 2024 15:52:08.499636889 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 1, 2024 15:52:09.999702930 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 1, 2024 15:52:10.655911922 CEST	49674	443	192.168.2.7	104.98.116.138
Oct 1, 2024 15:52:10.655944109 CEST	49675	443	192.168.2.7	104.98.116.138
Oct 1, 2024 15:52:10.765430927 CEST	49672	443	192.168.2.7	104.98.116.138
Oct 1, 2024 15:52:12.984041929 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 1, 2024 15:52:13.193670988 CEST	443	49698	104.98.116.138	192.168.2.7
Oct 1, 2024 15:52:13.193847895 CEST	49698	443	192.168.2.7	104.98.116.138
Oct 1, 2024 15:52:14.466495991 CEST	49699	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:14.466541052 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:14.466595888 CEST	49699	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:14.468034029 CEST	49699	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:14.468049049 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:15.751043081 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:15.751374006 CEST	49699	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:15.751406908 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:15.752455950 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:15.752527952 CEST	49699	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:15.753623962 CEST	49699	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:15.753691912 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:15.753962994 CEST	49699	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:15.753973007 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:15.798234940 CEST	49699	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.131360054 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.131396055 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.131406069 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.131489038 CEST	49699	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.131510019 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.132205009 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.132267952 CEST	49699	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.132277012 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.133326054 CEST	49699	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.133366108 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.133507967 CEST	443	49699	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.133567095 CEST	49699	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.164263964 CEST	49705	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.164321899 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.164592028 CEST	49705	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.164813042 CEST	49706	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.164828062 CEST	443	49706	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.164990902 CEST	49706	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.165430069 CEST	49707	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.165512085 CEST	443	49707	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.165600061 CEST	49707	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.166059971 CEST	49705	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.166076899 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.166711092 CEST	49706	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.166723967 CEST	443	49706	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.167026043 CEST	49707	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.167066097 CEST	443	49707	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.182507992 CEST	49708	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.182547092 CEST	443	49708	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.182638884 CEST	49708	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.183166981 CEST	49708	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.183178902 CEST	443	49708	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.183820963 CEST	49709	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.183856010 CEST	443	49709	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.183955908 CEST	49709	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.184793949 CEST	49709	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.184812069 CEST	443	49709	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.188345909 CEST	49710	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.188354015 CEST	443	49710	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:16.188414097 CEST	49710	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.189074039 CEST	49710	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:16.189085007 CEST	443	49710	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.082881927 CEST	443	49707	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.083383083 CEST	49707	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.083450079 CEST	443	49707	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.084582090 CEST	443	49707	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.084662914 CEST	49707	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.084983110 CEST	49707	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.085063934 CEST	443	49707	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.085140944 CEST	49707	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.085158110 CEST	443	49707	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.086044073 CEST	443	49706	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.086343050 CEST	49706	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.086354971 CEST	443	49706	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.086702108 CEST	443	49706	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.087235928 CEST	49706	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.087399006 CEST	49706	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.087404966 CEST	443	49706	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.087608099 CEST	443	49706	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.088941097 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.089257956 CEST	49705	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.089267015 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.090193987 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.090281963 CEST	49705	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.090579033 CEST	49705	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.090636969 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.090641975 CEST	49705	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.108876944 CEST	443	49710	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.109155893 CEST	49710	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.109181881 CEST	443	49710	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.110083103 CEST	443	49710	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.110160112 CEST	49710	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.110588074 CEST	49710	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.110644102 CEST	443	49710	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.110738039 CEST	49710	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.110745907 CEST	443	49710	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.113537073 CEST	443	49708	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.116475105 CEST	49708	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.116498947 CEST	443	49708	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.120194912 CEST	443	49708	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.120269060 CEST	49708	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.120790958 CEST	49708	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.120968103 CEST	443	49708	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.121052980 CEST	49708	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.121062994 CEST	443	49708	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.128164053 CEST	49706	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.128246069 CEST	49707	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.128789902 CEST	443	49709	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.128999949 CEST	49709	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.129025936 CEST	443	49709	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.129920959 CEST	443	49709	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.129993916 CEST	49709	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.130258083 CEST	49709	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.130319118 CEST	443	49709	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.130398035 CEST	49709	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.130413055 CEST	443	49709	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.135397911 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.143460035 CEST	49705	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.143471956 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.158864975 CEST	49710	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.173213959 CEST	49708	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.173285007 CEST	49709	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.188328028 CEST	49705	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.677413940 CEST	443	49707	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.677506924 CEST	443	49707	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.677558899 CEST	49707	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.679558039 CEST	49707	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.679579020 CEST	443	49707	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.681061983 CEST	443	49706	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.681186914 CEST	443	49706	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.681269884 CEST	49706	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.690855980 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.690880060 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.690886974 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.690948009 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.690960884 CEST	49705	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.691000938 CEST	49705	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.692545891 CEST	49714	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.692578077 CEST	443	49714	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.692734003 CEST	49714	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.693447113 CEST	49714	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.693459988 CEST	443	49714	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.694704056 CEST	49706	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.694722891 CEST	443	49706	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.696279049 CEST	49705	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.696285009 CEST	443	49705	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.697201967 CEST	49715	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.697227001 CEST	443	49715	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.697361946 CEST	49715	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.698236942 CEST	49715	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.698251963 CEST	443	49715	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.710863113 CEST	443	49708	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.710886002 CEST	443	49708	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.710936069 CEST	49708	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.710958958 CEST	443	49708	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.711122036 CEST	443	49708	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.711169004 CEST	49708	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.712547064 CEST	49708	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.712559938 CEST	443	49708	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.714651108 CEST	443	49710	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.714668036 CEST	443	49710	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.714760065 CEST	49710	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.714778900 CEST	443	49710	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.715338945 CEST	443	49710	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.715401888 CEST	49710	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.716413021 CEST	49710	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.716423988 CEST	443	49710	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.731131077 CEST	443	49709	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.731146097 CEST	443	49709	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.731192112 CEST	443	49709	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.731242895 CEST	49709	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.731298923 CEST	49709	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.734469891 CEST	49709	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.734478951 CEST	443	49709	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.745168924 CEST	49717	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.745225906 CEST	443	49717	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.745351076 CEST	49717	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.745435953 CEST	49718	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.745445013 CEST	443	49718	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.745510101 CEST	49718	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.745687008 CEST	49719	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.745722055 CEST	443	49719	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.745800972 CEST	49719	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.745835066 CEST	49720	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.745845079 CEST	443	49720	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.745908976 CEST	49720	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.746196032 CEST	49717	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.746212959 CEST	443	49717	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.746335030 CEST	49718	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.746346951 CEST	443	49718	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.746467113 CEST	49719	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.746478081 CEST	443	49719	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.746592045 CEST	49720	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.746599913 CEST	443	49720	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.748862028 CEST	49721	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.748895884 CEST	443	49721	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.749063969 CEST	49721	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.749494076 CEST	49721	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:17.749505043 CEST	443	49721	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:17.773554087 CEST	49671	443	192.168.2.7	204.79.197.203
Oct 1, 2024 15:52:18.451397896 CEST	49722	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:52:18.451431990 CEST	443	49722	172.217.23.100	192.168.2.7
Oct 1, 2024 15:52:18.451510906 CEST	49722	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:52:18.455811977 CEST	49722	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:52:18.455825090 CEST	443	49722	172.217.23.100	192.168.2.7
Oct 1, 2024 15:52:18.605834007 CEST	443	49715	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.609157085 CEST	49715	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.609184980 CEST	443	49715	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.610369921 CEST	443	49715	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.613178015 CEST	49715	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.613387108 CEST	443	49715	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.616033077 CEST	49715	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.659405947 CEST	443	49715	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.668037891 CEST	443	49719	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.669146061 CEST	49719	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.669183016 CEST	443	49719	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.672796965 CEST	443	49719	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.672878027 CEST	49719	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.673194885 CEST	49719	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.673327923 CEST	49719	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.673382044 CEST	443	49719	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.677438974 CEST	443	49720	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.677763939 CEST	49720	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.677793980 CEST	443	49720	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.679138899 CEST	443	49720	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.679198980 CEST	49720	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.679527044 CEST	443	49721	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.680485010 CEST	49720	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.680630922 CEST	49721	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.680654049 CEST	443	49721	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.680741072 CEST	443	49720	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.681818008 CEST	443	49721	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.681871891 CEST	49721	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.689431906 CEST	49720	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.689445972 CEST	443	49720	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.689764023 CEST	49721	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.689899921 CEST	443	49721	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.690185070 CEST	49721	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.690200090 CEST	443	49721	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.691710949 CEST	443	49717	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.692447901 CEST	49717	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.692477942 CEST	443	49717	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.695647955 CEST	443	49717	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.695710897 CEST	49717	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.698313951 CEST	443	49718	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.698793888 CEST	49717	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.698904037 CEST	443	49717	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.699204922 CEST	49718	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.699213028 CEST	443	49718	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.699244022 CEST	49717	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.699250937 CEST	443	49717	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.700160980 CEST	443	49714	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.700396061 CEST	49714	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.700411081 CEST	443	49714	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.700947046 CEST	443	49714	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.701291084 CEST	49714	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.701534986 CEST	49714	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.701545000 CEST	443	49714	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.701814890 CEST	443	49718	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.701884031 CEST	49718	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.702203989 CEST	49718	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.702529907 CEST	443	49718	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.702951908 CEST	49718	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.702959061 CEST	443	49718	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.703155041 CEST	443	49714	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.728363991 CEST	49719	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.728440046 CEST	443	49719	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:18.739595890 CEST	49720	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.739604950 CEST	49721	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.739609003 CEST	49717	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.745465040 CEST	49714	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.756381989 CEST	49718	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.772068977 CEST	49719	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:18.937413931 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 1, 2024 15:52:19.111593962 CEST	443	49722	172.217.23.100	192.168.2.7
Oct 1, 2024 15:52:19.155147076 CEST	49722	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:52:19.197685003 CEST	443	49715	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.197722912 CEST	443	49715	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.197819948 CEST	49715	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.197850943 CEST	443	49715	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.198013067 CEST	443	49715	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.198064089 CEST	49715	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.264061928 CEST	443	49719	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.264175892 CEST	443	49719	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.264282942 CEST	49719	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.280175924 CEST	443	49720	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.280201912 CEST	443	49720	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.280210018 CEST	443	49720	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.280252934 CEST	443	49720	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.280282974 CEST	49720	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.280333996 CEST	49720	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.280416012 CEST	443	49721	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.280430079 CEST	443	49721	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.280476093 CEST	49721	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.280495882 CEST	443	49721	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.280966043 CEST	443	49721	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.282361984 CEST	49721	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.289769888 CEST	443	49717	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.289830923 CEST	443	49717	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.289899111 CEST	49717	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.289930105 CEST	443	49717	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.290008068 CEST	443	49717	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.290071011 CEST	49717	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.296880960 CEST	443	49718	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.296896935 CEST	443	49718	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.296947956 CEST	443	49718	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.296952009 CEST	49718	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.297000885 CEST	49718	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.380860090 CEST	443	49714	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.383723974 CEST	443	49714	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.385056973 CEST	49714	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.535484076 CEST	49722	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:52:19.535514116 CEST	443	49722	172.217.23.100	192.168.2.7
Oct 1, 2024 15:52:19.536055088 CEST	49714	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.536082029 CEST	443	49714	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.539372921 CEST	443	49722	172.217.23.100	192.168.2.7
Oct 1, 2024 15:52:19.539474964 CEST	49722	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:52:19.589303970 CEST	49722	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:52:19.589723110 CEST	443	49722	172.217.23.100	192.168.2.7
Oct 1, 2024 15:52:19.628772020 CEST	49718	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.628823042 CEST	443	49718	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.629097939 CEST	49717	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.629106045 CEST	443	49717	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.629461050 CEST	49721	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.629497051 CEST	443	49721	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.629961967 CEST	49719	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.629992962 CEST	443	49719	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.635636091 CEST	49722	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:52:19.635653973 CEST	443	49722	172.217.23.100	192.168.2.7
Oct 1, 2024 15:52:19.638003111 CEST	49715	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.638027906 CEST	443	49715	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.680486917 CEST	49720	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.680531979 CEST	443	49720	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.689636946 CEST	49722	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:52:19.739876986 CEST	49724	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.739928007 CEST	443	49724	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:19.739990950 CEST	49724	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.741288900 CEST	49724	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:19.741305113 CEST	443	49724	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.022448063 CEST	49725	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.022500038 CEST	443	49725	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:20.022581100 CEST	49725	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.025187016 CEST	49725	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.025203943 CEST	443	49725	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:20.027925968 CEST	49726	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.027959108 CEST	443	49726	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.028014898 CEST	49726	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.028220892 CEST	49726	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.028234959 CEST	443	49726	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.029810905 CEST	49727	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.029846907 CEST	443	49727	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.029954910 CEST	49727	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.030077934 CEST	49727	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.030088902 CEST	443	49727	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.662110090 CEST	443	49724	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.662350893 CEST	49724	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.662375927 CEST	443	49724	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.662838936 CEST	443	49724	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.663157940 CEST	49724	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.663234949 CEST	443	49724	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.663316011 CEST	49724	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.667546988 CEST	443	49725	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:20.667610884 CEST	49725	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.671052933 CEST	49725	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.671072960 CEST	443	49725	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:20.671452999 CEST	443	49725	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:20.707396030 CEST	443	49724	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.718164921 CEST	49725	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.726344109 CEST	49725	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.771409988 CEST	443	49725	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:20.935137987 CEST	443	49725	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:20.935240030 CEST	443	49725	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:20.935290098 CEST	49725	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.935517073 CEST	49725	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.935540915 CEST	443	49725	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:20.935554028 CEST	49725	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.935560942 CEST	443	49725	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:20.943941116 CEST	443	49727	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.949187040 CEST	49727	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.949198008 CEST	443	49727	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.950387001 CEST	443	49727	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.951030016 CEST	49727	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.951216936 CEST	443	49727	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.951241970 CEST	49727	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.963238955 CEST	443	49726	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.963455915 CEST	49726	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.963474035 CEST	443	49726	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.963815928 CEST	443	49726	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.964093924 CEST	49726	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.964147091 CEST	443	49726	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.964215994 CEST	49726	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:20.989507914 CEST	49732	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.989546061 CEST	443	49732	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:20.989644051 CEST	49732	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.990025997 CEST	49732	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:20.990036964 CEST	443	49732	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:20.995390892 CEST	443	49727	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:20.999521017 CEST	49727	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:21.011396885 CEST	443	49726	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:21.274384022 CEST	443	49724	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:21.274462938 CEST	443	49724	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:21.274616957 CEST	49724	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:21.276097059 CEST	49724	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:21.276120901 CEST	443	49724	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:21.296799898 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:21.296921968 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:21.297015905 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:21.298616886 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:21.298666000 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:21.300450087 CEST	49734	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:21.300487041 CEST	443	49734	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:21.300565004 CEST	49734	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:21.300832033 CEST	49734	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:21.300848007 CEST	443	49734	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:21.710927963 CEST	49698	443	192.168.2.7	104.98.116.138
Oct 1, 2024 15:52:21.711684942 CEST	49735	443	192.168.2.7	104.98.116.138
Oct 1, 2024 15:52:21.711744070 CEST	443	49735	104.98.116.138	192.168.2.7
Oct 1, 2024 15:52:21.711888075 CEST	49735	443	192.168.2.7	104.98.116.138
Oct 1, 2024 15:52:21.717127085 CEST	49735	443	192.168.2.7	104.98.116.138
Oct 1, 2024 15:52:21.717139006 CEST	443	49735	104.98.116.138	192.168.2.7
Oct 1, 2024 15:52:21.874913931 CEST	443	49726	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:21.874938965 CEST	443	49726	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:21.875005960 CEST	443	49726	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:21.875011921 CEST	49726	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:21.875025034 CEST	443	49727	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:21.875183105 CEST	49726	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:21.875204086 CEST	443	49727	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:21.875407934 CEST	49727	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:21.878134012 CEST	443	49698	104.98.116.138	192.168.2.7
Oct 1, 2024 15:52:21.878798962 CEST	443	49732	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:21.878866911 CEST	49732	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:22.084974051 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.085094929 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:22.096242905 CEST	49727	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:22.096276045 CEST	443	49727	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:22.100645065 CEST	49732	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:22.100670099 CEST	443	49732	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:22.101092100 CEST	443	49732	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:22.102143049 CEST	49732	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:22.106218100 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:22.106287956 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.106494904 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.143404007 CEST	443	49732	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:22.151241064 CEST	49726	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:22.151262045 CEST	443	49726	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:22.155824900 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:22.260793924 CEST	443	49734	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:22.261044979 CEST	49734	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:22.261068106 CEST	443	49734	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:22.261430025 CEST	443	49734	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:22.261770964 CEST	49734	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:22.261837006 CEST	443	49734	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:22.261993885 CEST	49734	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:22.287153959 CEST	443	49732	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:22.287336111 CEST	443	49732	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:22.287782907 CEST	49732	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:22.288295984 CEST	49732	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:22.288311958 CEST	443	49732	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:22.288321972 CEST	49732	443	192.168.2.7	184.28.90.27
Oct 1, 2024 15:52:22.288326979 CEST	443	49732	184.28.90.27	192.168.2.7
Oct 1, 2024 15:52:22.307393074 CEST	443	49734	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:22.694981098 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:22.735409021 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.909431934 CEST	443	49734	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:22.909518957 CEST	443	49734	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:22.909749985 CEST	49734	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:22.910316944 CEST	49734	443	192.168.2.7	68.178.230.213
Oct 1, 2024 15:52:22.910335064 CEST	443	49734	68.178.230.213	192.168.2.7
Oct 1, 2024 15:52:22.949986935 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.950011969 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.950020075 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.950032949 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.950078011 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.950083971 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:22.950117111 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.950139046 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:22.950170994 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:22.950180054 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.950350046 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:22.950359106 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.950613022 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:22.950670958 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:23.436800003 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:23.436846972 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:23.436868906 CEST	49733	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:23.436877966 CEST	443	49733	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:29.033220053 CEST	443	49722	172.217.23.100	192.168.2.7
Oct 1, 2024 15:52:29.033307076 CEST	443	49722	172.217.23.100	192.168.2.7
Oct 1, 2024 15:52:29.033437967 CEST	49722	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:52:29.251418114 CEST	49722	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:52:29.251465082 CEST	443	49722	172.217.23.100	192.168.2.7
Oct 1, 2024 15:52:30.843527079 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 1, 2024 15:52:59.998991013 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:59.999063969 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:52:59.999138117 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:59.999552011 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:52:59.999568939 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:00.770829916 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:00.770922899 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:53:00.774473906 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:53:00.774492979 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:00.774697065 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:00.780525923 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:53:00.823404074 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:01.091680050 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:01.091701031 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:01.091716051 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:01.091798067 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:53:01.091821909 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:01.091876030 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:53:01.093204021 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:01.093240023 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:01.093266010 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:53:01.093272924 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:01.093285084 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:01.093317986 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:53:01.093343019 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:53:01.095515966 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:53:01.095530987 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:01.095573902 CEST	49739	443	192.168.2.7	4.245.163.56
Oct 1, 2024 15:53:01.095578909 CEST	443	49739	4.245.163.56	192.168.2.7
Oct 1, 2024 15:53:04.636651993 CEST	443	49735	104.98.116.138	192.168.2.7
Oct 1, 2024 15:53:04.636826992 CEST	49735	443	192.168.2.7	104.98.116.138
Oct 1, 2024 15:53:18.494569063 CEST	49741	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:53:18.494677067 CEST	443	49741	172.217.23.100	192.168.2.7
Oct 1, 2024 15:53:18.494877100 CEST	49741	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:53:18.494980097 CEST	49741	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:53:18.495004892 CEST	443	49741	172.217.23.100	192.168.2.7
Oct 1, 2024 15:53:19.196099043 CEST	443	49741	172.217.23.100	192.168.2.7
Oct 1, 2024 15:53:19.196449995 CEST	49741	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:53:19.196513891 CEST	443	49741	172.217.23.100	192.168.2.7
Oct 1, 2024 15:53:19.196821928 CEST	443	49741	172.217.23.100	192.168.2.7
Oct 1, 2024 15:53:19.198014975 CEST	49741	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:53:19.198082924 CEST	443	49741	172.217.23.100	192.168.2.7
Oct 1, 2024 15:53:19.250051975 CEST	49741	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:53:29.064644098 CEST	443	49741	172.217.23.100	192.168.2.7
Oct 1, 2024 15:53:29.064718962 CEST	443	49741	172.217.23.100	192.168.2.7
Oct 1, 2024 15:53:29.064796925 CEST	49741	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:53:29.264688015 CEST	49741	443	192.168.2.7	172.217.23.100
Oct 1, 2024 15:53:29.264722109 CEST	443	49741	172.217.23.100	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 15:52:13.763132095 CEST	123	123	192.168.2.7	20.101.57.9
Oct 1, 2024 15:52:13.931880951 CEST	123	123	20.101.57.9	192.168.2.7
Oct 1, 2024 15:52:14.288038015 CEST	53411	53	192.168.2.7	1.1.1.1
Oct 1, 2024 15:52:14.288228035 CEST	51996	53	192.168.2.7	1.1.1.1
Oct 1, 2024 15:52:14.296662092 CEST	53	63429	1.1.1.1	192.168.2.7
Oct 1, 2024 15:52:14.301645994 CEST	53	53411	1.1.1.1	192.168.2.7
Oct 1, 2024 15:52:14.301759958 CEST	53	51996	1.1.1.1	192.168.2.7
Oct 1, 2024 15:52:14.488543034 CEST	53	63574	1.1.1.1	192.168.2.7
Oct 1, 2024 15:52:15.467648983 CEST	53	52631	1.1.1.1	192.168.2.7
Oct 1, 2024 15:52:16.188770056 CEST	60168	53	192.168.2.7	1.1.1.1
Oct 1, 2024 15:52:16.188901901 CEST	63439	53	192.168.2.7	1.1.1.1
Oct 1, 2024 15:52:17.708614111 CEST	54389	53	192.168.2.7	1.1.1.1
Oct 1, 2024 15:52:17.709002018 CEST	59839	53	192.168.2.7	1.1.1.1
Oct 1, 2024 15:52:17.722223043 CEST	53	59839	1.1.1.1	192.168.2.7
Oct 1, 2024 15:52:17.739773035 CEST	53	59373	1.1.1.1	192.168.2.7
Oct 1, 2024 15:52:17.744489908 CEST	53	54389	1.1.1.1	192.168.2.7
Oct 1, 2024 15:52:18.433073044 CEST	55951	53	192.168.2.7	1.1.1.1
Oct 1, 2024 15:52:18.433245897 CEST	65048	53	192.168.2.7	1.1.1.1
Oct 1, 2024 15:52:18.440608978 CEST	53	65048	1.1.1.1	192.168.2.7
Oct 1, 2024 15:52:18.440675974 CEST	53	55951	1.1.1.1	192.168.2.7
Oct 1, 2024 15:52:32.525648117 CEST	53	58076	1.1.1.1	192.168.2.7
Oct 1, 2024 15:52:51.430145979 CEST	53	62884	1.1.1.1	192.168.2.7
Oct 1, 2024 15:53:07.868175983 CEST	138	138	192.168.2.7	192.168.2.255
Oct 1, 2024 15:53:13.791142941 CEST	53	51605	1.1.1.1	192.168.2.7
Oct 1, 2024 15:53:13.979068995 CEST	53	53808	1.1.1.1	192.168.2.7
Oct 1, 2024 15:53:41.882994890 CEST	53	53065	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 1, 2024 15:52:14.288038015 CEST	192.168.2.7	1.1.1.1	0x2dde	Standard query (0)	www.baremetalsoft.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 15:52:14.288228035 CEST	192.168.2.7	1.1.1.1	0xb2cd	Standard query (0)	www.baremetalsoft.com	65	IN (0x0001)	false
Oct 1, 2024 15:52:16.188770056 CEST	192.168.2.7	1.1.1.1	0xf673	Standard query (0)	www.worldpay.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 15:52:16.188901901 CEST	192.168.2.7	1.1.1.1	0x673f	Standard query (0)	www.worldpay.com	65	IN (0x0001)	false
Oct 1, 2024 15:52:17.708614111 CEST	192.168.2.7	1.1.1.1	0x9fc1	Standard query (0)	www.baremetalsoft.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 15:52:17.709002018 CEST	192.168.2.7	1.1.1.1	0x5119	Standard query (0)	www.baremetalsoft.com	65	IN (0x0001)	false
Oct 1, 2024 15:52:18.433073044 CEST	192.168.2.7	1.1.1.1	0x7456	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 15:52:18.433245897 CEST	192.168.2.7	1.1.1.1	0x92fb	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 1, 2024 15:52:14.301645994 CEST	1.1.1.1	192.168.2.7	0x2dde	No error (0)	www.baremetalsoft.com	baremetalsoft.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 15:52:14.301645994 CEST	1.1.1.1	192.168.2.7	0x2dde	No error (0)	baremetalsoft.com		68.178.230.213	A (IP address)	IN (0x0001)	false
Oct 1, 2024 15:52:14.301759958 CEST	1.1.1.1	192.168.2.7	0xb2cd	No error (0)	www.baremetalsoft.com	baremetalsoft.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 15:52:16.219521046 CEST	1.1.1.1	192.168.2.7	0xf673	No error (0)	www.worldpay.com	www.worldpay.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 15:52:16.221446991 CEST	1.1.1.1	192.168.2.7	0x673f	No error (0)	www.worldpay.com	www.worldpay.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 15:52:17.722223043 CEST	1.1.1.1	192.168.2.7	0x5119	No error (0)	www.baremetalsoft.com	baremetalsoft.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 15:52:17.744489908 CEST	1.1.1.1	192.168.2.7	0x9fc1	No error (0)	www.baremetalsoft.com	baremetalsoft.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 15:52:17.744489908 CEST	1.1.1.1	192.168.2.7	0x9fc1	No error (0)	baremetalsoft.com		68.178.230.213	A (IP address)	IN (0x0001)	false
Oct 1, 2024 15:52:18.440608978 CEST	1.1.1.1	192.168.2.7	0x92fb	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 1, 2024 15:52:18.440675974 CEST	1.1.1.1	192.168.2.7	0x7456	No error (0)	www.google.com		172.217.23.100	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.baremetalsoft.com

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49699	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:15 UTC	713	OUT	GET /register/?app=BareTail&ver=3.50a&build=2006-11-02 HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:16 UTC	234	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:15 GMT Server: Apache X-Powered-By: PHP/5.6.40 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-10-01 13:52:16 UTC	7958	IN	Data Raw: 32 30 33 31 0d 0a 3c 68 74 6d 6c 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 74 69 74 6c 65 3e 42 61 72 65 20 4d 65 74 61 6c 20 53 6f 66 74 77 61 72 65 20 26 67 74 3b 20 52 65 67 69 73 74 72 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 72 65 6d 65 74 61 6c 73 6f 66 74 2e 63 6f 6d 2f 73 74 79 6c 65 2e 63 73 73 27 3e 0d 0a 09 3c 2f 68 65 61 64 3e 0d 0a 09 3c 62 6f 64 79 3e 0d 0a 09 09 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 27 31 30 30 25 27 20 62 6f 72 64 65 72 3d 27 30 27 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 27 30 27 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 27 36 27 3e 0d 0a Data Ascii: 2031<html><head><title>Bare Metal Software > Registration</title><link rel='stylesheet' type='text/css' href='https://www.baremetalsoft.com/style.css'></head><body><table width='100%' border='0' cellspacing='0' cellpadding='6'>
2024-10-01 13:52:16 UTC	289	IN	Data Raw: 68 3d 27 32 30 25 27 20 61 6c 69 67 6e 3d 27 6c 65 66 74 27 20 3e 0d 0a 09 09 3c 70 3e 0d 0a 09 09 09 26 6e 62 73 70 3b 26 6e 62 73 70 3b 0d 0a 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 27 72 61 64 69 6f 27 20 6e 61 6d 65 3d 27 6c 69 63 65 6e 63 65 5f 74 79 70 65 27 20 76 61 6c 75 65 3d 27 42 61 72 65 54 61 69 6c 50 72 6f 7c 31 30 27 20 3e 0d 0a 09 09 09 09 09 09 24 55 53 20 31 37 35 09 09 09 09 09 3c 2f 70 3e 0d 0a 09 3c 2f 74 64 3e 0d 0a 09 09 09 09 09 3c 74 64 20 77 69 64 74 68 3d 27 32 30 25 27 20 61 6c 69 67 6e 3d 27 6c 65 66 74 27 20 3e 0d 0a 09 09 3c 70 3e 0d 0a 09 09 09 26 6e 62 73 70 3b 26 6e 62 73 70 3b 0d 0a 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 27 72 61 64 69 6f 27 20 6e 61 6d 65 3d 27 6c 69 63 65 6e 63 65 5f 74 79 70 65 27 20 76 61 Data Ascii: h='20%' align='left' ><p>  <input type='radio' name='licence_type' value='BareTailPro\|10' >$US 175</p></td><td width='20%' align='left' ><p>  <input type='radio' name='licence_type' va
2024-10-01 13:52:16 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-10-01 13:52:16 UTC	7317	IN	Data Raw: 31 63 38 38 0d 0a 31 37 35 09 09 09 09 09 3c 2f 70 3e 0d 0a 09 3c 2f 74 64 3e 0d 0a 09 09 09 09 09 3c 74 64 20 77 69 64 74 68 3d 27 32 30 25 27 20 61 6c 69 67 6e 3d 27 6c 65 66 74 27 20 3e 0d 0a 09 09 3c 70 3e 0d 0a 09 09 09 26 6e 62 73 70 3b 26 6e 62 73 70 3b 0d 0a 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 27 72 61 64 69 6f 27 20 6e 61 6d 65 3d 27 6c 69 63 65 6e 63 65 5f 74 79 70 65 27 20 76 61 6c 75 65 3d 27 42 61 72 65 54 61 69 6c 7c 31 30 27 20 3e 0d 0a 09 09 09 09 09 09 24 55 53 20 31 32 35 09 09 09 09 09 3c 2f 70 3e 0d 0a 09 3c 2f 74 64 3e 0d 0a 09 09 09 09 09 3c 74 64 20 77 69 64 74 68 3d 27 32 30 25 27 20 61 6c 69 67 6e 3d 27 6c 65 66 74 27 20 3e 0d 0a 09 09 3c 70 3e 0d 0a 09 09 09 26 6e 62 73 70 3b 26 6e 62 73 70 3b 0d 0a 09 09 09 3c 69 6e 70 Data Ascii: 1c88175</p></td><td width='20%' align='left' ><p>  <input type='radio' name='licence_type' value='BareTail\|10' >$US 125</p></td><td width='20%' align='left' ><p>  <inp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49707	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:17 UTC	599	OUT	GET /style.css HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:17 UTC	289	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:17 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:10:10 GMT ETag: "14e0b5f-503-5320244d9c880" Accept-Ranges: bytes Content-Length: 1283 Vary: Accept-Encoding Content-Type: text/css
2024-10-01 13:52:17 UTC	1283	IN	Data Raw: 62 6f 64 79 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 7d 0d 0a 0d 0a 68 31 2c 20 68 32 2c 20 68 33 2c 20 68 34 2c 20 68 35 2c 20 68 36 0d 0a 7b 0d 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 38 30 3b 0d 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 65 6d 3b 0d 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 2e 35 65 6d 3b 0d 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 34 2e 35 70 74 3b 0d 0a 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 34 2e 35 70 74 3b 0d 0a 09 70 61 64 64 69 6e Data Ascii: body{margin: 0;padding: 0;font-family: verdana,arial,sans-serif;}h1, h2, h3, h4, h5, h6{font-family: arial,sans-serif;color: #000080;margin-top: 1em;margin-bottom: 0.5em;margin-left: 4.5pt;margin-right: 4.5pt;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49706	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:17 UTC	666	OUT	GET /register/poweredByWorldPay.gif HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:17 UTC	267	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:17 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:52 GMT ETag: "15408da-576-5320243c72000" Accept-Ranges: bytes Content-Length: 1398 Content-Type: image/gif
2024-10-01 13:52:17 UTC	1398	IN	Data Raw: 47 49 46 38 39 61 8b 00 21 00 d5 00 00 ff ff ff ef f7 f8 f3 f1 f7 df ef f1 e6 e3 ef cf e7 ea da d5 e7 bf df e3 ce c7 df af d7 dc b7 cb db 9f d0 d6 c2 b9 d7 b5 b5 ce 8f c8 cf b5 ab d0 7f c0 c8 9e af cb 87 b4 c6 a5 a3 c9 a9 9d c8 70 b8 c1 92 a1 c3 9d 8f c0 63 ad b5 64 aa b9 50 a9 b4 91 81 b8 40 a1 ad 44 9b ac 81 7a b2 85 73 b0 30 99 a6 6e 78 ab 78 65 a9 20 91 9f 23 8b 9e 61 6a a4 10 89 98 6c 57 a1 00 81 91 5c 50 9a 23 6a 93 60 49 99 07 75 8f 0b 6f 8e 0f 69 8d 16 5c 8b 54 3b 91 3c 40 8c 25 44 87 44 34 8a 47 2d 89 30 31 84 3b 1f 81 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 04 14 00 ff 00 2c 00 00 00 00 8b 00 21 00 00 06 ff 40 80 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 5e 05 08 2f Data Ascii: GIF89a!pcdP@Dzs0nxxe #ajlW\P#j`Iuoi\T;<@%DD4G-01;!,!@pH,rl:tJZv^/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49705	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:17 UTC	656	OUT	GET /baremetalsoftcom.gif HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:17 UTC	268	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:17 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:44 GMT ETag: "14e1dbb-192d-53202434d0e00" Accept-Ranges: bytes Content-Length: 6445 Content-Type: image/gif
2024-10-01 13:52:17 UTC	6445	IN	Data Raw: 47 49 46 38 39 61 96 00 32 00 e7 00 00 02 02 02 26 26 1a 3a 3a 2a 8e 8e 82 ea ea e0 c2 c2 aa 0a 0a 0a 16 16 16 de de ca 46 46 46 1e 1e 1d 9d 9d 8e 2e 2e 9e 02 02 66 da da c6 26 26 92 52 52 52 aa aa 9a d6 d6 c9 12 12 8a 22 22 22 f6 f6 de 02 02 87 1e 1e 8e 42 42 42 b6 b6 ac d2 d2 c2 66 66 66 de de d2 72 72 5a 02 02 5d 3a 3a 9f ce ce c0 de de de 02 02 82 2a 2a 1e ba ba aa 7a 7a 6a 4a 4a 4a ca ca b0 da da ee de de e5 ea ea ea 02 02 72 f6 f6 e6 22 22 12 2e 2e 22 d2 d2 ea f2 f2 e6 fa fa ec 82 82 7a 06 06 87 d6 d6 ea c6 c6 b6 ce ce e9 e2 e2 e3 1d 1d 0f ae ae 9e be be b6 32 32 9a 06 06 82 16 16 8a e2 e2 ea ca ca e5 0a 0a 86 36 36 2a 46 46 a2 ee ee ee da da e3 0f 0f 02 86 86 7a a3 a3 94 c6 c6 e4 0e 0e 86 fa fa f2 0e 0e 0e 96 96 86 f2 f2 ec d6 d6 cf d2 d2 d2 22 22 Data Ascii: GIF89a2&&::FFF..f&&RRR"""BBBfffrrZ]::zzjJJJr"".."z2266FFz""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49710	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:17 UTC	664	OUT	GET /baretailpro/BareTailPro2.gif HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:17 UTC	267	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:17 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:47 GMT ETag: "14e0b16-6db-53202437ad4c0" Accept-Ranges: bytes Content-Length: 1755 Content-Type: image/gif
2024-10-01 13:52:17 UTC	1755	IN	Data Raw: 47 49 46 38 39 61 26 00 29 00 e7 00 00 ee ee ee ed ed ed ec ec ec eb eb eb ea ea ea e9 e9 e9 e8 e8 e8 e7 e7 e7 80 80 80 e0 e0 e0 df df df e1 e1 e1 e4 e4 e4 c0 c0 c0 d0 d0 d0 d2 d2 d2 d5 d5 d5 da da da e3 e3 e3 00 00 00 bd bd bd c4 c4 c4 ca ca ca e5 e5 e5 e2 e2 e2 aa aa aa b5 b5 b5 c1 c1 c1 cb cb cb dc dc dc dd dd dd d9 d9 d9 de de de e6 e6 e6 9a 9a 9a a8 a8 a8 b7 b7 b7 cf cf cf cc cc cc ce ce ce d3 d3 d3 bb bb bb b8 b8 b8 b9 b9 b9 be be be c7 c7 c7 a3 a3 a3 a1 a1 a1 a4 a4 a4 ac ac ac c8 c8 c8 d6 d6 d6 87 87 87 8d 8d 8d bf bf bf d1 d1 d1 6b 6b 6b 6e 6e 6e 78 78 78 8a 8a 8a a0 a0 a0 db db db 51 51 51 57 57 57 66 66 66 7d 7d 7d 98 98 98 b2 b2 b2 c9 c9 c9 3b 3b 3b 46 46 46 59 59 59 73 73 73 91 91 91 ae ae ae c6 c6 c6 d8 d8 d8 2b 2b 2b 39 39 39 50 50 50 6d 6d Data Ascii: GIF89a&)kkknnnxxxQQQWWWfff}}};;;FFFYYYsss+++999PPPmm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49708	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:17 UTC	664	OUT	GET /baregreppro/BareGrepPro2.gif HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:17 UTC	267	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:17 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:44 GMT ETag: "1540767-6f2-53202434d0e00" Accept-Ranges: bytes Content-Length: 1778 Content-Type: image/gif
2024-10-01 13:52:17 UTC	1778	IN	Data Raw: 47 49 46 38 39 61 26 00 29 00 e7 00 00 ee ee ee ed ed ed eb eb eb ea ea ea e8 e8 e8 e7 e7 e7 e5 e5 e5 e4 e4 e4 e6 e6 e6 e9 e9 e9 ec ec ec 80 80 80 d9 d9 d9 db db db dd dd dd e0 e0 e0 e2 e2 e2 c0 c0 c0 00 00 00 ca ca ca cd cd cd d2 d2 d2 d7 d7 d7 b6 b6 b6 be be be c6 c6 c6 d0 d0 d0 d8 d8 d8 ff ff ff a4 a4 a4 b0 b0 b0 bd bd bd d5 d5 d5 de de de 95 95 95 a6 a6 a6 d3 d3 d3 ff ff 00 8c 8c 8c a0 a0 a0 b4 b4 b4 c5 c5 c5 87 87 87 9e 9e 9e d4 d4 d4 df df df e3 e3 e3 6e 6e 6e c9 c9 c9 e1 e1 e1 ff bf 00 56 56 56 70 70 70 bc bc bc cf cf cf dc dc dc 43 43 43 5b 5b 5b 77 77 77 94 94 94 af af af d6 d6 d6 00 ff 00 33 33 33 4a 4a 4a 66 66 66 85 85 85 a3 a3 a3 27 27 27 3d 3d 3d 59 59 59 79 79 79 9a 9a 9a 20 20 20 35 35 35 50 50 50 92 92 92 b1 b1 b1 da da da 1c 1c 1c 2f 2f Data Ascii: GIF89a&)nnnVVVpppCCC[[[www333JJJfff'''===YYYyyy 555PPP//

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49709	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:17 UTC	658	OUT	GET /baretail/BareTail2.gif HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:17 UTC	267	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:17 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:44 GMT ETag: "154091f-6af-53202434d0e00" Accept-Ranges: bytes Content-Length: 1711 Content-Type: image/gif
2024-10-01 13:52:17 UTC	1711	IN	Data Raw: 47 49 46 38 39 61 26 00 29 00 e7 00 00 ee ee ee ed ed ed ec ec ec eb eb eb ea ea ea e9 e9 e9 e8 e8 e8 e7 e7 e7 80 80 80 e0 e0 e0 df df df e1 e1 e1 e4 e4 e4 c0 c0 c0 d0 d0 d0 d2 d2 d2 d5 d5 d5 da da da e3 e3 e3 00 00 00 bd bd bd c4 c4 c4 ca ca ca e5 e5 e5 e2 e2 e2 aa aa aa b5 b5 b5 c1 c1 c1 cb cb cb dc dc dc dd dd dd d9 d9 d9 de de de e6 e6 e6 9a 9a 9a a8 a8 a8 b7 b7 b7 cf cf cf cc cc cc ce ce ce d3 d3 d3 bb bb bb b8 b8 b8 b9 b9 b9 be be be c7 c7 c7 a3 a3 a3 a1 a1 a1 a4 a4 a4 ac ac ac c8 c8 c8 d6 d6 d6 87 87 87 8d 8d 8d bf bf bf d1 d1 d1 6b 6b 6b 6e 6e 6e 78 78 78 8a 8a 8a a0 a0 a0 db db db 51 51 51 57 57 57 66 66 66 7d 7d 7d 98 98 98 b2 b2 b2 c9 c9 c9 3b 3b 3b 46 46 46 59 59 59 73 73 73 91 91 91 ae ae ae c6 c6 c6 d8 d8 d8 2b 2b 2b 39 39 39 50 50 50 6d 6d Data Ascii: GIF89a&)kkknnnxxxQQQWWWfff}}};;;FFFYYYsss+++999PPPmm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49715	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:18 UTC	658	OUT	GET /baregrep/BareGrep2.gif HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:19 UTC	267	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:19 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:41 GMT ETag: "1540ae2-6df-53202431f4740" Accept-Ranges: bytes Content-Length: 1759 Content-Type: image/gif
2024-10-01 13:52:19 UTC	1759	IN	Data Raw: 47 49 46 38 39 61 26 00 29 00 e7 00 00 ee ee ee ed ed ed eb eb eb ea ea ea e8 e8 e8 e7 e7 e7 e5 e5 e5 e4 e4 e4 e6 e6 e6 e9 e9 e9 ec ec ec 80 80 80 d9 d9 d9 db db db dd dd dd e0 e0 e0 e2 e2 e2 c0 c0 c0 00 00 00 ca ca ca cd cd cd d2 d2 d2 d7 d7 d7 b6 b6 b6 be be be c6 c6 c6 d0 d0 d0 d8 d8 d8 ff ff ff a4 a4 a4 b0 b0 b0 bd bd bd d5 d5 d5 de de de 95 95 95 a6 a6 a6 d3 d3 d3 8c 8c 8c a0 a0 a0 b4 b4 b4 c5 c5 c5 87 87 87 9e 9e 9e d4 d4 d4 df df df e3 e3 e3 6e 6e 6e c9 c9 c9 e1 e1 e1 56 56 56 70 70 70 bc bc bc cf cf cf dc dc dc 43 43 43 5b 5b 5b 77 77 77 94 94 94 af af af d6 d6 d6 00 ff 00 33 33 33 4a 4a 4a 66 66 66 85 85 85 a3 a3 a3 27 27 27 3d 3d 3d 59 59 59 79 79 79 9a 9a 9a 20 20 20 35 35 35 50 50 50 92 92 92 b1 b1 b1 da da da 1c 1c 1c 2f 2f 2f 6b 6b 6b 8d 8d Data Ascii: GIF89a&)nnnVVVpppCCC[[[www333JJJfff'''===YYYyyy 555PPP///kkk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49719	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:18 UTC	375	OUT	GET /register/poweredByWorldPay.gif HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:19 UTC	267	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:19 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:52 GMT ETag: "15408da-576-5320243c72000" Accept-Ranges: bytes Content-Length: 1398 Content-Type: image/gif
2024-10-01 13:52:19 UTC	1398	IN	Data Raw: 47 49 46 38 39 61 8b 00 21 00 d5 00 00 ff ff ff ef f7 f8 f3 f1 f7 df ef f1 e6 e3 ef cf e7 ea da d5 e7 bf df e3 ce c7 df af d7 dc b7 cb db 9f d0 d6 c2 b9 d7 b5 b5 ce 8f c8 cf b5 ab d0 7f c0 c8 9e af cb 87 b4 c6 a5 a3 c9 a9 9d c8 70 b8 c1 92 a1 c3 9d 8f c0 63 ad b5 64 aa b9 50 a9 b4 91 81 b8 40 a1 ad 44 9b ac 81 7a b2 85 73 b0 30 99 a6 6e 78 ab 78 65 a9 20 91 9f 23 8b 9e 61 6a a4 10 89 98 6c 57 a1 00 81 91 5c 50 9a 23 6a 93 60 49 99 07 75 8f 0b 6f 8e 0f 69 8d 16 5c 8b 54 3b 91 3c 40 8c 25 44 87 44 34 8a 47 2d 89 30 31 84 3b 1f 81 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 04 14 00 ff 00 2c 00 00 00 00 8b 00 21 00 00 06 ff 40 80 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 5e 05 08 2f Data Ascii: GIF89a!pcdP@Dzs0nxxe #ajlW\P#j`Iuoi\T;<@%DD4G-01;!,!@pH,rl:tJZv^/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49720	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:18 UTC	365	OUT	GET /baremetalsoftcom.gif HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:19 UTC	268	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:19 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:44 GMT ETag: "14e1dbb-192d-53202434d0e00" Accept-Ranges: bytes Content-Length: 6445 Content-Type: image/gif
2024-10-01 13:52:19 UTC	6445	IN	Data Raw: 47 49 46 38 39 61 96 00 32 00 e7 00 00 02 02 02 26 26 1a 3a 3a 2a 8e 8e 82 ea ea e0 c2 c2 aa 0a 0a 0a 16 16 16 de de ca 46 46 46 1e 1e 1d 9d 9d 8e 2e 2e 9e 02 02 66 da da c6 26 26 92 52 52 52 aa aa 9a d6 d6 c9 12 12 8a 22 22 22 f6 f6 de 02 02 87 1e 1e 8e 42 42 42 b6 b6 ac d2 d2 c2 66 66 66 de de d2 72 72 5a 02 02 5d 3a 3a 9f ce ce c0 de de de 02 02 82 2a 2a 1e ba ba aa 7a 7a 6a 4a 4a 4a ca ca b0 da da ee de de e5 ea ea ea 02 02 72 f6 f6 e6 22 22 12 2e 2e 22 d2 d2 ea f2 f2 e6 fa fa ec 82 82 7a 06 06 87 d6 d6 ea c6 c6 b6 ce ce e9 e2 e2 e3 1d 1d 0f ae ae 9e be be b6 32 32 9a 06 06 82 16 16 8a e2 e2 ea ca ca e5 0a 0a 86 36 36 2a 46 46 a2 ee ee ee da da e3 0f 0f 02 86 86 7a a3 a3 94 c6 c6 e4 0e 0e 86 fa fa f2 0e 0e 0e 96 96 86 f2 f2 ec d6 d6 cf d2 d2 d2 22 22 Data Ascii: GIF89a2&&::FFF..f&&RRR"""BBBfffrrZ]::zzjJJJr"".."z2266FFz""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49721	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:18 UTC	373	OUT	GET /baregreppro/BareGrepPro2.gif HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:19 UTC	267	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:19 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:44 GMT ETag: "1540767-6f2-53202434d0e00" Accept-Ranges: bytes Content-Length: 1778 Content-Type: image/gif
2024-10-01 13:52:19 UTC	1778	IN	Data Raw: 47 49 46 38 39 61 26 00 29 00 e7 00 00 ee ee ee ed ed ed eb eb eb ea ea ea e8 e8 e8 e7 e7 e7 e5 e5 e5 e4 e4 e4 e6 e6 e6 e9 e9 e9 ec ec ec 80 80 80 d9 d9 d9 db db db dd dd dd e0 e0 e0 e2 e2 e2 c0 c0 c0 00 00 00 ca ca ca cd cd cd d2 d2 d2 d7 d7 d7 b6 b6 b6 be be be c6 c6 c6 d0 d0 d0 d8 d8 d8 ff ff ff a4 a4 a4 b0 b0 b0 bd bd bd d5 d5 d5 de de de 95 95 95 a6 a6 a6 d3 d3 d3 ff ff 00 8c 8c 8c a0 a0 a0 b4 b4 b4 c5 c5 c5 87 87 87 9e 9e 9e d4 d4 d4 df df df e3 e3 e3 6e 6e 6e c9 c9 c9 e1 e1 e1 ff bf 00 56 56 56 70 70 70 bc bc bc cf cf cf dc dc dc 43 43 43 5b 5b 5b 77 77 77 94 94 94 af af af d6 d6 d6 00 ff 00 33 33 33 4a 4a 4a 66 66 66 85 85 85 a3 a3 a3 27 27 27 3d 3d 3d 59 59 59 79 79 79 9a 9a 9a 20 20 20 35 35 35 50 50 50 92 92 92 b1 b1 b1 da da da 1c 1c 1c 2f 2f Data Ascii: GIF89a&)nnnVVVpppCCC[[[www333JJJfff'''===YYYyyy 555PPP//

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49717	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:18 UTC	373	OUT	GET /baretailpro/BareTailPro2.gif HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:19 UTC	267	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:19 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:47 GMT ETag: "14e0b16-6db-53202437ad4c0" Accept-Ranges: bytes Content-Length: 1755 Content-Type: image/gif
2024-10-01 13:52:19 UTC	1755	IN	Data Raw: 47 49 46 38 39 61 26 00 29 00 e7 00 00 ee ee ee ed ed ed ec ec ec eb eb eb ea ea ea e9 e9 e9 e8 e8 e8 e7 e7 e7 80 80 80 e0 e0 e0 df df df e1 e1 e1 e4 e4 e4 c0 c0 c0 d0 d0 d0 d2 d2 d2 d5 d5 d5 da da da e3 e3 e3 00 00 00 bd bd bd c4 c4 c4 ca ca ca e5 e5 e5 e2 e2 e2 aa aa aa b5 b5 b5 c1 c1 c1 cb cb cb dc dc dc dd dd dd d9 d9 d9 de de de e6 e6 e6 9a 9a 9a a8 a8 a8 b7 b7 b7 cf cf cf cc cc cc ce ce ce d3 d3 d3 bb bb bb b8 b8 b8 b9 b9 b9 be be be c7 c7 c7 a3 a3 a3 a1 a1 a1 a4 a4 a4 ac ac ac c8 c8 c8 d6 d6 d6 87 87 87 8d 8d 8d bf bf bf d1 d1 d1 6b 6b 6b 6e 6e 6e 78 78 78 8a 8a 8a a0 a0 a0 db db db 51 51 51 57 57 57 66 66 66 7d 7d 7d 98 98 98 b2 b2 b2 c9 c9 c9 3b 3b 3b 46 46 46 59 59 59 73 73 73 91 91 91 ae ae ae c6 c6 c6 d8 d8 d8 2b 2b 2b 39 39 39 50 50 50 6d 6d Data Ascii: GIF89a&)kkknnnxxxQQQWWWfff}}};;;FFFYYYsss+++999PPPmm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49718	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:18 UTC	367	OUT	GET /baretail/BareTail2.gif HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:19 UTC	267	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:19 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:44 GMT ETag: "154091f-6af-53202434d0e00" Accept-Ranges: bytes Content-Length: 1711 Content-Type: image/gif
2024-10-01 13:52:19 UTC	1711	IN	Data Raw: 47 49 46 38 39 61 26 00 29 00 e7 00 00 ee ee ee ed ed ed ec ec ec eb eb eb ea ea ea e9 e9 e9 e8 e8 e8 e7 e7 e7 80 80 80 e0 e0 e0 df df df e1 e1 e1 e4 e4 e4 c0 c0 c0 d0 d0 d0 d2 d2 d2 d5 d5 d5 da da da e3 e3 e3 00 00 00 bd bd bd c4 c4 c4 ca ca ca e5 e5 e5 e2 e2 e2 aa aa aa b5 b5 b5 c1 c1 c1 cb cb cb dc dc dc dd dd dd d9 d9 d9 de de de e6 e6 e6 9a 9a 9a a8 a8 a8 b7 b7 b7 cf cf cf cc cc cc ce ce ce d3 d3 d3 bb bb bb b8 b8 b8 b9 b9 b9 be be be c7 c7 c7 a3 a3 a3 a1 a1 a1 a4 a4 a4 ac ac ac c8 c8 c8 d6 d6 d6 87 87 87 8d 8d 8d bf bf bf d1 d1 d1 6b 6b 6b 6e 6e 6e 78 78 78 8a 8a 8a a0 a0 a0 db db db 51 51 51 57 57 57 66 66 66 7d 7d 7d 98 98 98 b2 b2 b2 c9 c9 c9 3b 3b 3b 46 46 46 59 59 59 73 73 73 91 91 91 ae ae ae c6 c6 c6 d8 d8 d8 2b 2b 2b 39 39 39 50 50 50 6d 6d Data Ascii: GIF89a&)kkknnnxxxQQQWWWfff}}};;;FFFYYYsss+++999PPPmm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49714	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:18 UTC	738	OUT	GET /stats.php?request_uri=%2Fregister%2F%3Fapp%3DBareTail%26ver%3D3.50a%26build%3D2006-11-02&http_referer= HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:19 UTC	431	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:19 GMT Server: Apache X-Powered-By: PHP/5.6.40 Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-disposition: inline Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 01 Oct 2024 13:52:19 GMT Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: image/gif
2024-10-01 13:52:19 UTC	819	IN	Data Raw: 33 32 37 0d 0a 47 49 46 38 37 61 01 00 01 00 f7 00 00 00 00 00 80 00 00 00 80 00 80 80 00 00 00 80 80 00 80 00 80 80 c0 c0 c0 c0 dc c0 a6 ca f0 40 20 00 60 20 00 80 20 00 a0 20 00 c0 20 00 e0 20 00 00 40 00 20 40 00 40 40 00 60 40 00 80 40 00 a0 40 00 c0 40 00 e0 40 00 00 60 00 20 60 00 40 60 00 60 60 00 80 60 00 a0 60 00 c0 60 00 e0 60 00 00 80 00 20 80 00 40 80 00 60 80 00 80 80 00 a0 80 00 c0 80 00 e0 80 00 00 a0 00 20 a0 00 40 a0 00 60 a0 00 80 a0 00 a0 a0 00 c0 a0 00 e0 a0 00 00 c0 00 20 c0 00 40 c0 00 60 c0 00 80 c0 00 a0 c0 00 c0 c0 00 e0 c0 00 00 e0 00 20 e0 00 40 e0 00 60 e0 00 80 e0 00 a0 e0 00 c0 e0 00 e0 e0 00 00 00 40 20 00 40 40 00 40 60 00 40 80 00 40 a0 00 40 c0 00 40 e0 00 40 00 20 40 20 20 40 40 20 40 60 20 40 80 20 40 a0 20 40 c0 20 40 Data Ascii: 327GIF87a@ ` @ @@@`@@@@@` `@``````` @` @` @` @`@ @@@`@@@@@ @ @@ @` @ @ @ @

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49724	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:20 UTC	647	OUT	GET /favicon.ico HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:21 UTC	292	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:21 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:52 GMT ETag: "14e0b10-13e-5320243c72000" Accept-Ranges: bytes Content-Length: 318 Vary: Accept-Encoding Content-Type: image/x-icon
2024-10-01 13:52:21 UTC	318	IN	Data Raw: 00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 80 80 80 00 c0 c0 c0 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00 00 00 00 00 00 00 00 f8 88 70 f8 88 08 80 07 08 88 87 08 88 70 f0 08 88 70 88 88 70 87 00 08 87 0f 88 87 0f 88 80 08 80 88 88 80 88 88 80 08 88 88 08 88 88 08 80 00 f8 88 70 f8 88 70 f0 07 08 88 87 08 88 87 00 08 88 70 88 88 70 88 80 08 87 0f 88 87 0f 88 80 08 80 88 88 80 88 88 80 08 88 88 08 88 88 08 80 00 f8 88 70 f8 88 70 f0 07 08 88 87 08 88 87 00 00 00 00 00 00 00 00 00 00 Data Ascii: (( pppppppppp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49725	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:20 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 13:52:20 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=183210 Date: Tue, 01 Oct 2024 13:52:20 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49727	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:20 UTC	447	OUT	GET /stats.php?request_uri=%2Fregister%2F%3Fapp%3DBareTail%26ver%3D3.50a%26build%3D2006-11-02&http_referer= HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:21 UTC	431	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:21 GMT Server: Apache X-Powered-By: PHP/5.6.40 Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-disposition: inline Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 01 Oct 2024 13:52:21 GMT Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: image/gif
2024-10-01 13:52:21 UTC	819	IN	Data Raw: 33 32 37 0d 0a 47 49 46 38 37 61 01 00 01 00 f7 00 00 00 00 00 80 00 00 00 80 00 80 80 00 00 00 80 80 00 80 00 80 80 c0 c0 c0 c0 dc c0 a6 ca f0 40 20 00 60 20 00 80 20 00 a0 20 00 c0 20 00 e0 20 00 00 40 00 20 40 00 40 40 00 60 40 00 80 40 00 a0 40 00 c0 40 00 e0 40 00 00 60 00 20 60 00 40 60 00 60 60 00 80 60 00 a0 60 00 c0 60 00 e0 60 00 00 80 00 20 80 00 40 80 00 60 80 00 80 80 00 a0 80 00 c0 80 00 e0 80 00 00 a0 00 20 a0 00 40 a0 00 60 a0 00 80 a0 00 a0 a0 00 c0 a0 00 e0 a0 00 00 c0 00 20 c0 00 40 c0 00 60 c0 00 80 c0 00 a0 c0 00 c0 c0 00 e0 c0 00 00 e0 00 20 e0 00 40 e0 00 60 e0 00 80 e0 00 a0 e0 00 c0 e0 00 e0 e0 00 00 00 40 20 00 40 40 00 40 60 00 40 80 00 40 a0 00 40 c0 00 40 e0 00 40 00 20 40 20 20 40 40 20 40 60 20 40 80 20 40 a0 20 40 c0 20 40 Data Ascii: 327GIF87a@ ` @ @@@`@@@@@` `@``````` @` @` @` @`@ @@@`@@@@@ @ @@ @` @ @ @ @

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49726	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:20 UTC	367	OUT	GET /baregrep/BareGrep2.gif HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:21 UTC	267	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:21 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:41 GMT ETag: "1540ae2-6df-53202431f4740" Accept-Ranges: bytes Content-Length: 1759 Content-Type: image/gif
2024-10-01 13:52:21 UTC	1759	IN	Data Raw: 47 49 46 38 39 61 26 00 29 00 e7 00 00 ee ee ee ed ed ed eb eb eb ea ea ea e8 e8 e8 e7 e7 e7 e5 e5 e5 e4 e4 e4 e6 e6 e6 e9 e9 e9 ec ec ec 80 80 80 d9 d9 d9 db db db dd dd dd e0 e0 e0 e2 e2 e2 c0 c0 c0 00 00 00 ca ca ca cd cd cd d2 d2 d2 d7 d7 d7 b6 b6 b6 be be be c6 c6 c6 d0 d0 d0 d8 d8 d8 ff ff ff a4 a4 a4 b0 b0 b0 bd bd bd d5 d5 d5 de de de 95 95 95 a6 a6 a6 d3 d3 d3 8c 8c 8c a0 a0 a0 b4 b4 b4 c5 c5 c5 87 87 87 9e 9e 9e d4 d4 d4 df df df e3 e3 e3 6e 6e 6e c9 c9 c9 e1 e1 e1 56 56 56 70 70 70 bc bc bc cf cf cf dc dc dc 43 43 43 5b 5b 5b 77 77 77 94 94 94 af af af d6 d6 d6 00 ff 00 33 33 33 4a 4a 4a 66 66 66 85 85 85 a3 a3 a3 27 27 27 3d 3d 3d 59 59 59 79 79 79 9a 9a 9a 20 20 20 35 35 35 50 50 50 92 92 92 b1 b1 b1 da da da 1c 1c 1c 2f 2f 2f 6b 6b 6b 8d 8d Data Ascii: GIF89a&)nnnVVVpppCCC[[[www333JJJfff'''===YYYyyy 555PPP///kkk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49732	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:22 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 13:52:22 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=183152 Date: Tue, 01 Oct 2024 13:52:22 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-01 13:52:22 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49734	68.178.230.213	443	8128	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:22 UTC	356	OUT	GET /favicon.ico HTTP/1.1 Host: www.baremetalsoft.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 13:52:22 UTC	292	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 13:52:22 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 04 May 2016 11:09:52 GMT ETag: "14e0b10-13e-5320243c72000" Accept-Ranges: bytes Content-Length: 318 Vary: Accept-Encoding Content-Type: image/x-icon
2024-10-01 13:52:22 UTC	318	IN	Data Raw: 00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 80 80 80 00 c0 c0 c0 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00 00 00 00 00 00 00 00 f8 88 70 f8 88 08 80 07 08 88 87 08 88 70 f0 08 88 70 88 88 70 87 00 08 87 0f 88 87 0f 88 80 08 80 88 88 80 88 88 80 08 88 88 08 88 88 08 80 00 f8 88 70 f8 88 70 f0 07 08 88 87 08 88 87 00 08 88 70 88 88 70 88 80 08 87 0f 88 87 0f 88 80 08 80 88 88 80 88 88 80 08 88 88 08 88 88 08 80 00 f8 88 70 f8 88 70 f0 07 08 88 87 08 88 87 00 00 00 00 00 00 00 00 00 00 Data Ascii: (( pppppppppp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49733	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:52:22 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BDulGu1zv6d6dbs&MD=ORCsMFdb HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-01 13:52:22 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 2e7d85f3-3161-47ea-83f9-8279815ac2ec MS-RequestId: 769cc3ad-e36e-43de-9445-0f3af330fa7b MS-CV: 5UhHSEdlBkCNVzXg.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 01 Oct 2024 13:52:22 GMT Connection: close Content-Length: 24490
2024-10-01 13:52:22 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-01 13:52:22 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49739	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 13:53:00 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BDulGu1zv6d6dbs&MD=ORCsMFdb HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-01 13:53:01 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: fe64ebdd-5b74-49c5-b962-7ab922ca3876 MS-RequestId: 2e7fd808-dc1b-4ec5-be51-db98a782af5a MS-CV: kI8P+PsMuEyzFO0B.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 01 Oct 2024 13:52:59 GMT Connection: close Content-Length: 30005
2024-10-01 13:53:01 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-01 13:53:01 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	09:52:03
Start date:	01/10/2024
Path:	C:\Users\user\Desktop\baretail.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\baretail.exe"
Imagebase:	0x400000
File size:	225'280 bytes
MD5 hash:	F3E7A015C1D541528085D3F9581AB41F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	09:52:11
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	09:52:12
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2116,i,5249147098069161101,3948763448879149394,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report baretail.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Windows Analysis Report
baretail.exe